process control system automation standard (pl723). c1 pl723 rev 4.0... · process control system...
TRANSCRIPT
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 1 of 363
PROCESS CONTROL SYSTEM
AUTOMATION STANDARD
(PL723)
Rev 04
[DRAFT]
DOCUMENT APPROVAL PROCESS
NAME POSITION/MEETING NO. SIGNATURE DATE
Originator: Chris Murray TPL MC&I Dept.
Approver: Alan R Parsons MC&I Manager
Original date: 01 April 2017
Effective date: 01 April 2017
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 2 of 363
Page 2 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
APPROVAL
RESPONSIBILITY DESIGNATION SIGNATURE DATE
Designation :
COMPILED BY
(Latest Amendment)
MC&I Dept 1 Feb 2017
Name :
C Murray
ACCEPTED BY
Designation :
MC&I Specialist
Name:
Emmanuel Khangale
Designation :
MC&I Specialist
Name:
Edwin Narothan
Designation :
MC&I Specialist
Name:
Vasu Govender
APPROVED BY
Designation :
MC&I Manager
Name:
Alan Parsons
Designation :
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 3 of 363
Page 3 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
DOCUMENT CHANGE HISTORY:
The owner of this document is responsible for the revision and control of the document, including
updating of the table below, which contains the history of the document with details of each revision.
Date Previous
Rev No.
New
Rev No.
Details of Revision
3 July 1999 - 0.0 Document distributed for comment.
3 Aug 1999 0.0 0.1 Document distributed for approval.
10 Mar 2002 0.1 0.8 SCADA section added, document reformatted and submitted to Transnet Pipelines for comment.
1 Sep 2002 0.8 1.0 Document approved by Transnet Pipelines.
1 Jun 2003 1.0 1.1 Document reformatted. Cross Reference added to end of document.
20 Feb 2005 1.1 1.2 Launcher & LP Routing Group Description expanded.
3 Apr 2006 1.2 2.0
Document separated into an Automation Standard, defining Transnet Pipelines requirements, and an LSX Automation EDS, which details the practical implementation of the LSX Control System.
18 Jun 2007 2.0 2.1 Detail amended to reflect current practise. Mainline VSD device/groups added. Line Control and Reporting sections added.
22 Jul 2008 2.1 2.2 MCC Reporting section updated. Issued as a FEED Document for the NMPP Project.
4 Dec 2008 2.2 2.3a NMPP requirements added. Submitted for TPL Approval.
4 Mar 2009 2.3a 2.3b Data from Part 1Rev 1.2 added.
Comments received for Rev 2.3a added.
26 Mar 2009 2.3b 2.3c Update to include ABB ACS1000 detail, Machine Monitoring detail.
31 Mar 2009 2.3c 2.3d Review Workshop: TPL, Uhde, Siemens.
1 Dec 2009 2.3d 3.0 Issued as baseline document for NMPP Project.
1 Sep 2014 3.0 3.1 Document formatting revised. PCS7 Requirements added.
1 Mar 2017 3.1 4.0 Document revised in accordance with TPL-TECH-I-C-STD-014 Rev 03 (Segregated Process Control & Custody Metering
Systems – Requirements Concept) Philosophies.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 4 of 363
Page 4 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
TABLE OF CONTENTS
1 INTRODUCTION ................................................................................................................... 18
1.1 Purpose ....................................................................................................................... 18 1.2 Scope .......................................................................................................................... 18
1.2.1 Requirements Included............................................................................................ 18
1.2.2 Requirements Excluded ........................................................................................... 18 1.2.3 Process Control System Constraints .......................................................................... 19
1.3 Document Usage .......................................................................................................... 19
1.4 Abbreviations ............................................................................................................... 19 1.5 Station Abbreviations .................................................................................................... 22
2 APPLICABLE DOCUMENTS .................................................................................................... 23
2.1 TPL Applicable Specifications and Standards .................................................................. 23
2.2 Other Applicable Specifications and Standards ............................................................... 23 2.3 Reference Documentation ............................................................................................. 23
3 PROCESS CONTROL OVERVIEW ............................................................................................ 25
3.1 Stations ....................................................................................................................... 25
3.1.1 Intake stations ........................................................................................................ 25 3.1.2 Pump stations ......................................................................................................... 25
3.1.3 Delivery stations ..................................................................................................... 25
3.1.4 Terminal Facilities ................................................................................................... 25
3.1.5 Remote Block Valve Chambers ................................................................................. 26
3.2 Tele-Control Facilities ................................................................................................... 26
3.2.1 Mainline Pump and Motor Sets (HP Manifold) ............................................................ 26 3.2.2 Receivers (HP Manifold) .......................................................................................... 26
3.2.3 Launchers (HP Manifold) ......................................................................................... 27
3.2.4 Sump Injection Facilities (HP Manifold) ..................................................................... 27
3.2.5 Interface Handling Control Facilities (HP Manifold) .................................................... 27
3.2.6 Lube Oil Facilities. ................................................................................................... 27
3.2.7 Purge Air Facilities................................................................................................... 27
3.2.8 Pressurisation Facilities ............................................................................................ 28
3.2.9 Delivery Facilities (LP Manifold) ................................................................................ 28
3.2.10 Intake Facilities (LP Manifold) .................................................................................. 28
3.2.11 Prover Loop Facilities (LP Manifold) .......................................................................... 28
3.2.12 Intermixture Handling Facilities (LP Manifold) ........................................................... 28
3.2.13 Accumulator Tank Facilities (LP Manifold) ................................................................. 28 3.2.14 Booster Pump Spillback Control facilities ................................................................... 29
4 DEFINITIONS AND CONCEPTS .............................................................................................. 30
4.1 Typographic Conventions .............................................................................................. 30
4.2 Device ......................................................................................................................... 30
4.2.1 Device Fault............................................................................................................ 30
4.2.2 Device Available ...................................................................................................... 30
4.2.3 Open OR Wirebreak ................................................................................................ 31 4.2.4 Closed OR Wirebreak .............................................................................................. 31
4.3 Device Group ............................................................................................................... 31
4.3.1 Group Available ...................................................................................................... 31
4.3.2 Group Ready .......................................................................................................... 31 4.3.3 Sequence Fault ....................................................................................................... 31
4.3.4 Group Flow-path ..................................................................................................... 32
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 5 of 363
Page 5 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
4.3.5 Group Flushing ....................................................................................................... 32
4.4 Control Modes (Overview) ............................................................................................. 32
4.4.1 Modes of Control ..................................................................................................... 33 4.4.2 Mode of Operation .................................................................................................. 33
4.5 Route Definitions .......................................................................................................... 34
4.6 Interlocks .................................................................................................................... 35 4.7 Switching definitions ..................................................................................................... 36
4.8 General........................................................................................................................ 36
4.9 Sequence Control ......................................................................................................... 36
4.9.1 Sequence Control Matrix .......................................................................................... 36
4.9.2 Sequences .............................................................................................................. 37
5 GENERAL CONTROL PHILOSOPHY - DEVICES ........................................................................ 42
6 GENERAL CONTROL PHILOSOPHY – DEVICE GROUPS ............................................................ 43
6.1 Introduction ................................................................................................................. 43
6.2 Receiver Device Group .................................................................................................. 44
6.2.1 Group Description ................................................................................................... 44
6.2.2 Modes of Control ..................................................................................................... 45
6.2.3 Modes of Operation ................................................................................................. 46
6.2.4 Group Functionality ................................................................................................. 46
6.2.5 Group Availability .................................................................................................... 51
6.2.6 Group Status .......................................................................................................... 52
6.2.7 Group Interlocks ..................................................................................................... 53
6.2.8 Failure Modes ......................................................................................................... 53
6.2.9 Graphic Representation ........................................................................................... 53 6.3 Launcher ..................................................................................................................... 54
6.3.1 Group Description ................................................................................................... 54
6.3.2 Modes of Control ..................................................................................................... 55
6.3.3 Modes of Operation ................................................................................................. 55
6.3.4 Group Functionality ................................................................................................. 56
6.3.5 Group Availability .................................................................................................... 61
6.3.6 Group Status .......................................................................................................... 61
6.3.7 Additional Device Alarms ......................................................................................... 62
6.3.8 Group Interlocks ..................................................................................................... 62 6.3.9 Failure modes ......................................................................................................... 63
6.3.10 Graphic Representation ........................................................................................... 63
6.4 Launcher Interface Handling ......................................................................................... 64
6.4.1 Group Description ................................................................................................... 64
6.4.2 Modes of Control ..................................................................................................... 64
6.4.3 Modes of Operation ................................................................................................. 64
6.4.4 Group Functionality ................................................................................................. 64 6.4.5 Group Availability .................................................................................................... 67
6.4.6 Group Status .......................................................................................................... 67
6.4.7 Group Interlocks ..................................................................................................... 67 6.4.8 Failure modes ......................................................................................................... 67
6.4.9 Graphic Representation ........................................................................................... 68
6.5 MV Booster Pump Sets – DOL ....................................................................................... 69 6.5.1 Group Description ................................................................................................... 69
6.5.2 Modes of Control ..................................................................................................... 71
6.5.3 Modes of Operation ................................................................................................. 71 6.5.4 Group Functionality ................................................................................................. 71
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 6 of 363
Page 6 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.5.5 Group Availability .................................................................................................... 73
6.5.6 Group Status .......................................................................................................... 74
6.5.7 Additional Device Alarms ......................................................................................... 75 6.5.8 Group Interlocks ..................................................................................................... 75
6.5.9 Failure Modes ......................................................................................................... 76
6.5.10 Graphic Representation ........................................................................................... 76 6.6 Booster Pump Bxx Flow Control ..................................................................................... 77
6.6.1 Group Description ................................................................................................... 77
6.6.2 Modes of Control ..................................................................................................... 77
6.6.3 Modes of Operation ................................................................................................. 77
6.6.4 Group Functionality ................................................................................................. 77
6.6.5 Spillback control ...................................................................................................... 77 6.6.6 Group Availability .................................................................................................... 78
6.6.7 Group Status .......................................................................................................... 79
6.6.8 Additional Device Alarms ......................................................................................... 79
6.6.9 Group Interlocks ..................................................................................................... 79
6.6.10 Failure Modes ......................................................................................................... 79
6.6.11 Graphic Representation ........................................................................................... 79
6.7 MV Mainline Pump Sets – DOL (Series Configuration) ..................................................... 80
6.7.1 Group Description ................................................................................................... 80
6.7.2 Modes of Control ..................................................................................................... 81
6.7.3 Modes of Operation ................................................................................................. 81
6.7.4 Group Functionality ................................................................................................. 81
6.7.5 Group Availability .................................................................................................... 85 6.7.6 Group Status .......................................................................................................... 86
6.7.7 Additional Device Alarms ......................................................................................... 86
6.7.8 Group Interlocks ..................................................................................................... 86
6.7.9 Failure Modes ......................................................................................................... 89
6.7.10 Graphic Representation ........................................................................................... 89
6.8 MV Mainline Pump Sets – VSD (Parallel Configuration) .................................................... 90 6.8.1 Group Description ................................................................................................... 90
6.8.2 Modes of Control ..................................................................................................... 93
6.8.3 Modes of Operation ................................................................................................. 93 6.8.4 Group Functionality ................................................................................................. 93
6.8.5 Group Availability .................................................................................................... 98
6.8.6 Group Status .......................................................................................................... 98
6.8.7 Group Interlocks ..................................................................................................... 99
6.8.8 Failure Modes ....................................................................................................... 101
6.8.9 Graphic Representation ......................................................................................... 101
6.9 MV Mainline Pump Sets – VSD (Crude Booster Stations) ............................................... 102 6.9.1 Group Description ................................................................................................. 102
6.9.2 Modes of Control ................................................................................................... 103
6.9.3 Modes of Operation ............................................................................................... 103
6.9.4 Group Functionality ............................................................................................... 103
6.9.5 Group Availability .................................................................................................. 106
6.9.6 Group Status ........................................................................................................ 107 6.9.7 Group Interlocks ................................................................................................... 107
6.9.8 Failure Modes ....................................................................................................... 109
6.9.9 Graphic Representation ......................................................................................... 109 6.10 Lube Oil System – 24” MPP Stations ............................................................................ 110
6.10.1 Group Description ................................................................................................. 110
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 7 of 363
Page 7 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.10.2 Modes of Control ................................................................................................... 110
6.10.3 Modes of Operation ............................................................................................... 111
6.10.4 Group Functionality ............................................................................................... 111 6.10.5 Group Availability .................................................................................................. 115
6.10.6 Group Status ........................................................................................................ 115
6.10.7 Group Interlocks ................................................................................................... 116 6.10.8 Failure Modes ....................................................................................................... 117
6.10.9 Graphic Representation ......................................................................................... 117
6.11 Lube Oil System – RPP & COP Stations ........................................................................ 118
6.11.1 Group Description ................................................................................................. 118
6.11.2 Modes of Control ................................................................................................... 118
6.11.3 Modes of Operation ............................................................................................... 118 6.11.4 Group Functionality ............................................................................................... 118
6.11.5 Group Availability .................................................................................................. 119
6.11.6 Group Status ........................................................................................................ 119
6.11.7 Additional Device Alarms ....................................................................................... 119
6.11.8 Group Interlocks ................................................................................................... 119
6.11.9 Graphic Representation ......................................................................................... 120
6.12 HP Routing ................................................................................................................ 121
6.12.1 Group Description ................................................................................................. 121
6.12.2 Modes of Control ................................................................................................... 121
6.12.3 Modes of Operation ............................................................................................... 122
6.12.4 Group Functionality ............................................................................................... 122
6.12.5 Group Availability .................................................................................................. 127 6.12.6 Group Status ........................................................................................................ 127
6.12.7 Additional Device Alarms ....................................................................................... 128
6.12.8 Group Interlocks ................................................................................................... 128
6.12.9 Failure Modes ....................................................................................................... 128
6.12.10 Graphic Representation ...................................................................................... 128
6.13 Dual Strainers ............................................................................................................ 129 6.13.1 Group Description ................................................................................................. 129
6.13.2 Modes of Control ................................................................................................... 129
6.13.3 Modes of Operation ............................................................................................... 129 6.13.4 Group Functionality ............................................................................................... 129
6.13.5 Group Availability .................................................................................................. 133
6.13.6 Group Status ........................................................................................................ 134
6.13.7 Group Interlocks ................................................................................................... 135
6.13.8 Failure modes ....................................................................................................... 135
6.13.9 Graphic Representation ......................................................................................... 135
6.14 Flow Control – HP Application ..................................................................................... 136 6.14.1 Group Description ................................................................................................. 136
6.14.2 Modes of Control ................................................................................................... 136
6.14.3 Modes of Operation ............................................................................................... 136
6.14.4 Group Functionality ............................................................................................... 136
6.14.5 Group Availability .................................................................................................. 137
6.14.6 Group Status ........................................................................................................ 138 6.14.7 Additional Device Alarms ....................................................................................... 138
6.14.8 Group Interlocks ................................................................................................... 138
6.14.9 Failure Modes ....................................................................................................... 138 6.14.10 Graphic Representation ...................................................................................... 138
6.15 Duty and Speed Control .............................................................................................. 139
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 8 of 363
Page 8 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.15.1 Group Description ................................................................................................. 139
6.15.2 Modes of Control ................................................................................................... 140
6.15.3 Modes of Operation ............................................................................................... 140 6.15.4 Group Functionality ............................................................................................... 141
6.15.5 Device Group Availability ....................................................................................... 153
6.15.6 Inter-PLC Communication ...................................................................................... 153 6.15.7 Actions in Event of Communication Failure ............................................................. 154
6.15.8 Event Strategies .................................................................................................... 154
6.15.9 Alarm Strategies ................................................................................................... 156
6.15.10 Interlocking Strategies ....................................................................................... 157
6.15.11 Graphic Representation ...................................................................................... 157
6.16 Safety Instrumented System (Line Over-pressure Protection) ........................................ 159 6.16.1 Group Description ................................................................................................. 159
6.16.2 Modes of Control ................................................................................................... 160
6.16.3 Modes of Operation ............................................................................................... 160
6.16.4 Group Functionality ............................................................................................... 160
6.16.5 Group Availability .................................................................................................. 162
6.16.6 Group Status ........................................................................................................ 162
6.16.7 Group Interlocks ................................................................................................... 163
6.16.8 Failure Modes ....................................................................................................... 164
6.16.9 Graphic Representation ......................................................................................... 164
6.17 Sumps and Intermix Transfer ...................................................................................... 165
6.17.1 Group Description ................................................................................................. 165
6.17.2 Modes of Control ................................................................................................... 165 6.17.3 Modes of Operation ............................................................................................... 165
6.17.4 Group Functionality ............................................................................................... 165
6.17.5 Group Availability .................................................................................................. 167
6.17.6 Route availability................................................................................................... 167
6.17.7 Group Status ........................................................................................................ 167
6.17.8 Additional Device Alarms ....................................................................................... 167 6.17.9 Group Interlocks ................................................................................................... 168
6.17.10 Graphic Representation ...................................................................................... 168
6.18 Road Loading ............................................................................................................. 169 6.18.1 Group Description ................................................................................................. 169
6.18.2 Modes of Control ................................................................................................... 169
6.18.3 Modes of Operation ............................................................................................... 169
6.18.4 Group Functionality ............................................................................................... 169
6.18.5 Group Availability .................................................................................................. 170
6.18.6 Group Status ........................................................................................................ 170
6.18.7 Group Interlocks ................................................................................................... 171 6.18.8 Failure Modes ....................................................................................................... 171
6.18.9 Graphic Representation ......................................................................................... 171
6.19 Road & Rail Loading ................................................................................................... 172
6.19.1 Group Description ................................................................................................. 172
6.19.2 Modes of Control ................................................................................................... 174
6.19.3 Modes of Operation ............................................................................................... 174 6.19.4 Group Functionality ............................................................................................... 175
6.19.5 Group Availability .................................................................................................. 175
6.19.6 Group Status ........................................................................................................ 176 6.19.7 Group Interlocks ................................................................................................... 176
6.19.8 Failure Modes ....................................................................................................... 177
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 9 of 363
Page 9 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.19.9 Graphic Representation ......................................................................................... 177
6.20 Sump Injection (Venturi) ............................................................................................ 178
6.20.1 Group Description ................................................................................................. 178 6.20.2 Modes of Control ................................................................................................... 178
6.20.3 Modes of Operation ............................................................................................... 178
6.20.4 Group Functionality ............................................................................................... 179 6.20.5 Group Availability .................................................................................................. 180
6.20.6 Group Status ........................................................................................................ 180
6.20.7 Additional Device Alarms ....................................................................................... 180
6.20.8 Group Interlocks ................................................................................................... 180
6.20.9 Graphic Representation ......................................................................................... 181
6.21 Purge Air Fans – RPP & COP Stations .......................................................................... 182 6.21.1 Group Description ................................................................................................. 182
6.21.2 Modes of Control ................................................................................................... 182
6.21.3 Modes of Operation ............................................................................................... 182
6.21.4 Group Functionality ............................................................................................... 182
6.21.5 Group Availability .................................................................................................. 183
6.21.6 Group Status ........................................................................................................ 183
6.21.7 Additional Device Alarms ....................................................................................... 183
6.21.8 Group Interlocks ................................................................................................... 183
6.21.9 Graphic Representation ......................................................................................... 184
6.22 Ventilation Fans – 24” MPP Stations ............................................................................ 185
6.22.1 Group Description ................................................................................................. 185
6.22.2 Modes of Control ................................................................................................... 185 6.22.3 Modes of Operation ............................................................................................... 185
6.22.4 Group Functionality ............................................................................................... 186
6.22.5 Group Availability .................................................................................................. 187
6.22.6 Group Status ........................................................................................................ 187
6.22.7 Group Interlocks ................................................................................................... 188
6.22.8 Failure Modes ....................................................................................................... 188 6.22.9 Inter-PLC Communications Interface ...................................................................... 188
6.22.10 Graphic Representation ...................................................................................... 188
6.23 Pressurisation Fans - RPP Stations ............................................................................... 189 6.23.1 Group Description ................................................................................................. 189
6.23.2 Modes of Control ................................................................................................... 189
6.23.3 Modes of Operation ............................................................................................... 189
6.23.4 Group Functionality ............................................................................................... 189
6.23.5 Group Availability .................................................................................................. 190
6.23.6 Group Status ........................................................................................................ 190
6.23.7 Additional Device Alarms ....................................................................................... 190 6.23.8 Group Interlocks ................................................................................................... 190
6.23.9 Graphic Representation ......................................................................................... 191
6.24 Inhibitor & DRA Injection ............................................................................................ 192
6.24.1 Group Description ................................................................................................. 192
6.24.2 Modes of Control ................................................................................................... 192
6.24.3 Modes of Operation ............................................................................................... 193 6.24.4 Group Functionality ............................................................................................... 193
6.24.5 Group Availability .................................................................................................. 194
6.24.6 Group Status ........................................................................................................ 194 6.24.7 Additional Device Alarms ....................................................................................... 195
6.24.8 Group Interlocks ................................................................................................... 195
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 10 of 363
Page 10 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.24.9 Graphic Representation ......................................................................................... 195
6.25 General...................................................................................................................... 196
6.25.1 Group Description ................................................................................................. 196 6.25.2 Modes of Control ................................................................................................... 197
6.25.3 Modes of Operation ............................................................................................... 197
6.25.4 Group Functionality ............................................................................................... 197 6.25.5 Group Availability .................................................................................................. 198
6.25.6 Group Status ........................................................................................................ 198
6.25.7 Group Interlocks ................................................................................................... 198
6.25.8 Failure Modes ....................................................................................................... 199
6.25.9 Graphic Representation ......................................................................................... 199
6.26 Electrical Distribution .................................................................................................. 200 6.26.1 Group Description ................................................................................................. 200
6.26.2 Modes of Control ................................................................................................... 202
6.26.3 Modes of Operation ............................................................................................... 202
6.26.4 Group Functionality ............................................................................................... 202
6.26.5 Group Availability .................................................................................................. 202
6.26.6 Group Status ........................................................................................................ 202
6.26.7 Group Interlocks ................................................................................................... 203
6.26.8 Graphic Representation ......................................................................................... 203
6.27 MV Generator Sets ..................................................................................................... 204
6.27.1 Group Description ................................................................................................. 204
6.27.2 Modes of Control ................................................................................................... 204
6.27.3 Modes of Operation ............................................................................................... 205 6.27.4 Group Functionality ............................................................................................... 205
6.27.5 Group Availability .................................................................................................. 207
6.27.6 Group Status ........................................................................................................ 207
6.27.7 Group Interlocks ................................................................................................... 207
6.27.8 Graphic Representation ......................................................................................... 207
6.28 MV Generator Diesel Supply ........................................................................................ 208 6.28.1 Group Description ................................................................................................. 208
6.28.2 Modes of Control ................................................................................................... 208
6.28.3 Modes of Operation ............................................................................................... 208 6.28.4 Group Functionality ............................................................................................... 209
6.28.5 Group Availability .................................................................................................. 211
6.28.6 Group Status ........................................................................................................ 212
6.28.7 Group Interlocks ................................................................................................... 212
6.28.8 Failure Modes ....................................................................................................... 213
6.28.9 Graphic Representation ......................................................................................... 213
6.29 MV Generator Diesel Offloading ................................................................................... 214 6.29.1 Group Description ................................................................................................. 214
6.29.2 Modes of Control ................................................................................................... 214
6.29.3 Modes of Operation ............................................................................................... 214
6.29.4 Group Functionality ............................................................................................... 215
6.29.5 Group Availability .................................................................................................. 215
6.29.6 Group Status ........................................................................................................ 216 6.29.7 Group Interlocks ................................................................................................... 216
6.29.8 Graphic Representation ......................................................................................... 217
6.30 LP Routing – General .................................................................................................. 218 6.30.1 Group Description ................................................................................................. 218
6.30.2 Modes of Control ................................................................................................... 218
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 11 of 363
Page 11 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.30.3 Modes of Operation ............................................................................................... 218
6.30.4 Group Functionality ............................................................................................... 219
6.30.5 Group Availability .................................................................................................. 219 6.30.6 Group Status ........................................................................................................ 219
6.30.7 Group Interlocks ................................................................................................... 220
6.30.8 Graphic Representation ......................................................................................... 220 6.31 LP Routing - Product .................................................................................................. 221
6.31.1 Group Description ................................................................................................. 221
6.31.2 Modes of Control ................................................................................................... 223
6.31.3 Modes of Operation ............................................................................................... 223
6.31.4 Group Functionality ............................................................................................... 223
6.31.5 Route Availability .................................................................................................. 231 6.31.6 Group Status ........................................................................................................ 231
6.31.7 Group Interlocks ................................................................................................... 232
6.31.8 Failure Modes ....................................................................................................... 233
6.31.9 Graphic Representation ......................................................................................... 233
6.33 Flow Control – LP Application ...................................................................................... 234
6.33.1 Group Description ................................................................................................. 234
6.33.2 Modes of Control ................................................................................................... 234
6.33.3 Modes of Operation ............................................................................................... 234
6.33.4 Group Functionality ............................................................................................... 234
6.33.5 Group Availability .................................................................................................. 235
6.33.6 Group Status ........................................................................................................ 236
6.33.7 Additional Device Alarms ....................................................................................... 236 6.33.8 Group Interlocks ................................................................................................... 236
6.33.9 Failure Modes ....................................................................................................... 236
6.33.10 Graphic Representation ...................................................................................... 236
6.34 Tank Farms ................................................................................................................ 237
6.34.1 Group Description ................................................................................................. 237
6.34.2 Modes of Control ................................................................................................... 238 6.34.3 Modes of Operation ............................................................................................... 238
6.34.4 Group Functionality ............................................................................................... 238
6.34.5 Group Availability .................................................................................................. 242 6.34.6 Group Status ........................................................................................................ 242
6.34.7 Additional Device Alarms ....................................................................................... 243
6.34.8 Group Interlocks ................................................................................................... 243
6.34.9 Graphic Representation ......................................................................................... 244
6.35 Safety Instrumented System (Tank Overfill Protection) ................................................. 245
6.35.1 Group Description ................................................................................................. 245
6.35.2 Modes of Control ................................................................................................... 245 6.35.3 Modes of Operation ............................................................................................... 245
6.35.4 Group Functionality ............................................................................................... 245
6.35.5 Group Availability .................................................................................................. 248
6.35.6 Group Status ........................................................................................................ 248
6.35.7 Additional Device Alarms ....................................................................................... 249
6.35.8 Group Interlocks ................................................................................................... 249 6.35.9 Failure Modes ....................................................................................................... 250
6.35.10 Graphic Representation ...................................................................................... 250
6.36 Prover ....................................................................................................................... 251 6.36.1 Group Description ................................................................................................. 251
6.36.2 Modes of Control ................................................................................................... 252
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 12 of 363
Page 12 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.36.3 Modes of Operation ............................................................................................... 252
6.36.4 Group Functionality ............................................................................................... 252
6.36.5 Group Availability .................................................................................................. 258 6.36.6 Group Status ........................................................................................................ 260
6.36.7 Additional Device Alarms ....................................................................................... 261
6.36.8 Interlocking Strategies .......................................................................................... 261 6.36.9 Graphic Representation ......................................................................................... 261
6.37 Intermix Blend Control ................................................................................................ 262
6.37.1 Group Description ................................................................................................. 262
6.37.2 Modes of Control ................................................................................................... 262
6.37.3 Modes of Operation ............................................................................................... 262
6.37.4 Group Functionality ............................................................................................... 262 6.37.5 Group Availability .................................................................................................. 268
6.37.6 Group Status Indications ....................................................................................... 269
6.37.7 Group Interlocks ................................................................................................... 269
6.37.8 Failure Modes ....................................................................................................... 269
6.37.9 Graphic Representation ......................................................................................... 269
6.38 System Diagnostics .................................................................................................... 270
6.38.1 Group Description ................................................................................................. 270
6.38.2 Modes of Control ................................................................................................... 271
6.38.3 Modes of Operation ............................................................................................... 271
6.38.4 Group Functionality ............................................................................................... 271
6.38.5 Device Group Availability ....................................................................................... 275
6.38.6 Group Status ........................................................................................................ 275 6.38.7 Group Events ........................................................................................................ 275
6.38.8 Group Alarms ........................................................................................................ 276
6.38.9 Interlocking Strategies .......................................................................................... 276
6.38.10 Graphic Representation ...................................................................................... 276
6.39 Station Sequences ...................................................................................................... 277
6.39.1 Introduction.......................................................................................................... 277 6.39.2 Modes of Control ................................................................................................... 278
6.39.3 Modes of Operation ............................................................................................... 278
6.39.4 Group Functionality ............................................................................................... 278 6.39.5 Group Availability .................................................................................................. 282
6.39.6 Station Offline Sequence Availability ....................................................................... 282
6.39.7 Station Isolation Sequence Availability .................................................................... 283
6.39.8 Station Flush Sequence Availability ......................................................................... 283
6.39.9 Pump Set P01-P03 Flush Sequence Availability ........................................................ 283
6.39.10 Group Status ..................................................................................................... 284
6.39.11 Interlocking Strategies ....................................................................................... 284
7 APPENDICES ...................................................................................................................... 285
7.1 Appendix A: Flow Compensation ................................................................................. 285
7.1.1 Description ........................................................................................................... 285
7.1.2 Graphic Representation ......................................................................................... 286 7.2 Appendix B: Sequence Flowcharts & Tables ................................................................. 287
7.2.1 Receiver Device Group .......................................................................................... 288
7.2.2 Launcher Device Group ......................................................................................... 289 7.2.3 MV Booster Pump Device Group ............................................................................. 290
7.2.4 MV Mainline Pump Set Device Group - DOL ............................................................ 291
7.2.5 MV Mainline Pump Set Device Group – VSD (24” MPP) ............................................ 293
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 13 of 363
Page 13 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
7.2.6 MV Mainline Pump Set Device Group – VSD (Crude) ................................................ 296
7.2.7 Lube Oil Device Group (24” MPP Stations) .............................................................. 298
7.2.8 HP Routing Device Group ...................................................................................... 300 7.2.9 Sump & Intermix Transfer Device Group ................................................................ 301
7.2.10 Sump Injection Device Group (Venturi) .................................................................. 302
7.2.11 Inhibitor/DRA Injection Device Group ..................................................................... 303 7.2.12 LP Routing – Product Device Group ........................................................................ 304
7.2.13 Prover Device Group ............................................................................................. 315
7.2.14 Intermix Blend Device Group ................................................................................. 319
7.2.15 Station Sequences................................................................................................. 321
7.3 Comment Resolution .................................................................................................. 325
7.4 DOCUMENT CHANGE HISTORY: .................................................................................. 326 Total Pages 326
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 14 of 363
Page 14 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Table of Figures
Figure 4.3-1: Group Flow-path logic ..................................................................................................... 32 Figure 4.9-1: Typical Matrix Status Indications ..................................................................................... 37 Figure 4.9-2: Typical Sequence Matrix for Intermix Blend & Transfer .................................................. 37 Figure 4.9-3: SFC Legend..................................................................................................................... 38 Figure 4.9-4: Alternative Branch ........................................................................................................... 39 Figure 4.9-5: Simultaneous Branch ...................................................................................................... 40 Figure 4.9-6: Abort on error................................................................................................................... 40 Figure 4.9-7: Continue on Error ............................................................................................................ 41 Figure 6.2-1: Functional Layout of the Receiver R01 ........................................................................... 45 Figure 6.3-1: Functional Layout of the Launcher .................................................................................. 55 Figure 6.6-1: Booster pump Bxx spillback - Flow Control Schematic ................................................... 78 Figure 6.13-1: Dual Strainer (LP Intake) Control Logic ....................................................................... 133 Figure 6.14-1: Flow Control – HP Application ..................................................................................... 137 Figure 6.15-1: Control Methodology ................................................................................................... 139 Figure 6.15-2: Simplified Pump Station Control Methodology ............................................................ 140 Figure 6.15-3: Duty Controller Loop .................................................................................................... 142 Figure 6.15-4: Duty Controller Faceplate ............................................................................................ 143 Figure 6.15-5: Duty Controller Faceplate ............................................................................................ 144 Figure 6.15-6: Speed Controller Loop ................................................................................................. 147 Figure 6.15-7 Drive Controller Loop .................................................................................................... 151 Figure 9.2.1 – Road and Rail Loading (Diesel) ................................................................................... 174 Figure 6.29-1: Typical LP Product Routing Manifold Layout (Intake Station) ..................................... 222 Figure 6.29-2: Typical LP Product Routing Manifold Layout (Delivery Station) .................................. 222 Figure 6.31-1: Flow Control – LP Application ..................................................................................... 235 Figure 7.2-1 – Receiver R01 Online Sequence .................................................................................. 288 Figure 7.2-2: Receiver R01 Offline Sequence .................................................................................... 288 Figure 7.2-3: Launcher L01 Online Sequence .................................................................................... 289 Figure 7.2-4: Launcher L01 Offline Sequence .................................................................................... 289 Figure 7.2-5: Booster Pump Set B01 Online sequence ...................................................................... 290 Figure 7.2-6: Booster Pump Set B01 Offline sequence ...................................................................... 291 Figure 7.2-7: MV Mainline Pump Set P01 Online Sequence .............................................................. 291 Figure 7.2-8: MV Mainline Pump Set P01 Set Offline Sequence ....................................................... 292 Figure 7.2-9: MV Mainline Pump Set P01 Flush Sequence ............................................................... 292 Figure 7.2-10: MV Mainline Pump Set P01 Line-Up Sequence.......................................................... 293 Figure 7.2-11: MV Mainline Pump Set P01 Online Sequence ............................................................ 294 Figure 7.2-12: MV Mainline Pump Set P01 Offline Sequence ............................................................ 294 Figure 7.2-13: MV Mainline Pump Set P01 Flush Sequence ............................................................. 295 Figure 7.2-14: MV Mainline Pump Set P01 Line-Up Sequence.......................................................... 296 Figure 7.2-15: MV Mainline Pump Set P01 Online Sequence ............................................................ 296 Figure 7.2-16: MV Mainline Pump Set P01 Set Offline Sequence ..................................................... 297 Figure 7.2-17: Lube Oil Online Sequence ........................................................................................... 298 Figure 7.2-18: Lube Oil Offline Sequence ........................................................................................... 298 Figure 7.2-19: HP Routing Isolation Online Sequence (TNI) .............................................................. 300 Figure 7.2-20: HP Routing Isolation Offline Sequence (TNI) .............................................................. 300 Figure 7.2-21: Intermix Transfer Online Sequence ............................................................................. 301 Figure 7.2-22: Intermix Transfer Offline Sequence ............................................................................. 302 Figure 7.2-23: Sump Injection Online Sequence ................................................................................ 302 Figure 7.2-24: Sump Injection Offline Sequence ................................................................................ 303 Figure 7.2-25: Inhibitor/DRA Online Sequence................................................................................... 303 Figure 7.2-26: LP Routing Intake Manifold Layout (Example) ............................................................ 304 Figure 7.2-27: LP Routing – PRDx Open Route Sequence (Intake) .................................................. 306
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 15 of 363
Page 15 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Figure 7.2-28: LP Routing – PRDx Start Intake Sequence ................................................................. 307 Figure 7.2-29: LP Routing – PRDx Stop Intake Sequence ................................................................. 308 Figure 7.2-30: LP Routing Delivery Manifold Layout (Example) ......................................................... 309 Figure 7.2-31: LP Routing – PRDx Open Route Sequence (Delivery) ............................................... 312 Figure 7.2-32: LP Routing – PRDx Start Delivery Sequence ............................................................. 313 Figure 7.2-33: LP Routing – PRDx Stop Delivery Sequence .............................................................. 314 Figure 7.2-34: Prover Y01 Online Sequence ...................................................................................... 315 Figure 7.2-35: Prover Y01 Offline Sequence ...................................................................................... 316 Figure 7.2-36: Prover Y01 Fill Sequence ............................................................................................ 317 Figure 7.2-37: Prover Y01 Drain Sequence ........................................................................................ 318 Figure 7.2-38: Intermix Blend Online Sequence (WAO) ..................................................................... 319 Figure 7.2-39: Intermix Blend Offline Sequence (WAO) ..................................................................... 320 Figure 7.2-40: Station Line-Up Sequence (TNI) ................................................................................. 321 Figure 7.2-41: Station Online Sequence (TNI).................................................................................... 321 Figure 7.2-42: Station Offline Sequence (TNI).................................................................................... 321 Figure 7.2-43: Station Isolation Sequence (TNI) ................................................................................ 322 Figure 7.2-44: Station Flush Sequence (TNI) ..................................................................................... 323 Figure 7.2-45: MV Mainline Pump P01-P03 Flush Sequence (TNI) ................................................... 324
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 16 of 363
Page 16 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Table of Tables
Table 6.2-1: Receiver Availability .......................................................................................................... 52 Table 6.2-2: Receiver Group Alarm Status ........................................................................................... 52 Table 6.2-3: Receiver Group Error Status ............................................................................................ 52 Table 6.2-4: Receiver Group Information Status .................................................................................. 53 Table 6.3-1: Launcher Availability .................................................................................................... 61 Table 6.3-2: Launcher Group Alarm Status ..................................................................................... 61 Table 6.3-3: Launcher Group Error Status ....................................................................................... 62 Table 6.3-4: Launcher Group Information Status ............................................................................ 62 Table 6.4-1: Density Hut Launch Availability ........................................................................................ 67 Table 6.5-1: Booster Pump Set Bxx Availability.................................................................................... 74 Table 6.5-2: Booster Pump Set Bxx Group Alarm Status ..................................................................... 74 Table 6.5-3: Booster Pump Set Bxx Group Error Status ...................................................................... 75 Table 6.7-1: Mainline Pump Set Pxx Availability.............................................................................. 86 Table 6.7-2: Mainline Pump Set Pxx Group Alarm Status ............................................................... 86 Table 6.7-3: Mainline Pump Set Pxx Group Error Status ................................................................ 86 Table 6.8-1: Mainline VSD Pump Set P0x Line-up Availability ............................................................. 98 Table 6.8-2: Mainline VSD Pump Set P0x Online, Offline and Flush Availability ................................. 98 Table 6.8-3: Mainline VSD Pump Set P0x Group Alarm Status ...................................................... 99 Table 6.8-4: Mainline VSD Pump Set P0x Group Error Status ........................................................ 99 Table 6.9-1: Mainline VSD Pump Set P0x Online, Offline and Flush Availability .......................... 107 Table 6.9-2: Mainline VSD Pump Set P0x Group Alarm Status .................................................... 107 Table 6.9-3: Mainline VSD Pump Set P0x Group Error Status ...................................................... 107 Table 6.10-1: P0x Lube Oil Ready Status ........................................................................................ 114 Table 6.10-2: P0x Lube Oil Availability ............................................................................................... 115 Table 6.11-1: Lube Oil DuC Availability ........................................................................................... 119 Table 6.12-1: HP Routing Flow compensation ................................................................................ 124 Table 6.12-2: HP Routing Group Alarm Status ................................................................................ 127 Table 6.12-3: HP Routing Group Error Status ................................................................................. 128 Table 6.12-4: HP Routing Group Information Status ....................................................................... 128 Table 6.13-1: Strainer (LP Intake) Group Alarm Status ................................................................... 134 Table 6.13-2: Strainer (LP Intake) Group Error Status .................................................................... 135 Table 6.15-1: PID Controller Modes of Operation .............................................................................. 151 Table 6.16-1: SIS Group – Group Alarm Status .............................................................................. 163 Table 6.17-1: Intermix Transfer Sequence Availability .................................................................... 167 Table 6.17-2: Sump Additional Device Alarm .................................................................................. 167 Table 6.18-1: Road Loading Availability .......................................................................................... 170 Table 6.19-1: Sump Injection Availability ........................................................................................ 180 Table 6.20-1: Purge Air DuC Availability .......................................................................................... 183 Table 7.19-1: Pumphouse Ventilation Fans Availability ...................................................................... 187 Table 7.19-2: Pumphouse Ventilation Fans Group Alarm Status ....................................................... 187 Table 6.21-1: Pressurisation DuC Availability .................................................................................. 190 Table 6.22-1: Inhibitor/DRA Injection Availability ............................................................................ 194 Table 6.22-2: Inhibitor/DRA Injection Group Alarm Status ............................................................. 195 Table 6.23-1: General - LP Station Statuses ................................................................................... 197 Table 6.23-2: General - HP Station Statuses................................................................................... 198 Table 6.24-1: Electrical Group Alarm Status .................................................................................... 203 Table 6.26-1: Diesel Supply Availability ........................................................................................... 211 Table 6.27-1: MV Generator Diesel Offloading Availability .............................................................. 216 Table 6.28-1: LP Routing Group Alarm Status ................................................................................ 219 Table 6.29-1: LP Routing Tables (Intake Manifold) ......................................................................... 226 Table 6.29-2: LP Routing Tables (Delivery Manifold) ...................................................................... 226
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 17 of 363
Page 17 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Table 6.29-3: LP Routing Tables (Intake Manifold) ......................................................................... 228 Table 6.29-4: LP Routing Tables (Delivery Manifold) ...................................................................... 228 Table 6.29-5: LP Routing - Group Error Status................................................................................ 232 Table 6.32-1: Tank Farm TGS OPC Tag Descriptors ...................................................................... 241 Table 6.32-2: Tank Farm TGS OPC Global Alarm Acknowledge .................................................... 241 Table 6.32-3: Tank Farm TGS OPC Watchdog ............................................................................... 241 Table 6.32-4: Tank Farm TGS OPC Qualities ................................................................................. 242 Table 6.32-5: Tank Farm Group Alarm Status Indication ................................................................ 242 Table 6.32-6: Tank Farm Additional Device Alarm .......................................................................... 243 Table 6.33-1: SIS Group Alarm Status ............................................................................................ 249 Table 6.34-1: Prover Diesel Level Indication ................................................................................... 254 Table 6.34-2: Prover Online Availability ........................................................................................... 258 Table 6.34-3: Prover Offline Availability ........................................................................................... 258 Table 6.34-4: Prover Fill Availability ................................................................................................. 259 Table 6.34-5: Prover Drain Availability ........................................................................................ 260 Table 6.34-6: Prover Group Alarm Status ....................................................................................... 260 Table 6.34-7: Prover Group Error Status ........................................................................................ 260 Table 6.34-8: Prover Group Information Status ............................................................................... 261 Table 6.36-1: PLC Status Monitoring ............................................................................................... 271 Table 6.36-2: OS Server Status Monitoring ..................................................................................... 272 Table 6.36-3: Network Switch Status Monitoring ............................................................................. 273 Table 6.36-4: PC Hardware Status Monitoring ................................................................................ 273 Table 6.36-5: TGS Status Monitoring .............................................................................................. 274 Table 6.36-6: MMS Status Monitoring ............................................................................................. 274 Table 6.36-7: Inter PLC Communications Status Monitoring ........................................................... 275 Table 6.37-1: Station Line-Up Sequence Availability ....................................................................... 282 Table 6.37-2: Station Online Sequence Availability ......................................................................... 282 Table 6.37-3: Station Offline Sequence Availability ......................................................................... 282 Table 6.37-4: Station Isolation Sequence Availability ...................................................................... 283 Table 6.37-5: Station Flush Sequence Availability........................................................................... 283 Table 6.37-6: P01-P03 Flush Sequence Availability ........................................................................ 283 Table 7.2-1: LP Routing - PRDx Intake Route Tables ................................................................... 305 Table 7.2-2: LP Routing - PRDx Delivery Route Tables ................................................................ 310 Table 7.2-3: Prover Y01 Availability ............................................................................................... 315
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 18 of 363
Page 18 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
1 INTRODUCTION
1.1 Purpose
The purpose of this document is to specify the core automation requirements that are
required to be complied with in the design of a process control system for the Transnet
Pipeline’s pipeline infrastructure.
This document should be read in conjunction with its applicable references, as invoked
throughout the document, and listed in Section [2.1]. The PCS Software Control Module
Standard [3] defines the core control and HMI requirements pertaining to software control
module development (devices). The Alarm Configuration Database [6] defines alarms and
event messages associated with the PCS.
These three documents specify the end-user requirements regarding process control system
automation requirements. These three documents are primarily used by the Main Automation
Contractor to engineer the Process Control System software.
This document does not detail control to be implemented in other systems (e.g. the safety
instrumented systems, machine monitoring systems, etc.).
This document also forms an input for the development of Transnet Pipelines System
Operating Procedures.
This document contains all the high level user requirements. Station specific requirements are
included in the Station specific documentation and will be developed in conjunction with the
Contractor.
The requirements specified herein are system independent.
1.2 Scope
1.2.1 Requirements Included
This document includes control system device\instrument requirements relating to,
HMI Interface
Device Control
Sequence Control
Error handling
Alarming and messaging
Framework and device groups
1.2.2 Requirements Excluded
This document does not define requirements relating to,
Process Control System (PCS) software control modules (devices)
Metering Systems (MDS)
Tank Gauging Systems (TGS)
Pipeline Monitoring Systems (PLMS)
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 19 of 363
Page 19 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Systems Application Products (SAP)
WAN Communication (WAN)
1.2.3 Process Control System Constraints
1.2.3.1 Performance Criteria
Performance criteria that need to be complied with when developing a process control
system can be found in the Process Control System User Requirement Specification [2].
1.2.3.2 Communication Constraints
The PCS WAN to the various stations within the Transnet Pipelines pipeline infrastructure are
via FOC and Microwave links. Bandwidth and latency specifications can be found in Tele-
control Communication Standard [8].
1.3 Document Usage
This document is intended to convey core requirements for the PCS.
All requirements included herein should be traceable to lower level documents to ensure
compliance.
In this specification,
the word shall is to be understood as a mandatory requirement,
the word should as a preference,
the word may as a permissive (i.e. neither mandatory nor necessarily
recommended),
and the word will as a declaration on behalf of something/ someone else.
The word ‘should’ shall be treated as a requirement, although it is acknowledged that it may
be negotiated based on appropriate justification.
Text indicated as 'Note' does not form part of this specification. Notes aid the reader's
understanding of the associated requirements.
1.4 Abbreviations
ACDB Alarm Configuration Database
ASCII American Standard Code for Information Interchange
CN Control Narrative
CO Co-ordinating Officer
DDF Detected Dangerous Failure
DH Density Hut
DIE Diesel
DSF SIF Diagnostic Failure
CP Effluent Control Panel
EDS Engineering Design Specification
EPV Expanding Plug Valve
ET Remote IO station
ETF Remote IO station in metering panel
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 20 of 363
Page 20 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
ETL Remote IO station in LV room
ETM Remote IO station in MV room
ETP Effluent Treatment Package
F&G Fire and Gas
FC Flow Computer
FDS Functional Design Specification
FP Flow-path
HP High Pressure
HVAC Heating, Ventilation and Air Conditioning System
I/O Input/Output
ICP Station Inlet Pressure (Incoming Pressure)
IFC Internal Floating Cover
IN Inland Network
JP Jameson Park Pump Station
JP0 Jameson Park Dispatch Manifold
KEN Kendal
LAN Local Area Network
LDS Leak Detection System
LOP Line Over-pressure Protection
LOPA Layer of Protection Analysis
LP Low Pressure
LPF Low Pass Filter
LRP Lead Replacement Petrol
LSD Low Sulphur Diesel
LV Low Voltage
LWC Line Wide Control
MAOP Maximum Allowable Operating Pressure
MBV Motorised Block Valve
MCC Master Control Centre
MDS Metering Database System
MES Manufacturing Execution System
MMS Machine Monitoring System
MoC Mode of Control
MoO Mode of Operation
MPP Multi-Product Pipeline
MTTR Mean Time to Repair
MV Medium Voltage
NMPP New Multi-Product Pipeline
NOC National Operating Centre (MCC)
OID Optical Interface Detector
OLE Object Linking and Embedding
OMS Operations Management System (Transnet Pipelines)
OPC OLE for Process Control
OS Operating System
OSI Open System Interconnection
P&ID Piping and Instrumentation Drawing
PCN Process Control Network
PCS Process Control System
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 21 of 363
Page 21 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
PCS7 Siemens PCS7 Process Control system (integrated PLC
and SCADA)
PET Petrol
PID Proportional, Integral, Derivative (controller)
PL1 Pipeline One (IVW to JMP - 24” Trunk Line)
PL2 Pipeline Two (JMP to ALR2 - 16” New)
PLC Programmable Logic Controller
PLCpm PLC product metering
PSD Pipeline Shutdown
PSx Pump Station x
QC Quality Control
RAT Process Range, Alarm and Trip Schedule
RTU Remote Termination Unit
S7 SIMATIC S7 Automation Equipment
SCADA Supervisory Control and Data Acquisition
SCC Secondary Control Centre
SDP Station Discharge Pressure
SIF Safety Instrumented Function
SIL Safety Integrity Level
SIS Safety Instrumented System
SO Station Operator
STA Station “Refer to Local Station Control”
SWCP Storm Water Control Panel
TA Trip Amplifier
TBA To be Advised
TBC To be Confirmed
TBD To be Defined
TCP Transmission Control Protocol
TCT Tank Capacity Table
TGS Tank Gauging System
TOP Tank Overfill Protection
TM1 Coastal Terminal (Terminal 1)
TM2 Inland Terminal (Terminal 2)
TMS Terminal Management System
TSM Tank State Machine
ULP Unleaded Petrol
ULSD Ultra Low Sulphur Diesel
VCF Volume Correction Factor
VSD Variable Speed Drive
WAN Wide Area Network
WB Wire Break
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 22 of 363
Page 22 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
1.5 Station Abbreviations
ALR Alrode
JMP Jameson Park (NMPP TM2)
KEN Kendal
APT Airport
BEM Bethlehem
CBK Coalbrook
DNR Durban
DUZ Duzi
EDP Elardus Park
FTM Fort Mistake
FYN Fynnlands
HLR Hillcrest
HTP Hilltop (NMPP PS3)
HWR Howick
IRP Intermix Refractionator Plant (Tarlton Refractionator)
IVW Island View (NMPP TM1)
KRO Kroonstad
KRP Klerksdorp
LAY Ladysmith
LLA Langlaagte
LRV Lions River (NMPP PS4)
MBT Mnambithi (NMPP PS5)
MGA Magdala
MGN Mngeni
MRR Mooi River
MTN Meyerton
NCS Newcastle
PWT Pretoria West
QGA Quaggasnek
RTR Rustenburg
SBG Sasolburg
SEC Secunda
TLR Tarlton
TNI Twini (NMPP PS1)
UBB Umbumbulu (NMPP PS2)
VDE Vrede
VLR Villiers (NMPP PS8)
VNN Van Reenen (NMPP PS6)
VRN Van Reenen
WAO Waltloo
WDN Warden (NMPP PS7)
WIL Wilge
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 23 of 363
Page 23 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
2 APPLICABLE DOCUMENTS
All documents of the exact revision cited in the Applicable Documents form part of this
specification to the extent specified. In the event of conflict between the text of this
specification and the documents invoked herein, the text of this specification shall take
precedence.
However, nothing in this specification supersedes applicable laws and regulations.
2.1 TPL Applicable Specifications and Standards
No. and Title Doc. No. Rev.
[1] Control System Policy TPL-TECH-I-
POL-001
03
[2] Process Control System User Requirements Specification
TPL-TECH-I-C-
SPEC-012
02
[3] Process Control System Software Control Module
Standard
TPL-TECH-I-C-
STD-013
01c
[4] Metering Policy TPL-TECH-I-
POL-002
03
[5] Metering Standard PL709 1.1
[6] Alarm Configuration Database 2684358-J-A00-
CS-DS-001
XX
[7] Segregated Process Control Metering Systems – Operational Implications
TPL-TECH-I-C-
SPEC-015
03
[8] Tele-control Communication Standard PL703 Latest
[9] Framework for Minimum Controls for Security in the
Process Control Environment
TPL-TECH-I-
PCE-006
02
[10] Transnet Group Legal: Intellectual Property Policy TG/GL 4/14/4 P 01
2.2 Other Applicable Specifications and Standards
The following national and international standards are required to be complied with and shall
be read in conjunction with this Specification.
No. and Title Doc. No. Rev.
[11] Quality Management Systems SABS ISO 9000 2015
2.3 Reference Documentation
The documents included in this section do not form part of the specification, but are included
for background and context.
No. Doc. No. Rev.
[12] Standard for Information Technology – Software IEEE 12207.0 1996
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 24 of 363
Page 24 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Lifecycle Processes
[13] Custody Metering System User Requirements
Specification
TPL-TECH-I-M-
SPEC-011
02
[14] Plant & Equipment Tag Numbering Standards PL101 03
[15] General Drawing Standards PL103 03
[16] Safety and Environmental Standards for Fuel
Storage Sites – Final Report
Buncefield
Standards Task
Group
24 July
2007
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 25 of 363
Page 25 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
3 PROCESS CONTROL OVERVIEW
3.1 Stations
Stations (or depots as they are often referred to) are located at various points along the
various pipelines owned and operated by Transnet Pipelines and consist of the following
types:
3.1.1 Intake stations
These stations are used to introduce product into the pipelines and as such are fed from
client storage facilities via dedicated feeder lines. In order to accurately meter the volume of
product intake as well as to establish the quality of product taken in (used to establish both
accurate mass balances as well as percentage product degradation during product transfer)
the volume of product received is metered to API Standards.
Spheres and pigs may be introduced into the line for the purposes of cleaning of the pipeline
or separation of products. Pressure head is provided by means of multiple stage mainline
pump and motor sets.
3.1.2 Pump stations
These pump stations are used to maintain pressure head and each station consists of
multiple stage centrifugal mainline pump and motor sets.
Depending on pressure head requirements and in order to optimise both flow and pressure
requirements, various combinations of stages are run, usually with stages in reserve/backup
should a pump set fail.
Facilities included at these pump stations also include receivers to remove spheres from the
pipelines prior to product entering the mainline pump sets, launchers to re-introduce spheres
into the pipelines after the mainline pump sets in order to separate products, density
monitoring facilities to enable accurate sphere launch/transmix control and Intermixture
injection facilities to enable the injection of sump tank contents back into the mainlines.
3.1.3 Delivery stations
These stations are used to deliver product to clients at various stages along the pipelines, via
dedicated consignee feeder lines. To accurately establish the volume of product delivered,
the volume is metered to API Standards, via interface to a custody metering system.
Facilities at these delivery stations include intermix tank storage and blending facilities to
enable the re-introduction of intermixture from the intermix tanks back into the manifold as
well as storage facilities in the form of accumulator tanks. Introduction of intermixture
(consisting of transmix product) is accurately controlled in order to ensure that the quality of
product being transferred is not downgraded to fall outside of pre-arranged quality target set
points.
3.1.4 Terminal Facilities
Terminals receive, distribute and accumulate multiple products, usually on a per grade basis.
Products are usually custody transfer metered into Tankage. Tank Overfill Protection is
provided in accordance with “Safety and Environmental Standards for Fuel Storage Sites –
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 26 of 363
Page 26 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Final Report’ as compiled by the Buncefield Standards Task Group dated 24 July 2007 and
API 2350 recommendations.
Product distribution out of the product dedicated accumulator tanks is accomplished by
accumulator / booster pumps, the purpose of which is to increase the product pressure to an
acceptable inlet pressure required by the mainline pumps. Outloading facilities are also used
to transfer product to rail and road tankers using batch controllers for measuring product to
these tankers.
3.1.5 Remote Block Valve Chambers
MBV Valve chambers are located along pipeline infrastructure between pump stations and are
used to isolate pipelines for maintenance and emergency shutdown purposes. Pressure and
temperature instrumentation installed in these chambers form an integral part of Pipeline
Monitoring Systems (PLMS) installed.
These sites are in most cases remote from stable power supplies, regular maintenance and
operational teams. All Automation and Communications equipment at MBV chambers are
backed up via UPS equipment, to increase the availability of the pipeline process control
signals transmitted to the Control System during local power failure conditions.
3.2 Tele-Control Facilities
The following facilities are available at the remote stations and are monitored and/or
controlled from the master control centre. It should be noted that tele-control facilities are
divided into two categories: facilities concerned with high pressure manifold control and
product transfer and those facilities concerned with low pressure manifold control and
product intake or delivery.
Detailed Functional Design Specifications detailing the control methodology to be adopted in
controlling these facilities/devices have been included in this Automation Standard.
3.2.1 Mainline Pump and Motor Sets (HP Manifold)
These mainline pump and motor sets consist of multiple stage centrifugal pump and motor
sets and are used to introduce additional pressure head into the pipeline.
Control of the mainline pump and motor sets requires interface and control of not only the
pump set itself but also the suction/inlet valve (hand operated), bypass and outlet/discharge
valves (motorised actuated). Indication of pump suction and discharge pressure is achieved
via means of pressure transmitters installed on the pump inlet and outlet lines respectively.
3.2.2 Receivers (HP Manifold)
Receivers are used to remove incoming spheres and pigs from the pipeline and comprise
mechanically of a receiving barrel, kicker and bypass line. The receiver is placed on and off
line by means of inlet, discharge and bypass valves (motorised actuated).
Imminent arrival and receipt of incoming spheres and pigs are indicated by sphere detector
switches mounted remotely on the pipeline and locally on the receiver barrel, with the primed
status of the receiver being indicated by low and high level switches mounted on the receiver
itself.
Draining and filling of the receiver is required to be performed manually.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 27 of 363
Page 27 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
3.2.3 Launchers (HP Manifold)
Launchers are used to introduce spheres, batching pigs and scraper pigs into the pipeline and
mechanically consist of a launcher barrel, magazine, kicker and bypass line and either an
open cage basket valve or launcher pins for release of spheres into the main flow path.
The launcher is placed on and off line by means of inlet, discharge and bypass valves
(motorised actuated).
A sphere detector switch located downstream of the launcher discharge valve indicates
successful launching of spheres. Primed status of the launcher is indicated by feedback from
low and high level switches mounted on the launcher barrel and magazine respectively.
Draining and filling of the launcher is required to be manually done.
3.2.4 Sump Injection Facilities (HP Manifold)
Intermixture injection facilities at the remote stations comprise of sump tanks, used to collect
product from sources (typically when the receiver and launchers are drained of product or for
maintenance purposes and from thermal relief valves), and injection facilities used to re-
introduce product back into the line.
Sump injection may be controlled by means of an injector and venturi, with intermixture flow
rate being controlled indirectly using a control valve (motorised actuated) located in the high
pressure line, upstream of the venturi (controlling differential pressure across the venturi and
hence the intermixture flow rate).
At some stations the sump injection is implemented by pumping the product via sump pump
through the sump injection valve into the mainline.
3.2.5 Interface Handling Control Facilities (HP Manifold)
Interface Handling control facilities at remote stations comprise of instrumentation located on
the pipeline as follows: -
Remotely upstream of the station, in order to indicate the imminent arrival of an
interface.
Locally on the manifold, in order to give the operator a continuous indication of
product quality in order to assist in sphere launching and interface control.
Locally after the launcher in order to indicate quality of product leaving the station.
Launch control facilities in the form of a density hut, hydrometer and launch control panel are
also provided in order that the operator may perform manual launching.
3.2.6 Lube Oil Facilities.
Associated with the operation of some mainline pump and motor sets, forced lube oil control
may be required in order to provide a steady flow of lubrication oil to the pump and motor
bearings.
3.2.7 Purge Air Facilities.
Associated with the operation of some mainline motors, purge air control may be required in
order to comply with safety regulations and cooling requirements.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 28 of 363
Page 28 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
3.2.8 Pressurisation Facilities
Associated with the operation of some remote stations, purging and pressurisation of control
rooms may be required in order to comply with Hazardous Area safety regulations.
3.2.9 Delivery Facilities (LP Manifold)
Delivery of product to a client is achieved via control system interface to both a delivery
manifold and metering system, with the flow rate being controlled by a flow control valve
located upstream of the delivery manifold.
3.2.10 Intake Facilities (LP Manifold)
Intake of product from a client is achieved via control system interface to both an intake
manifold and metering system, with the flow rate being controlled by a flow control valve
located downstream of the intake manifold.
3.2.11 Prover Loop Facilities (LP Manifold)
Prover loop facilities at delivery and intake stations are utilised to accurately establish meter
factors to be used in the metering of product to API Standards.
Control of the Prover loop operation consists of the transfer of a fixed volume of metered
product, for a specified number of cycles in order to establish a meter factor.
Facilities to fill and empty the Prover may be provided and consist of dedicated transfer tanks,
transfer pumps and associated inlet and outlet piping. Control of the filling and draining of
Provers may be effected by interface to the control system requiring the automatic or manual
control of all associated inlet and outlet valves, as well as the continuous level measurement
of the transfer tanks.
3.2.12 Intermixture Handling Facilities (LP Manifold)
Intermixture handling and injection facilities at the remote stations may comprise of intermix
tanks used to accumulate intermix product and pumping facilities used to re-introduce product
back into the line.
Accurate control of intermixture blending into product being delivered is required in order to
ensure that the product is not delivered out of specification.
Tanker Loading facilities may also be provided to transfer product via road tankers to the IRP
Plant (Refractionator). Intermix may also be transferred to the IRP Plant via pipeline in some
instances.
3.2.13 Accumulator Tank Facilities (LP Manifold)
Accumulator Tank facilities in the form of dedicated accumulator tanks are provided at
delivery/intake stations for the purposes of accumulating product. Facilities may include
transfer pumps; inlet and outlet valves (motorised actuators), level measurement and
independent overfill protection systems.
Product transfer to and from accumulator tanks are considered to form part of consignee
deliveries and is thus metered to API Standards.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 29 of 363
Page 29 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
3.2.14 Booster Pump Spillback Control facilities
Booster pumps may require minimum flow spillback facilities, to ensure minimum flow
requirements. These facilities may also be used for inter-tank transfer.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 30 of 363
Page 30 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
4 DEFINITIONS AND CONCEPTS
The purpose of this section is to clarify definitions and concepts that are applied throughout
the rest of this document.
4.1 Typographic Conventions
The terms "Latch" and "Unlatched" implies the use of "Set" and "Reset".
Binary operators are indicated in capital letters (e.g. AND, OR, NOT).
Note that for confident disambiguation, De Morgan's' theorem is applied to logical constructs
when converting between the positive and negative senses of the binary statement. e.g.
NOT(A AND B) = NOT(A) OR NOT(B).
Device States are denoted in Title Case (example valve Not Closed).
4.2 Device
Devices are defined as any field equipment that is monitored / controlled by the PLC System.
Controllable devices include the following:
Actuated valves
Control valves
Drives (Auxiliary pumps, fans, motors, etc.)
Mainline pumps (DOL, VSD, etc.)
Monitoring devices include the following:
Hand valves (ZV)
Analog instrumentation
Digital instrumentation
4.2.1 Device Fault
A detailed list of device faults is indicated in the Process Control System Software Control
Module Standard [3].
A device fault is any condition which indicates that the device is not operating correctly. For
example:
For actuated valves: Device Fault = Wire Break OR Control Error.
For ZV valves: Device Fault = Wire Break.
For 400V Aux Motors: Device Fault = Thermal Overload OR Soft Start Fault OR VSD
Fault OR Control Error.
For Analogs: Device Fault = Hardware Fault.
4.2.2 Device Available
A device is defined as being Available if the device is not in local and has no fault condition
and is not in Commissioning Mode.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 31 of 363
Page 31 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
4.2.3 Open OR Wirebreak
The valve is Open OR in Wirebreak. This condition is typically used for the following:
Determination of a flow-path
Sequence availability in certain specific instances (for example HP isolation valve and
LP routing ZV's).
4.2.4 Closed OR Wirebreak
The valve is Closed OR in Wirebreak.
4.3 Device Group
A Device Group is defined as a collection of devices, grouped both logically and functionally
for the purposes of control and monitoring e.g. Receivers and Launchers.
4.3.1 Group Available
A device group is defined as being Available when all devices associated with a group are
available and all associated process conditions are healthy. Availability may be defined at a
device group or sequence level.
The Group Availability is indicated as follows:
Green = Available,
Yellow = Not Available
Every condition that is part of the Group Availability is displayed in the availability faceplate.
This condition will determine if the Group is Available for sequence control and may consist of
the following:
XV’s available
Mainline pump available
Auxiliary pump/fan available
ZV’s open
Process healthy (Level made, drains closed, etc.)
4.3.2 Group Ready
A device group is defined as being Ready when the device Group is Available and in
Automatic Mode of Operation. If the group is Not Ready, associated sequences cannot be
controlled. Ready may be defined at a device group or sequence level.
If the group becomes Not Ready, all associated online and flushing sequences are aborted.
Offline sequences are also aborted if defined as such.
4.3.3 Sequence Fault
A Sequence fault is active if any of the devices in the group that are controlled from the
sequence are Not Available during execution of the sequence:
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 32 of 363
Page 32 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
XV’s Not Available
Mainline pump Not Available
Auxiliary pump/fan Not Available
Instrument Fault, where defined as such
ZV’s are not included as they are not controlled from the sequences.
Note: Wirebreak is taken in most instances as an Open status when determining flow-path.
The Sequence Fault can be used to start the offline sequences where required.
4.3.4 Group Flow-path
A Group Flow-path bit is active when valves are in the state as described in the figure below.
Actuated valves and hand valves are evaluated for a Flow-path. Control valves are not
evaluated for a flow-path. Flow-path may be defined at a route or group level.
&
Group flowpath
&
Group flowpath
>=1
Open OR Wirebreak
>=1
Open OR Wirebreak
Valve open
Valve Wirebreak
>=1
Open OR Wirebreak
Valve open
Valve Wirebreak
>=1
Open OR Wirebreak
>=1
Open OR Wirebreak
Valve open
Valve Wirebreak
>=1
Open OR Wirebreak
Valve open
Valve Wirebreak
Valve typical
Valve typical
Figure 4.3-1: Group Flow-path logic
4.3.5 Group Flushing
[For Device Groups that require to be flushed e.g. receivers, launchers, HP strainers, mainline
pump sets]
Flushing is initiated by operator request, interface detection or by route change (site
dependent). Flushing will be terminated based on operator request.
A “Not flushed” status is determined by a device group not being placed on flush within a
configurable time (configurable within the PLC, for each device group) after flushing is
initiated.
Flushed status for device groups is not tracked.
For additional details, refer to the individual group flush details.
4.4 Control Modes (Overview)
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 33 of 363
Page 33 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
4.4.1 Modes of Control
The control mode defines the location that has control. Mode of Control affects the operator’s
ability to control a device (example by issuing commands) from the PCS.
The PCS will evaluate the control mode for each device and determine if the control or
change functions are allowed. These control and change functions are:
Control requests
Substitute selection and substitute value/state change
Any other operator requests or changes
Alarm handling (Routing, acknowledgment, suppression)
All requests emanating from sources other than from the location in control is blocked on the
PCS.
For automatic control across groups, all associated groups need to be in the same MoC. This
is typically used for station sequences.
Modes of Control are latched internally and are linked to all the devices in a Device Group.
On a cold restart or power up of the PCS, all HP groups default to MCC mode of control and
all LP groups default to Station mode of control, unless otherwise superseded for a group in
station specific EDS’s.
Two modes of control are defined as follows:
4.4.1.1 Station
This is defined as the mode in which control requests to the Control System can only be
issued from the SCADA situated at the station itself.
4.4.1.2 MCC
This is defined as the mode in which control requests to the Control System can only be
issued from the SCADA situated at the Master Control Centre in Durban.
4.4.2 Mode of Operation
Modes of Operation are latched internally and are linked to all the devices in a Device Group.
On a cold restart or power up of the PCS, all groups default to automatic mode of operation,
unless otherwise superseded for a group in station specific EDS’s.
4.4.2.1 Local
In this mode, control of a Device occurs either from the device itself (in the case of valve
actuators) or from Starter Panels in the Switchgear Room (in the case of Motors). Note that
although control action from the PCS is ignored in this mode, hard-wired interlock
functionality remains enabled (e.g. Pump Switchgear Trips, etc.). The PCS still monitors and
indicates the status of the devices in local.
Hardwired trips (either independent of the PCS or emanating from the PCS and hardwired to
operate in Local) are active in this mode.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 34 of 363
Page 34 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
4.4.2.2 Manual
In this mode, control of a Device occurs from the PCS System. Note that when in manual
mode of operation, direct control of the device is possible with responsibility for control of the
plant resting with the operator.
Hard wired PLC trips and PLC Interlocking are active in this mode.
Responsibility for selecting Control Modes of Operation (MAN/AUTO) for Device Groups shall
remain the responsibility of the Operator who is in control of the Group i.e. a Group will
remain in MANUAL Mode until the Operator changes to AUTOMATIC Mode and vice versa.
4.4.2.3 Automatic
In this mode, device groups are controlled by the PCS via control sequences initiated via the
PCS.
In automatic, devices are controlled via the automatic commands. The automatic commands
are switched from:
Sequences
Duty controller
Hard wired PLC trips and PLC Interlocking are active in this mode.
Responsibility for selecting Control Modes of Operation (MAN/AUTO) for Device Groups shall
remain the responsibility of the Operator who is in control of the Group is, i.e. a Group will
remain in AUTOMATIC Mode until the Operator changes to MANUAL Mode and vice versa.
4.5 Route Definitions
(For purpose of illustration, a route is considered containing three valves, namely XV1, XV2
and ZV3).
Primary Route Primary route is defined as the first delivery/intake route selected for
a product.
Transition Route Transition route is defined as the second delivery/intake route selected for a product. Transition occurs when the delivery/intake
route is switched from the primary to the transition route.
Route Closed Any one (1) valve on the route is confirmed Closed.
Route Closed = XV1 Closed OR XV2 Closed OR ZV3 Closed.
Route Not Closed All valves on the route are confirmed Not Closed.
Route Not Closed = Not (Route Closed) = XV1 Not Closed AND XV2
Not Closed AND ZV3 Not Closed
This status is used by PLMS to determine a flow-path.
Route Open All valves on the route are confirmed Open. LP ZVs and HP isolation valves include wirebreak in the Open condition.
Route Open = Header Closed AND XV1 Open AND XV2 Open AND
ZV3 Open/Wirebreak.
Route Offline All valves on the route except ZVs are confirmed Closed. Other
conditions may be required for the Offline state depending on the specific route. For example, if the route contains pumps, then Pump
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 35 of 363
Page 35 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Not Running.
Route Offline = XV1 Closed AND XV2 Closed.
Route Online All valves on the route are confirmed Open. LP ZVs and HP isolation
valves include wirebreak in the Open condition. Other conditions may
be required for the Online state depending on the specific route. For example, if the route contains pumps then Pumps in a Running state
etc.
Route Online = XV1 Open AND XV2 Open AND ZV3 Open/Wirebreak.
Valid Flow-path All valves on the route are confirmed Open/Wirebreak.
Valid Flow-path = XV1 Open/Wirebreak AND XV2 Open/Wirebreak AND ZV3 Open/Wirebreak.
No Valid Flow-path
No Valid Flow-path = Not (Valid Flow-path)
4.6 Interlocks
4.6.1.1 Hard wired interlocks
Hard-wired Interlocks are defined as interlocks, which are physically wired and act
independently of the control system. Due to safety reasons, these may not be overridden.
Hard-wired Interlock functionality remains active in all modes of operation i.e. automatic,
manual and local.
For example:
Emergency stop push button hardwired into motor bucket
Safety Instrumented Function trip
TVR trip emanating from PLC and hardwired into motor bucket.
4.6.1.2 PLC Interlocks and Trips
PLC Interlocks/trips are programmed in the PLC and due to safety reasons, should not be
overridden e.g. tank inlet valve is interlocked closed on activation of a high level switch.
PLC interlock and trip functionality remains active in both manual and automatic mode of
operation i.e. not in local, with the exception of motor protection trips which remain active in
all three modes of operation.
TRIP action is associated with device protection and returns a device to a predefined safe
state until the condition that caused the trip has been removed (e.g. All Motor Protection
Trips). A trip condition is indicated on the control system graphic by means of a flashing red
device symbol and is only active within an associated device group i.e. never across device
groups.
INTERLOCK action is associated with process safety functions and returns the process to a
predetermined safe state and holds the process in that state until the condition that caused
the interlock has been removed (e.g. associated control valve is closed on tank high level).
An interlock condition is indicated on the control system graphic by means of a purple border
around the device being interlocked and may be active both within and across device groups.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 36 of 363
Page 36 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
4.7 Switching definitions
Switching applies to manifolds that have more than one route configured and apply to both
LP and HP manifolds.
Switching may be performed manually or automatically using online sequences for HP routing
and start intake/delivery sequences for LP routing.
4.7.1.1 Open Switch
When switching product from route A to route B, the valve/s to route B is/are opened while
the valve/s to route A is/are still fully open. Flow is not stopped during open switching.
4.7.1.2 Closed Switch
When switching product from route A to route B, the valve/s to route B is/are opened only
when the valve/s to route A is/are fully closed. Flow is stopped during a transfer operation.
4.7.1.3 Fly Switch
When switching product from route A to route B, the valve/s to route B is/are opened whilst
valve/s to route A is/are being closed. Flow is not stopped during fly-switching. Fly-switching
is not permitted on custody metered routes as fly-switching is not supported by the Custody
Metering Systems installed on Transnet Pipeline depots. Fly-switching can also cause a
blocked flow path if associated valve/s is/are not fully open and can cause upstream pressure
build-up.
4.8 General
Consignee Valve The customer destination valve, receiving product from the network.
(Delivery Station).
Consignor Valve The customer source valve, receiving product into the network. (Intake Station).
Controller A device or program that operates automatically to regulate a controlled variable.
PID Controller A controller that produces proportional-plus-integral (reset)-plus-derivative (rate) control action.
Intermix Intermix is any mixture of diesel, petrol, and jet fuel or off-spec
product. As pipelines contain more than one product batch there is an interface between products where mixing occurs.
4.9 Sequence Control
4.9.1 Sequence Control Matrix
Control and monitoring of Routing Sequences for the following device groups within the PCS
is standardized using a Sequence Control Matrix:
HP Routing
LP Routing
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 37 of 363
Page 37 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Prover
Intermix Blend Control
Inter-tank Transfers and Transfers from Sump
The Matrix lists all route sources in the left column and all route destinations in the top row.
Routing Sequence statuses are displayed using a standard sequence icon. Sequence statuses
and availability are indicated on the Matrix by means of colour.
Figure 4.9-1: Typical Matrix Status Indications
The operator can select the route he wants to place online or offline from the matrix by
selecting the applicable route sequence icon by means of source and destination. This will
open up a dialog box with an online and offline sequence selection.
Figure 4.9-2: Typical Sequence Matrix for Intermix Blend & Transfer
4.9.2 Sequences
Sequences are used for the automatic control of Device Groups. In automatic Mode of
Operation, the PLC stops and starts sequences according to operator group commands,
process conditions, process errors or other sequences.
SFC charts are used to ensure step-by-step execution of sequences. SFC Charts comprise of
Steps (which contain control requests that are required to be executed) and transitions
(which contain conditions that are required to be fulfilled prior to moving to the next Step).
Device control requests are issued to device typicals from within SFC Steps, with device
feedback status forming part of conditions defined in the SFC Transition. Control Errors
generated from control requests will cause associated Device Groups to become not available
and will cause the sequence to stop, if defined as such.
The Transition checks for the correct feedback of the devices switched in the active Step. The
transition of an offline sequence that continues running on a fault also checks if the device is
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 38 of 363
Page 38 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
not available. This enables the sequence to continue even when a control command has not
been successfully executed.
4.9.2.1 SFC Legend
START
XV R1A Opened
END
Open R1AOpen
XV R1A
1 0s
Maximum execution time
(default if not used)
Minimum execution time
(Only shown where applicable)
Step number
-s
Start Step
End Step
Step actionText description to be
displayed to operator
Transition condition
Empty Transition condition = “True”
All faults during the process
result in the sequence aborting,
complete with all associated
alarming and event logging.
Figure 4.9-3: SFC Legend
4.9.2.1.1 Start Step
This step is normally used to reset all the commands that are used in the sequence. This is
not really required as every sequence command is reset in the step.
4.9.2.1.2 Start Transition
This transition is usually empty.
4.9.2.1.3 Step Action
Indicates the action that is taken in the step. If more than one device is used, they all need
to be listed.
4.9.2.1.4 Step Number
The step number is used for documentation reference purpose. It may differ in the software.
The step number is unique per sequence.
4.9.2.1.5 Step Comment
The comment field should give a basic indication of the action that is taken. The detailed
device command associated with the steps will be reflected in the step itself in SFC
visualization, and will give the operator an indication of all the actions and transition
associated with the step.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 39 of 363
Page 39 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
4.9.2.1.6 Step Monitoring Time
The step time shown is the maximum step time after which the sequence will abort. Typically
this value is used as a catch-all.
If the monitoring time is not used, -s is to be written.
4.9.2.1.7 Step Waiting Time
This time indicated the minimum time a step will wait until it continues.
This time should only be used when it is necessary to wait a time period i.e. for flushing.
If the waiting time is not used, 0s is to be written.
4.9.2.1.8 Transition Condition
List all devices that need to be checked for the correct feedback. If all conditions are met,
then the next step in the sequence is executed.
4.9.2.1.9 End Step
This step is normally used to reset all the commands that are used in the sequence.
4.9.2.2 Alternative Branch
START
XV3 Opened
Open XV3OpenXV3
3 -s
END
XV2 Opened
Open XV2OpenXV2
2 -s
XV1 Opened
Open XV1OpenXV1
1 -s
Condition 1 Condition 2
All faults during the process
result in the sequence aborting,
complete with all associated
alarming and event logging.
Figure 4.9-4: Alternative Branch
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 40 of 363
Page 40 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
4.9.2.3 Simultaneous Branch
START
XV3 Opened
Open XV3OpenXV3
3 -s
END
XV2 Opened
Open XV2OpenXV2
2 -s
XV1 Opened
Open XV1OpenXV1
1 -s
All faults during the process
result in the sequence aborting,
complete with all associated
alarming and event logging.
Figure 4.9-5: Simultaneous Branch
4.9.2.4 Abort on Error
START
XV R1A Open ANDXV R1E Open
END
Open R1A, R1EOpen XV R1AOpen XV R1E
1 -s
All faults during the process
result in the sequence aborting,
complete with all associated
alarming and event logging.
Figure 4.9-6: Abort on error
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 41 of 363
Page 41 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
4.9.2.5 Continue on Error
START
XV R1A Open Or Not Available
END
Open R1AOpen XV R1A
1 -s
All faults during the process
result in the sequence
continuing, complete with all
associated alarming and event
logging.
Figure 4.9-7: Continue on Error
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 42 of 363
Page 42 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
5 GENERAL CONTROL PHILOSOPHY - DEVICES
The core requirements applicable to software control modules (devices) utilized within
Process Control Systems are detailed in the Process Control System Software Control Module
Standard [3] and Alarm Configuration Database [6].
These requirements specify the end-user requirements regarding control and HMI
requirements.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 43 of 363
Page 43 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6 GENERAL CONTROL PHILOSOPHY – DEVICE GROUPS
6.1 Introduction
The following Device Groups are usually associated with HP Manifold facilities:
Receiver
Launcher and Interface Handling
MV Booster Pump Set (DOL) – Series Configuration
MV Booster Pump Flow Control
MV Mainline Pump Set (DOL) – Series Configuration
MV Mainline Pump Set (VSD) – Parallel Configuration
Lube Oil System (Mainline Pumps) – 24” MPP Stations
Lube Oil System (Mainline Pumps) – RPP/COP Stations
HP Routing
Dual Strainers
Flow Control – HP Application
Duty & Speed Control (VSD) – Parallel Configuration
SIS – Line Over-Pressure Protection
Sumps & Intermix Transfer (including Road Loading)
Sump Injection (Venturi)
Purge Air Fans
Pressurisation Fans
Inhibitor & DRA (Drag Reducing Agent) Injection
General (including Utilities, Instrument Air, Fire Systems)
Electrical Distribution (including MV Gensets, Diesel Supply and Diesel Offloading
facilities)
System Diagnostics
Station Sequences
The following Device Groups are usually associated with LP Manifold facilities:
LP Routing - General
LP Routing - Product Groups
Flow Control – LP Application
Prover
Tank Farms
SIS – Tank Overfill Protection
Intermix Blend Control
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 44 of 363
Page 44 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.2 Receiver Device Group
This section is associated with the control and monitoring of the Receiver Device Group.
Receivers are used to remove incoming spheres and pigs from the pipeline and are installed
on most TPL Stations where pigging operations are required.
6.2.1 Group Description
The Receiver Group may be controlled either in automatic, manual or local mode. Receiver
pressurisation and sphere removal however, remains a local operation. This functionality
requires the installation of motorised actuators on the Bypass, Inlet and Outlet Valves, as
well as the installation of both low and high level switches on the receiver to ensure
successful draining and filling prior to being placed on-line.
The Receiver is classed as a pressure vessel and thus a local pressure gauge is installed on
the Receiver to provide local indication of the pressure within the Receiver Barrel.
A Local Sphere Detector is located within the Receiver barrel to provide an indication of
spheres received. Sphere Detector switches are mounted remotely to provide an indication of
the impending arrival of Spheres. Two types of sphere detectors may be installed; namely
non-intrusive and intrusive. Where intrusive types are used, two are installed for reliability
purposes. Pulses received from the sphere detectors are interfaced into high-speed interrupt
modules. A software based counter is associated with each sphere detector switch.
Receiver valve actuators are selected to ensure that the time it takes to place the Receiver on
line is faster than the time it takes for the sphere to reach the receiver after the sphere has
been remotely detected.
It should be noted that four different types of spheres are used as follows: -
Intelligent Pigs
Batching Pigs
Cleaning Pigs
Spheres
Receiver/Launcher Transfer Tanks may be installed and used to hold receiver product during
draining operations. This product is then re-introduced back into the receiver before being
placed back online. Use of transfer tanks is intended to reduce the amount of intermix
created during maintenance operations. These facilities comprise of a transfer tank, routing
valves, and transfer pump. This operation is intended to be a manual operation, locally
controlled by the operator. The valves are thus hand-operated, and the pump locally
controlled. No level transmitter is installed on these transfer tanks.
Control and monitoring functionality is achieved via the following devices:
Instruments
Remote Sphere Detector/s ZI x01/x02 Receiver Sphere Detector ZI x03
Receiver Low Level LSL x01
Receiver High Level LSH x02 Remote Sonic Velocity KT x01*
Receiver Transfer Pump Flow FS x01 Receiver Transfer Pump Current IT x01
* Devices form part of another group
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 45 of 363
Page 45 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Valves
Receiver Inlet Valve XV RxA Receiver Inlet Isolation Valve ZV RxB
Receiver Outlet Valve XV RxE
Receiver Outlet Isolation Valve ZV RxF Receiver Inlet Bleed Valve ZV RxT
Receiver Outlet Bleed Valve ZV RxU Receiver Bypass Valve XV RxK
Receiver Drain Valve ZV FxA
Receiver Transfer Outlet Valve ZV FxE Receiver Transfer Inlet Valve ZV FxB
Receiver Transfer 4-Way Valve ZV FxR
Pumps
Receiver Transfer Pump X0x
6.2.1.1 Functional Layout of the Receiver
To have clarity when describing the function of the Receiver, the layout and position of the
valves and instrumentation must be defined.
The diagram below shows the functional layout of the Receiver indicating where the valves
and instrumentation are located.
XV R1E
XV
R1
K
ZV
R1
W
ZI
101
ZI
103
LSL
101
LSH
102
Remote Chamber
To
Strainers
From
Upstream
StationZV R1B
ZV
R1
TZ
V R
1U
KT
101
To Sump
Figure 6.2-1: Functional Layout of the Receiver R01
6.2.2 Modes of Control
The Receiver may be controlled from the PCS either locally at the Station or remotely from
the MCC.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 46 of 363
Page 46 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.2.3 Modes of Operation
All devices related to the Receiver shall have the following three Modes of Operation:
Local
Manual
Automatic
6.2.4 Group Functionality
6.2.4.1 Mode
A single software control module has been developed to cater for both receiver and launcher
device group functionality. Receiver or launcher functionality is selected by means of the
Mode selector and is either hard-coded for uni-directional receivers/launchers or
automatically changed based on flow direction for bi-directional receivers/launchers.
6.2.4.2 Receiver States
6.2.4.2.1 Receiver Online
The Receiver is in an Online state if:
XV RxA is Opened AND
ZV RxB is Opened AND
XV RxE is Opened AND
ZV RxF is Opened AND
XV RxK is Closed
6.2.4.2.2 Receiver Offline
The Receiver is in an Offline state if:
XV RxA is Closed AND
XV RxE is Closed AND
XV RxK is Opened
6.2.4.3 Receiver No Valid Flow-path Status
A Valid Flow-path for the Receiver exists if the following conditions are met:
XV RxK
OR
XV RxA AND
ZV RxB AND
XV RxE AND
ZV RxF
Note that the "Open OR Wirebreak" state is required from each device.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 47 of 363
Page 47 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.2.4.4 Remote Sphere Counter Control
The Remote Sphere Detector Switch/es (ZI x01/02) are used to provide input for software
implemented Remote Sphere Counter/s in Receiver Mode. The Remote Sphere Counter/s
shall be incremented on successful detection of incoming pigs or spheres.
The Remote Sphere Counter/s are reset (set to zero) in two possible ways:
By the operator from either of the Remote Sphere Counter faceplates
Change in Mode (Launcher/Receiver)
When the Local Sphere Counter is reset by the operator from the faceplate, the Remote
Sphere Counter/s are set to the difference between the Local and Remote Sphere Counters,
in order to accurately indicate outstanding pigs or spheres not yet received.
6.2.4.5 Local Sphere Counter Control
The Local Sphere Detector switch (ZI x03) is used to provide input for a software
implemented Local Sphere Counter in Receiver Mode. The Local Sphere Counter shall be
incremented on successful detection of incoming pigs or spheres in order to indicate the
number of pigs or spheres received.
The Local Sphere Counter is reset (set to zero) in two possible ways:
By the operator from the Local Sphere Counter faceplate
Change in Mode (Launcher/Receiver)
6.2.4.6 Double Block and Bleed Valves
Double block and bleed valves may be installed at the inlet of the Receiver as well as on the
kicker line, in addition to the existing Receiver Inlet and Outlet valves. These double block
and bleed valves are installed as safety isolation valves to be utilized during maintenance and
or pig or sphere retrieval. Valves of size > 400NB will be actuated and interfaced into the
Control system as ZV valves.
The first block valve on both the inlet and outlet will be actuated and controlled during the
normal Receiver operation.
The second block valve and bleed valve on both the inlet and outlet of the Receiver will be
hand operated, with the block valve being left open and the bleed valve closed during normal
operation. These valves will then be hand-operated during maintenance and or pig or sphere
insertion. Both these valves will have feedback interfaced to the control system and will form
part of the availability of the Receiver.
6.2.4.7 Receiver Flushing
A Receiver Flush Online Request is activated, on receipt of:
a Flush Online Request from the SCADA, if not Online OR
a Manifold Flush Request from the SCADA Overview Screen, if not Online (Station
dependent) OR
a Route change (Station dependent)
On receipt of a Receiver Flush Online Request, the Receiver Online Sequence is initiated if
Ready and not already online.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 48 of 363
Page 48 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Flushing will be terminated by initiating the Receiver Offline Sequence, based on operator
request.
A “Not flushed” status is determined by a device group not being placed on flush within a
configurable time (configurable within the PLC, for each device group) after flushing is
initiated.
6.2.4.8 Receiver Flags
These flags are raised by the process control software as configured on the Receiver block.
The flags are used to generate Group Status Indications, Group Availability Indications and
for Group Event and Group Alarm logging. The triggering of each flag is described here in
detail.
6.2.4.8.1 Sphere Outstanding
A Sphere Outstanding flag is raised when either of the Remote Sphere Counters indicates a
value greater than the Local Sphere Counter. This flag is only raised in Receiver Mode.
The Sphere Outstanding flag will be cleared when both Remote Sphere Counters indicate a
value that is equal to or less than the Local Sphere Counter (i.e. all outstanding spheres are
received or the counters are reset by the operator).
6.2.4.8.2 Remote Sphere Detector Fault
If the Remote Sphere Counters differ one from another (in the case where two remote
detectors are installed); OR if the Local Sphere Counter indicates a value greater than any of
the Remote Sphere Counters (i.e. the local sphere detector detects a sphere and the remote
detector/s do not), a remote detector fault alarm is generated. This flag is only raised in
Receiver Mode.
The Remote Sphere Detector Fault flag is cleared when all the sphere detector counters are
reset (set to zero).
6.2.4.8.3 Remote Sphere Detected
If either remote sphere detector is activated, the operator will receive an alarm “Remote
Sphere detected” in receiver mode. This Alarm condition is automatically cleared after a
configurable time (default 10 seconds).
6.2.4.8.4 Incoming Sphere Not Received
If either Remote Sphere Detector switch is triggered and a timer (configurable in the PLC)
has elapsed from time of detection, before the Local Sphere Detector switch is triggered, an
Incoming Sphere Not Received flag is raised. This flag is only raised in Receiver Mode.
The Incoming Sphere Not Received flag is automatically cleared after configurable time
(default 10 seconds).
6.2.4.8.5 Sphere Detected - Receiver Not Online
When a pig or sphere has been detected by a Remote Sphere Detector switch i.e. the Sphere
Outstanding flag is raised, and the Receiver is either;
not Online (as determined by valve status) and not Ready OR,
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 49 of 363
Page 49 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
device failure while running the Online sequence OR,
receiver not online timer (configured as the time it takes the Receiver to reach an
Online state) has expired;
a Sphere Detected – Receiver Not Online flag is raised. Note that if the receiver is not Online
and not Ready, the flag is set immediately. This flag is only set in Receiver Mode.
The Receiver Not Online flag is cleared if the Receiver is placed online or when both Remote
Sphere Counters indicate a value that is equal to or less than the Local Sphere Counter (i.e.
all outstanding spheres are received or the counters are reset by the operator).
6.2.4.8.6 Receiver Not Primed
The Receiver Not Primed flag is the inverse of Level Full, refer to Section 6.2.4.8.13.
6.2.4.8.7 Receiver Trap Full
If the Local Sphere Counter reaches capacity – 1, configured in the PLC, a Trap Full flag is
raised. The default capacity is set at 7. This flag is only raised in Receiver Mode.
The Trap Full flag is cleared when the Local Sphere Counter is reset to zero.
6.2.4.8.8 Receiver Trap Fault
If a Trap Full flag is raised and another remote pig or sphere is detected a Trap Fault flag is
raised.
The Trap Fault flag is cleared when the Local Sphere Counter is reset to zero.
6.2.4.8.9 Receiver Fault
The Receiver fault flag is set when a Sphere Detected - Receiver Not Online or a Trap Fault
Alarm condition is detected. This status is communicated to Line Wide Control as part of
Station Statuses.
6.2.4.8.10 Receiver Flow-path
The Receiver Flow-path flag is raised whenever the Receiver has a valid flow-path as defined
in Section 6.2.4.3.
6.2.4.8.11 Receiver Not Flushed
The Not Flushed flag is raised under the following conditions:
Receiver Flush Online request initiated
AND
device failure while running the Online sequence OR Receiver Not Online timer
(configured as the time it takes the Receiver to reach an Online state) has expired.
The Not Flushed flag is cleared if the Receiver is placed online as determined by valve status.
6.2.4.8.12 Possible Hotspot
Should a Receiver not be flushed (i.e. the "Receiver Not Flushed" flag is raised) AND an
Interface is not present in the Online route (Interface in Station Flag set High), and the
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 50 of 363
Page 50 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Receiver moves from an Offline state (as determined by valve status), a Possible Hotspot flag
is raised.
This alarm is cleared when the Receiver goes Online.
6.2.4.8.13 Level Full
The Level Full indication is provided when both the Receiver High Level switch (LSH x02) and
the Receiver Low Level switch (LSL x01) indicate a High level. Substitute (operator action)
and override values (device fault) are used when determining this state.
6.2.4.8.14 Level Not Empty
The Level Not Empty indication is provided when the Receiver High Level switch (LSH x02)
indicates a Low level and the Receiver Low Level switch (LSL x01) indicates a High level.
Substitute (operator action) and override values (device fault) are used when determining
this state.
6.2.4.8.15 Level Empty
The Level Empty indication is provided when both the Receiver High Level switch (LSH x02)
and the Receiver Low Level switch (LSL x01) indicate a Low level. Substitute (operator
action) and override values (device fault) are used when determining this state.
6.2.4.8.16 Level Switches Fault
The Level Switches Fault indication is provided when the Receiver High Level switch (LSH
x02) indicates a high level and the Receiver Low Level switch (LSL x01) indicates a low level.
When either the high or low level switch is faulty (hardware fault, signal out of range), the
faulty switch automatically defaults to the override value of 7.77mA (low level). The faulty
level switch will thus be red in colour except for the case where the low level switch is in fault
and the high level switch indicates a high condition. In this implausible case, both level
switches will be blue in colour to indicate an implausible state.
6.2.4.9 Receiver Online Sequence
The Receiver Online Sequence is activated, if Ready, on receipt of:
an Online Request from the SCADA, OR
a signal from the Remote Sphere detector, if not Online, OR
a Receiver Flush Online Request
If Ready, the Receiver Inlet and Outlet valves are opened and on successful completion the
Bypass valve is closed.
The following conditions while the sequence is running will result in the sequence aborting,
complete with all associated alarming and event logging:
Any actuated valve Not Available (XV RxA, XV RxE, XV RxK)
Any Drain or Fill valve Not Closed (ZV RxU, ZV RxT, ZV FxA)
Any Inlet/Outlet ZV valve Not Opened (ZV RxB, RxF)
Level Switches Fault (LSH x02, LSL x01 in Fault or Implausible)
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 51 of 363
Page 51 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Placing the Group in Manual mode
See flow diagram for details:
7.2.1.1: Receiver R01 Online Sequence
6.2.4.10 Receiver Offline Sequence
The Receiver Offline Sequence is activated, if Ready, on receipt of:
an Offline Request from the SCADA
If Ready, the Receiver Bypass valve is opened and on successful completion, the Receiver
Inlet and Outlet valves are closed.
The following conditions while the sequence is running will result in the sequence aborting,
complete with all associated alarming and event logging:
Any actuated valve Not Available (XV RxA, XV RxE, XV RxK)
Any Drain or Fill valve Not Closed (ZV RxU, ZV RxT, ZV FxA)
Any Inlet/Outlet ZV valve Not Opened (ZV RxB, RxF)
Level Switches Fault (LSH x02, LSL x01 in Fault or Implausible)
Placing the Group in Manual mode
See flow diagram for details:
7.2.1.2: Receiver R01 Offline Sequence
6.2.5 Group Availability
6.2.5.1 Receiver Availability
The following conditions will render the Receiver Device Group “Not Available”.
Condition Text Logic
Receiver Not Primed Receiver Not Primed Refer to Section 6.2.4.8.6
Receiver Trap Full and Offline
Receiver Trap Full & Offline Refer to Section 6.2.4.8.7 and Section 6.2.4.2.2
Sphere Outstanding and
Online
Sphere Outstanding & Online Refer to Section 6.2.4.8.1 and
Section 6.2.4.2.1
XV RxA Not Available XVRxA Not Avail Refer to [3]
XV RxE Not Available XVRxE Not Avail Refer to [3]
XV RxK Not Available XVRxK Not Avail Refer to [3]
ZV RxB Not Open ZVRxB Not Opened Refer to [3]
ZV RxF Not Open ZVRxF Not Opened Refer to [3]
ZV RxT Not Closed ZVRxT Not Closed Refer to [3]
ZV RxU Not Closed ZVRxU Not Closed Refer to [3]
ZV FxA Not Closed ZVFxA Not Closed Refer to [3]
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 52 of 363
Page 52 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Condition Text Logic
Level Switches Fault Level Switches Fault Refer to Section 6.2.4.8.16
Table 6.2-1: Receiver Availability
6.2.6 Group Status
6.2.6.1 Receiver Group Status
The following status indications are to keep the Operator informed of the status of the
Receiver.
6.2.6.1.1 Group Alarm Status Indication
The following Group Alarm Statuses are configured using display LEDs which are grey in the
inactive condition and red in the active condition, with an associated alarm. Refer to the
ACDB (1) for details, including the text to be used for the alarm messages.
Condition Text Logic
Sphere Detected - Receiver Not Online
Sphere Det-Receiver Not Online
Refer to Section 6.2.4.8.5
Possible Hotspot Possible Hotspot Refer to Section 6.2.4.8.12
Incoming Sphere Not
Received
Incoming Sphere Not Received Refer to Section 6.2.4.8.4
Receiver Trap Full Receiver Trap Full Refer to Section 6.2.4.8.7
Receiver Trap Fault Receiver Trap Fault Refer to Section 6.2.4.8.8
Remote Sphere Detector
Fault
Remote Sphere Detector Fault Refer to Section 6.2.4.8.2
Level Switches Fault Level Switches Fault Refer to Section 6.2.4.8.16
Remote Sphere Detected Remote Sphere Detected Refer to Section 6.2.4.8.3
Table 6.2-2: Receiver Group Alarm Status
6.2.6.1.2 Group Error Status Indication
The following Group Error Statuses are configured using display LEDs which are grey in the
inactive condition and red in the active condition, with an associated event. Refer to the
ACDB (2) for details, including the text to be used for the event messages.
Condition Text Logic
No Valid Flow-path No Valid Flow-path Refer to Section 6.2.4.3
Receiver Not Flushed Receiver Not Flushed Refer to Section 6.2.4.8.11
Table 6.2-3: Receiver Group Error Status
6.2.6.1.3 Group Information Status Indication
The following Group Information Statuses are configured using display LEDs which are grey
in the inactive condition and green in the active condition, with an associated event. Refer to
the ACDB (2) for details, including the text to be used for the event messages.
Condition Text Logic
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 53 of 363
Page 53 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Level Full Level Full Refer to Section 6.2.4.8.13
Level Not Empty Level Not Empty Refer to Section 6.2.4.8.14
Level Empty Level Empty Refer to Section 6.2.4.8.15
Table 6.2-4: Receiver Group Information Status
6.2.7 Group Interlocks
6.2.7.1 Hardwired Interlocks
None defined.
6.2.7.2 PLC Interlocks
6.2.7.2.1 X0x: FS x01 No Flow
If a low flow (FS x01) is detected for a configurable time (default 5s) after the pump is
started, the Receiver Transfer Pump (X0x) will be interlocked off. This interlock and
associated alarm is blocked if the Pump is not running.
6.2.7.2.2 X0x: IT x01 Current Low
If an alarm low current (IT x01) is detected for a configurable time (default 5 seconds) and
the pump is running, the Rx Transfer pump (X0x) will be interlocked off. This interlock and
associated alarm is blocked if the Pump is not running.
6.2.7.2.3 X0x: LT x31 Sump Level High
If the Manifold Sump Tank Level High Alarm (LT x31) is reached the Receiver Transfer pump
(X0x) will be interlocked off.
6.2.8 Failure Modes
None defined.
6.2.9 Graphic Representation
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 54 of 363
Page 54 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.3 Launcher
This section is associated with the control and monitoring of the Launcher Device Group.
Launchers are used to introduce spheres, batching pigs and scraper pigs into the pipeline and
are installed on most Stations.
6.3.1 Group Description
The Launcher group can be controlled in automatic or in manual, whilst Launcher
Pressurisation and Sphere Loading remain local operations. This Functionality requires the
installation of Motorised Actuators on the Bypass, Inlet, Discharge and Launcher Valves, as
well as the installation of both Low and High Level Switches on the Launcher to ensure
successful Pressurisation prior to being switched online.
The Launcher is a pressure vessel and thus a local pressure gauge is installed on the
Launcher to provide local indication of the pressure within the Launcher Barrel. A loaded
sphere counter is implemented in the SCADA to indicate the amount of spheres available for
launching.
Where required, double block and bleed valves will be installed at the outlet of the Launcher
as well as on the kicker line. These double block and bleed valves have been installed as
safety isolation valves to be utilized during maintenance and or Pig / sphere loading.
A Sphere Detector and Launcher Densitometer are installed directly after the Launcher in
order to monitor interface handling and sphere launching (watchdog).
It shall be noted that three different types of spheres are used as follows: -
Batching Pigs (loaded from the launcher barrel)
Cleaning Pigs (loaded from the launcher barrel)
Spheres (loaded into the launcher magazine)
Receiver/Launcher Transfer Tanks may be installed and used to hold launcher product during
draining operations. This product is then re-introduced back into the launcher before being
placed back on line. Use of transfer tanks is intended to reduce the amount of intermix
created during maintenance operations. These facilities comprise of a transfer tank, routing
valves, and transfer pump. This operation is intended to be a manual operation, locally
controlled by the operator. The valves are thus hand-operated, and the pump locally
controlled. No level transmitter is installed on the transfer tank.
Control and monitoring functionality is achieved via the following devices:
Instruments
Launcher Sphere Detector ZI x11
Launcher Low Level LSL x11
Launcher High Level LSH x12 Launcher Transfer Pump X06 Flow FS x11
Station Outlet Sample Flow FS x21 Launcher Transfer Pump X06 Current IT x11
Valves
Launcher Inlet Valve XV LxA
Launcher Inlet Valve ZV LxB
Launcher Outlet valve XV LxE
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 55 of 363
Page 55 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Launcher Outlet Valve ZV LxF
Launcher Bypass valve XV LxK Launcher Inlet Bleed valve ZV LxT
Launcher Outlet Bleed valve ZV LxU
Launcher Transfer Valve ZV FxA Launcher Transfer Tank Inlet Valve ZV FxB
Launcher Transfer Tank Outlet Valve ZV FxE Launcher Transfer Pump 4-way Valve ZV FxR
Drives
Launcher Transfer Pump X0x
6.3.1.1 Functional Layout of Launcher
To have clarity when describing the function of the Launcher, the layout and position of the
most important valves and instrumentation must be defined.
The diagram below shows the functional layout of the Launcher indicating where the valves
and instrumentation are located.
XVL1A
XVL1K
XVL1E
ZI 111
0
TNI ZVL1F
ZVL1B
LSL 111
LSH 112
XVL1Y
DT 112
7
Loaded Sphere CounterXVL1X
ZV
L1U
ZV
L1T
F06
X06FS111
ZV
F6R
ZV
F6B
ZV
F6E
ZV
F6A
Figure 6.3-1: Functional Layout of the Launcher
6.3.2 Modes of Control
The Launcher may be controlled from the PCS either locally at the Station or remotely from
the MCC.
6.3.3 Modes of Operation
All devices related to the Launcher shall have the following three Modes of Operation:
Local
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 56 of 363
Page 56 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Manual
Automatic
6.3.4 Group Functionality
6.3.4.1 Mode
A single software control module has been developed to cater for both receiver and launcher
device group functionality. Receiver or launcher functionality is selected by means of the
Mode selector and is either hard-coded for uni-directional receivers/launchers or
automatically changed based on flow direction for bi-directional receivers/launchers.
6.3.4.2 Launcher States
6.3.4.2.1 Launcher Online/Flushing
The Launcher is in an Online/Flushing state if:
XV LxA Opened AND
ZV LxB Opened AND
XV LxE Opened AND
ZV LxF Opened AND
XV LxK Closed
6.3.4.2.2 Launcher Offline
The Launcher is in an Offline state if:
XV LxA Closed AND
XV LxE Closed AND
XV LxK Opened
6.3.4.3 Launcher No Valid Flow-path Status
A Valid Flow-path for the Launcher exists if the following conditions are met:
XV LxK
OR
XV LxA AND
ZV LxB AND
XV LxE AND
ZV LxF
Note that the "Open OR Wirebreak" state is required from each device.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 57 of 363
Page 57 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.3.4.4 Sphere Counter Control
6.3.4.4.1 Launcher sphere counter
The Sphere detector ZI x11 is used to provide input for a software implemented Sphere
counter in Launcher mode. If the Launcher Sphere detector is triggered, the Launcher Sphere
counter is incremented to indicate the number of pigs/spheres launched.
The Launcher Sphere detector counter can be reset (set to zero) in the following ways:
Operator command
Change in Mode (Launcher/Receiver)
6.3.4.4.2 Launcher Sphere Loaded counter
A software implemented Sphere Loaded counter is used to keep track of spheres loaded in
the Launcher barrel.
Before a sphere can be launched, they need to be loaded. The operator will drain the
launcher until the level has dropped below the magazine i.e. not high level. He will then load
the spheres into the magazine and pressurize the launcher again until the high level is made.
On successful completion of sphere loading, the operator shall enter the number of spheres
loaded into the input field. The Sphere Loaded Counter input field is enabled at all times.
Upon a successful launch, the Sphere Loaded counter is decremented to indicate remaining
spheres in the Launcher magazine.
6.3.4.5 Double Block and Bleed Valves
Double block and bleed valves are installed at the inlet of the Launcher as well as on the
kicker line, in addition to the existing Launcher Inlet and Outlet valves. These double block
and bleed valves have been installed as safety isolation valves to be utilized during
maintenance and or pig or sphere removal.
The first block valve on both the inlet and outlet are actuated and controlled during the
normal Launcher operation.
The second block valve and bleed valve on both the inlet and outlet of the Launcher are hand
operated, with the block valve being left open and the bleed valve closed during normal
operation. These valves will then be hand-operated during maintenance and or pig or sphere
insertion. Both these valves will have feedback interfaced to the control system and will form
part of the availability of the Launcher.
6.3.4.6 Launcher Flushing
A Launcher Flush Online Request is activated, on receipt of:
an Flush Online Request from the SCADA, if not Online OR
a Manifold Flush Request from the SCADA Overview Screen, if not Online (Station
dependent) OR
a Route change (Station dependent)
On receipt of a Launcher Flush Online Request, the Launcher Online Sequence is initiated if
Ready and not already online.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 58 of 363
Page 58 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Flushing will be terminated by initiating the Launcher Offline Sequence, based on operator
request.
A “Not flushed” status is determined by a device group not being placed on flush within a
configurable time (configurable within the PLC, for each device group) after flushing is
initiated.
6.3.4.7 Launcher Flags
These flags are raised by the process control software as configured on the Launcher block.
The flags are used to generate Group Status Indications, Group Availability Indications and
for Group Event and Group Alarm logging. The triggering of each flag is described here in
detail.
6.3.4.7.1 Launcher Flow-path
The Launcher Flow-path flag is raised whenever the Launcher has a valid flow-path as
defined in Section 6.3.4.3.
6.3.4.7.2 Launcher Not Flushed
The Not Flushed flag is raised under the following conditions:
Launcher Flush Online request initiated
AND
device failure while running the Online sequence OR Launcher Not Online timer
(configured as the time it takes the Launcher to reach an Online state) has expired.
The Not Flushed flag is is cleared if the Launcher is placed online as determined by valve
status.
6.3.4.7.3 Possible Hotspot
Should a Launcher not be flushed (i.e. the "Launcher Not Flushed" flag is raised) AND an
Interface is not present in the Online route (interface in station flag set high), and the
Launcher moves from an Offline state (as determined by valve status), a Possible Hotspot
flag is raised.
This alarm is cleared when the Launcher goes Online.
6.3.4.7.4 Magazine Empty
The Magazine Empty flag is raised if no spheres are remaining in the launcher magazine
(Loaded Sphere Count =0) to warn the operator.
6.3.4.7.5 Pig Launched
A message “Pig Launched” is displayed on the barrel of the launcher if the Launcher sphere
detector switch is activated and the Launcher valve is not open.
This message is cleared if:
A sphere is launched successfully i.e. the Launcher valve is open and a sphere is
detected within a configurable time.
ZIx11 counter is reset (operator password protected) and indicate “0”
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 59 of 363
Page 59 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Mode is changed to receiver
6.3.4.7.6 Sphere Launched
A Sphere Launched flag is pulsed when the Launcher Sphere Detector switch is activated and
the Launcher valve is open.
6.3.4.7.7 Sphere Failed to Launch
The Sphere Failed to Launch indication is provided when a sphere has been launched but not
detected after a time configured in the PLC. This Alarm condition is automatically cleared
after a configurable time (default 10 seconds).
6.3.4.7.8 Launcher Not Primed
The Launcher Not Primed is the inverse of Level Full, refer to Section 6.3.4.7.10
6.3.4.7.9 Sample Point Monitoring
When sampling from the density hut, a flow switch, FS x21, is used to trigger an event for
recording purposes. The signal is held active for 2 seconds.
6.3.4.7.10 Level Full
The Level Full indication is provided when both the Launcher High Level switch (LSH x12)
and the Launcher Low Level switch (LSL x11) indicate a High level. Substitute (operator
action) and override values (device fault) are used when determining this state.
6.3.4.7.11 Level Not Empty
The Level Not Empty indication is provided when the Launcher High Level switch (LSH x12)
indicates a Low level and the Launcher Low Level switch (LSL x11) indicates a High level.
Substitute (operator action) and override values (device fault) are used when determining
this state.
6.3.4.7.12 Level Empty
The Level Empty indication is provided when both the Launcher High Level switch (LSH x12)
and the Launcher Low Level switch (LSL x11) indicate a Low level. Substitute (operator
action) and override values (device fault) are used when determining this state.
6.3.4.7.13 Level Switches Fault
The Level Switches Fault indication is provided when the Launcher High Level switch (LSH
x12) indicates a high level and the Launcher Low Level switch (LSL x11) indicates a low level.
When either the high or low level switch is faulty (hardware fault, signal out of range), the
faulty switch automatically defaults to the override value (low level). The faulty level switch
will thus be red in colour except for the case where the low level switch is in fault and the
high level switch indicates a high condition. In this implausible case, both level switches are
blue in colour to indicate an implausible state.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 60 of 363
Page 60 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.3.4.7.14 Sphere Loaded (Launcher Pins only)
The Sphere Loaded Flag will be set 5 seconds (configurable) after receipt of the open
indication of the Load Valve. The loaded indication will be reset upon detection of a
successful Launch Flag.
6.3.4.8 Launcher Sequences
6.3.4.8.1 Launcher Online Sequence
The Launcher Online Sequence is activated, if Ready, on receipt of:
an Online Request from the SCADA
Launcher Flush Online request
If Ready, the Launcher Inlet and Outlet valves are opened and on successful completion the
Bypass valve is closed.
The following conditions while the sequence is running will result in the sequence aborting,
complete with all associated alarming and event logging:
Any actuated launcher valve Not Available (XV LxA, XV LxE, XV LxK)
OR
Any launcher hand valve Not Opened (ZV LxB, ZV LxF) OR
Any Drain or Fill valve Not Closed (ZV LxU, ZV LxT, ZV FxA) OR
Level Switches Fault (LSH x12, LSL x11 in Fault or Implausible) OR
Placing the Group in Manual mode
See flow diagram for details:
7.2.2.1: Launcher L01 Online Sequence
6.3.4.8.2 Launcher Offline Sequence
The Launcher Offline Sequence is activated, if Ready, on receipt of:
an Offline Request from the SCADA
If Ready, the Launcher Bypass valve is opened and on successful completion, the Launcher
Inlet and Outlet valves are closed.
The following faults while the sequence is running will result in the sequence aborting,
complete with all associated alarming and event logging:
Any actuated launcher valve Not Available (XV LxA, XV LxE, XV LxK)
OR
Any launcher hand valve Not Opened (ZV LxB, ZV LxF) OR
Any Drain or Fill valve Not Closed (ZV LxU, ZV LxT, ZV FxA) OR
Level Switches Fault (LSH x12, LSL x11 in Fault or Implausible) OR
Placing the Group in Manual mode
See flow diagram for details:
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 61 of 363
Page 61 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
7.2.2.2: Launcher L01 Offline Sequence
6.3.5 Group Availability
6.3.5.1 Launcher Availability
The following conditions render the Launcher Device Group “Not Available”.
Table 6.3-1: Launcher Availability
6.3.6 Group Status
6.3.6.1 Group Alarm Status Indications
The following Group Alarm Statuses are configured using display LEDs which are grey in the
inactive condition and red in the active condition, with an associated alarm. Refer to the
Alarm Configuration Database (3) for details including text to be used for the message.
Condition Text Logic
Possible Hotspot Possible Hotspot Refer to Section 6.3.4.7.3
Pig Launched Pig Launched Refer to Section 6.3.4.7.5
Level Switch Fault Level Switch Fault Refer to Section 6.3.4.7.13
Sphere Failed to Launch
Sphere Failed to Launch
Refer to Section 6.3.4.7.7
Table 6.3-2: Launcher Group Alarm Status
6.3.6.2 Group Error Status Indications
The following Group Error Statuses are configured using display LEDs which are grey in the
inactive condition and red in the active condition, with an associated event. Refer to the
Alarm Configuration Database (3) for details including text to be used for the message.
Condition Text Logic
Condition Text Logic
Launcher Not Primed Launcher Not Primed Refer to Section 6.3.4.7.8
XV LxA Not Available XVLxA Not Avail Refer to [3]
XV LxE Not Available XVLxE Not Avail Refer to [3]
XV LxK Not Available XVLxK Not Avail Refer to [3]
ZV LxB Not Opened ZVLxB Not Opened Refer to [3]
ZV LxF Not Opened ZVLxF Not Opened Refer to [3]
ZV LxT Not Closed ZVLxT Not Closed Refer to [3]
ZV LxU Not Closed ZVLxU Not Closed Refer to [3]
ZV FxA Not Closed ZVFxA Not Closed Refer to [3]
Level Switches Fault Level Switches Fault Refer to Section 6.3.4.7.13
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 62 of 363
Page 62 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Condition Text Logic
Launcher Not Flushed
Launcher Not Flushed
Refer to Section 6.3.4.7.2
Loaded Sphere Counter Inhibited
Loaded Sphere Counter Inhibited
Refer to Section 6.3.4.4.2
No Valid Flow-path
No Valid Flow-path Refer to Section 6.3.4.7.1
Table 6.3-3: Launcher Group Error Status
6.3.6.3 Group Information Status Indications
The following Group Information Statuses are configured using display LEDs which are grey
in the inactive condition and green in the active condition, with an associated event. Refer to
the Alarm Configuration Database (3) for details including text to be used for the message.
Condition Text Logic
Level Full Level Full Refer to Section 6.3.4.7.10
Level Not Empty Level Not Empty Refer to Section 6.3.4.7.11
Level Empty Level Empty Refer to Section 6.3.4.7.12
Sphere Loaded Sphere Loaded Refer to Section 6.3.4.7.14
Magazine Empty Magazine Empty Refer to Section 6.3.4.7.4
Table 6.3-4: Launcher Group Information Status
6.3.7 Additional Device Alarms
None defined.
6.3.8 Group Interlocks
The following group interlocks are defined for the Launcher Device Group:
6.3.8.1 Hardwired Interlocks
None defined.
6.3.8.2 PLC Interlocks
6.3.8.2.1 X0x: Launcher Transfer Pump No Flow
Launcher Transfer Pump X0x is interlocked off if there is no flow after the pump has been
running for a configurable time as determined by flow switch FS x11. This interlock and
associated alarm is blocked if the pump is not running.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 63 of 363
Page 63 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.3.8.2.2 X0x: Launcher Transfer Pump Under-Current
Launcher Transfer Pump X0x is interlocked off if there is a under current after the pump has
been running for a configurable time as determined by IT x11. This interlock and associated
alarm is blocked if the pump is not running.
6.3.9 Failure modes
None defined.
6.3.10 Graphic Representation
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 64 of 363
Page 64 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.4 Launcher Interface Handling
6.4.1 Group Description
Interface Handling (Sphere Launching) shall be controllable manually, whilst Launcher
Pressurisation and Sphere Loading remain local operations.
Two types of launcher exist within Transnet pipelines; namely those with single launcher
valves (XVLxX), and those with two launcher pins (XVLxX and LxY).
A Sphere Detector and Launcher Densitometer are installed directly after the Launcher in
order to monitor interface handling and sphere launching (watchdog).
No automatic sphere table functionality is provided for launching of spheres. Launching may
only be done via operator request. Launching of spheres will be time dependent
(configurable) when launching from the density hut, and not volume displacement
dependent. A launch command from the SCADA is not time delayed.
It should be noted that three different types of spheres are used as follows: -
Batching Pigs (loaded from the launcher barrel)
Cleaning Pigs (loaded from the launcher barrel)
Spheres (loaded into the launcher magazine)
All control associated with this device group is implemented in the HP Routing PLC.
Instruments
Launcher Density DT x12
Valves
Launcher Launch Valve XV LxX
Launcher Load Valve (Launcher Pins only) XV LxY
6.4.2 Modes of Control
Launcher Interface Handling may be controlled from the PCS either locally at the Station or
remotely from the MCC.
6.4.3 Modes of Operation
All devices related to Launcher Interface Handling shall have the following two Modes of
Operation:
Local
Manual
6.4.4 Group Functionality
6.4.4.1 Volume Calculation
Launching of spheres will be time dependent (configurable) when launching from the field
launcher panel and not volume displacement dependent. A launch command issued from the
SCADA is not time delayed.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 65 of 363
Page 65 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.4.4.2 Launch Valve Control
The Launch valve is opened in Manual on a:
Manual Open request from the SCADA
The Launch valve is interlocked open in Manual on a:
Density Hut Launch valve Open request
The Launch valve is closed in Manual on a:
Manual Close request from the SCADA
The Launch valve is interlocked closed in Manual on a:
the Successful Sphere Launch flag is pulsed, OR
the Failed Sphere Launch flag is pulsed, OR
Density Hut Launch valve Close request
6.4.4.3 Load Valve Control (Launcher Pins only)
A sphere is loaded if the load valve is open for 5 sec (configured in the PLC). This indication
is reset if the launch is successful. The loaded indication does not depend on the number on
the loaded sphere counter.
The load valve is opened in manual on a:
Load valve manual open request
The load valve is interlocked open in manual on a:
Density hut load valve open request
The load valve is closed in manual on a:
Load valve manual close request
The load valve is interlocked closed in manual on a:
Sphere loaded indication, OR
Density hut load valve close request
6.4.4.4 Density Hut Control
It is possible to control the Launcher valve from the density hut in Manual mode of operation.
The Launcher valve is opened and if the Launcher valve is Open and the Sphere Detector
switch is activated or on a timeout, a close request is automatically issued. It is however
possible to issue a close command from the density hut before it is closed automatically.
It is possible to open the Launcher valve regardless of the value in the loaded sphere
counter.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 66 of 363
Page 66 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.4.4.5 Interface Handling Flags
6.4.4.5.1 Successful Sphere Launch
The Successful Sphere Launch flag is pulsed for 2 seconds (configurable) when the Launch
valve has been opened and the Sphere Detector switch is triggered before the launch timer
has expired.
The launch timer is started when the Launch valve is fully opened.
6.4.4.5.2 Failed Sphere Launch
The Failed Sphere Launch flag is pulsed for 10 seconds (configurable) when the Launch valve
has been opened and a launch timer is expired before the Sphere Detector switch is
triggered.
The launch timer is started when the Launch valve is fully opened.
6.4.4.6 Density Hut Launcher Panel DHx1
Density Hut Launcher Panel DHx1 makes provision for the following functionality:
6.4.4.6.1 Selector Switch
Where a Launch Panel is required to control multiple launchers, a selector switch may be
provided enabling the operator the ability to select the launcher required for launching.
Commands issued and status indicated is determined by the launcher that has been selected
on the panel.
6.4.4.6.2 Command Push-Buttons
The launcher panel makes provision for the operator to issue the following commands to the
control system:
Launch Valve Open Request (XS x11)
Launch Valve Closed Request (XS x12)
Reset Sphere Detector Request (XS x13)
Load Valve Open Request (XS x14)
Load Valve Closed Request (XS x15)
6.4.4.6.3 Indication Lamps
The launcher panel makes provision for the following status indications from the control
system to the operator.
Launch Available Indication (XI x11) - Lamp (Green)
Launch Valve Open Indication (XI x12) - Lamp (Green)
Launch Valve Closed Indication (XI x13) - Lamp (Red)
Reset Sphere Detector Indication (XI x14) - Lamp (Amber)
Load Valve Open Indication (XI x15) - Lamp (Green)
Load Valve Closed Indication (XI x16) - Lamp (Red)
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 67 of 363
Page 67 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Sphere Loaded Indication (XI x17) - Lamp (Amber)
6.4.5 Group Availability
6.4.5.1 Density Hut Launch Availability
The following conditions render a Density Hut Launch “Not Available” and Load and Launch
valve open and close commands will be inhibited.
Condition Logic
Launcher Not Online Refer to Section 6.3.4.2.1
XV LxY Not Available Refer to [3]
XV LxX Not Available Refer to [3]
Launcher Not Primed Refer to Section 6.3.4.7.8
Table 6.4-1: Density Hut Launch Availability
6.4.6 Group Status
6.4.6.1 Launcher 3 Interface Handling Group Status
6.4.6.1.1 Group Alarm Status Indication
None defined.
6.4.6.1.2 Group Error Status Indication
None defined.
6.4.6.1.3 Group Information Status Indication
None defined.
6.4.7 Group Interlocks
6.4.7.1 Hardwired Interlocks
None defined.
6.4.7.2 PLC Interlocks
6.4.7.2.1 XV LxX: Launcher Valve (Launcher Pins only)
The launcher valve (XV LxX) is interlocked closed if the load valve (XV LxY) is not closed.
6.4.7.2.2 XV LxY: Load Valve (Launcher Pins only)
The load valve (XV LxY) is interlocked closed if the launcher valve (XV LxX) is not closed.
6.4.8 Failure modes
None defined.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 68 of 363
Page 68 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.4.9 Graphic Representation
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 69 of 363
Page 69 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.5 MV Booster Pump Sets – DOL
This section is associated with the control and monitoring of MV Booster Pump Set – DOL
Device Groups.
MV Booster Pump Sets – DOL associated with this device group are installed Island View and
Jameson Park Terminals.
6.5.1 Group Description
This section covers Medium Voltage, direct-online driven pump sets used in booster pump
applications on IVW and JMP Terminals. These pump-sets are not equipped with individual
Lube Oil Systems. They are equipped with Machine Monitoring Systems (GE System 1, based
on Bentley Nevada 3500 sensing equipment). These MMS signals are interfaced to the PLC
via hardwired and Modbus RS-422 interfaces.
Note: For Hazardous Area Classification reasons, these booster pumps may be fitted with
twin seal arrangements.
This control and monitoring functionality is achieved via the following devices:
6.5.1.1 Signals Interfaced from the Field to the PLC via Hardwired Interface
Instruments (Typically)
Booster Pump Bxx Suction Pressure PT xx1
Booster Pump Bxx Discharge Pressure PT xx2 Booster Pump Bxx Flow FT xx1A
Booster Pump Bxx Flow (for future use) FT xx1B Booster Pump Bxx Casing Temperature TT xx4
Booster Pump Bxx NDE Seal Leak Detection(i)
LSH xx1
Booster Pump Bxx DE Seal Leak Detection(i)
LSH xx2
Booster Pump Bxx Motor Winding Temperature A(i)
TT xx7A
Booster Pump Bxx Motor Winding Temperature B(i)
TT xx7B
Booster Pump Bxx Motor Winding Temperature C(i)
TT xx7C
Valves
Booster Pump Bxx Suction Valve ZV BxxA Booster Pump Bxx Discharge Valve ZV BxxF
Booster Pump Bxx Discharge Valve XV BxxE
Heater
Booster Pump Bxx Motor Heater On Request BxxH IRC
Drives
Booster Pump Bxx(i)
Bxx
Control Valves
Bxx Spillback Flow Control Valve CV BxxJ*
6.5.1.2 Signals Interfaced from the Electrical Switchgear to the PLC via Hardwired
Interface
Typical electrical interface for Booster Pump Set Breakers installed on stations associated
with the 24” MPP Pipeline is as follows:
MV01 Bxx Running (i)
MV01Bxx PON
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 70 of 363
Page 70 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
MV01 Bxx Stopped (i)
MV01Bxx POF
MV01 Bxx In Local (i)
MV01Bxx SLO
MV01 Bxx Electrical Latched Trip (i)
MV01Bxx ETR
MV01 Bxx Electrical Non-Latched Trip (i)
MV01Bxx ETP
MV01 Bxx Remote Emergency Stop (i)
MV01Bxx RES
MV01 Bxx Multi-Start Inhibit (i)
MV01Bxx SPH
MV01 Bxx Start Request (i)
MV01Bxx IRC
MV01 Bxx Stop Request (i)
MV01Bxx IRT
MV01 Bxx Process Trip Request (i)
MV01Bxx PTR
MV01 Bxx Mechanical Trip Request (i)
MV01Bxx TVR1
Mv01 Bxx Current (i)
IT xx1
6.5.1.3 PLC - MMS Interface
6.5.1.3.1 Signals Interfaced between the PLC – MMS (Modbus Interface)
The following signals are interfaced between the PLC and MMS System via Modbus interface:
Booster Pump Bxx Pump Thrust Bearing Temp TT xx1A/B Booster Pump Bxx Pump NDE Journal Bearing Temp TT xx2A/B
Booster Pump Bxx Pump DE Journal Bearing Temp TT xx3A/B Booster Pump Bxx NDE Bearing Vibration ST xx1
Booster Pump Bxx DE Bearing Vibration ST xx2
Booster Pump Bxx Keyphase KT xx2
Booster Pump Bxx Motor DE Radial Bearing Temp TT xx5A/B Booster Pump Bxx Motor NDE Radial Bearing Temp TT xx6A/B
Booster Pump Bxx Motor DE Bearing Vibration ST xx3 Booster Pump Bxx Motor NDE Bearing Vibration ST xx4
6.5.1.3.2 PLC / MMS Hardwired signals (MMS)
The following signals are interfaced between the PLC and MMS System via hardwired
interface:
Booster Pump Bxx MMS Fail (i)
Bxx BNARM
Booster Pump Bxx Pump High Vibration Alarm(i)
P0x SSH0x1
Booster Pump Bxx Motor High Vibration Alarm(i)
P0x SSH0x2
Booster Pump Bxx Pump Radial Bearing High Temperature Alarm(i)
P0x TSH0x1
Booster Pump Bxx Motor Radial Bearing High Temperature Alarm(i)
P0x TSH0x2
Booster Pump Bxx Pump High Vibration Trip(i)
P0x SSHH0x1
Booster Pump Bxx Motor High Vibration Trip(i)
P0x SSHH0x2
Booster Pump Bxx Pump Radial Bearing High Temperature Trip (i)
P0x TSHH0x1
Booster Pump Bxx Motor Radial Bearing High Temperature Trip(i)
P0x TSHH0x2
Booster Pump Bxx MMS Trip Multiply(i)
Bxx BNTM
Booster Pump Bxx MMS Trip Reset(i) Bxx BNRST
Booster Pump Bxx MMS Alarm Inhibit (Not Used) (i)
Bxx BNINH
6.5.1.3.3 PLC to System 1 Modbus signals (MMS System)
The following signals are interfaced via Modbus to the System 1 Server for diagnostic
purposes
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 71 of 363
Page 71 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Booster Pump Bxx Suction Pressure PT xx1
Booster Pump Bxx Discharge Pressure PT xx2 Booster Pump Bxx Flow FT xx1A
Booster Pump Bxx Seal Leak LSH xx1/2
Booster Pump Bxx Motor Winding Temperature A-C TT xx7A/B/C
6.5.2 Modes of Control
The Booster Pump Set may be controlled from the PCS either locally at the Station or
remotely from the MCC.
6.5.3 Modes of Operation
All devices related to the Booster Pump Set shall have the following three Modes of
Operation:
Local
Manual
Automatic
The Control Valve CV BxxJ has its own Mode of Operation, independent of the Group. Default
mode of operation is Auto.
6.5.4 Group Functionality
6.5.4.1 Maximum Demand Inhibit
Booster/Mainline Pumps are combined for maximum demand inhibit. This implies that only
one pump can be started at a time. In automatic, the pumps of each manifold are started in
the same order as the start commands were issued.
If a pump running feedback is detected, this pump sets a maximum demand inhibit for all the
other pumps. The maximum demand is active for the required delay time as preconfigured
per pump. Pump current is not used for the maximum demand inhibit.
6.5.4.2 Booster Pump States
6.5.4.2.1 Booster Pump No Valid Flow-path Status
If a Booster Pump No Valid Flow-path condition is detected, a group ‘No Valid Flow-path’ bit
is set.
A Valid Flow-path for the Booster Pump exists if the following conditions are met:
ZV BxxA (Open OR Wirebreak) AND
ZV BxxF (Open OR Wirebreak) AND
XV BxxE (Open OR Wirebreak)
6.5.4.2.2 Booster Pump Set Online Status
The Pump Set is in an Online state if:
ZV BxxA is Opened AND
ZV BxxF is Opened AND
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 72 of 363
Page 72 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
XV BxxE is Opened AND
Bxx is Running
6.5.4.2.3 Booster Pump Set Offline
The Pump Set is in an Offline state if:
XV BxxE is Closed AND
Bxx is Stopped
6.5.4.3 Motor Heater Control
Motor heater control is affected as follows:
Pump running feedback – motor heater off
Pump stopped feedback – motor heater on
6.5.4.4 Flushing
Booster Pump Flushing is not required as booster pumps are dedicated to single products.
6.5.4.5 Booster Pump Set Online Sequence
The Booster Pump Set Online sequence is activated on receipt of:
an Online Request from the SCADA
a Booster pump circulation online sequence request (station dependent)
If the group is not ready the sequence cannot be initiated.
Note: The first step of the online sequence checks if there is a flow-path through the rest of
the manifold before the sequence continues. If there is no flow-path through the rest of the
manifold the sequence is aborted.
The Online sequence performs the following functions:
Perform a trip reset on the relevant Bentley Nevada rack
Check if Bentley Nevada rack MMS healthy signal is present
Close the discharge valve.
Once the discharge valve is closed, and there is no Maximum demand inhibit from
another pump, start the booster pump (remote start signal (IRC) from PLC is pulsed).
Note the activation of the MMS trip multiplier is implemented within the device
typical.
Once the booster pump running feedback is received, reset the trip multiplier
function of Bentley Nevada system after 10s (configurable). Note the reset of the trip
multiplier is implemented within the device typical.
Once the booster pump running feedback is received for more than 5s
(configurable), open the discharge valve.
See flow diagram for details:
Figure 7.2-5: Booster Pump Set B01 Online sequence
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 73 of 363
Page 73 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
The following conditions while the sequence is running will result in the sequence aborting,
complete with all associated alarming and event logging:
ZVBxxA OR ZVBxxF Fault OR
XVBxxE Not Available OR
Bxx Not Available OR
No valid flow-path trip (Internal to sequence) OR
MMS not Healthy (Internal to sequence)
Placing the Group in Manual mode while the sequence is running will result in the sequence
aborting.
Note: The Booster Pump Offline Sequence is activated on receipt of an Online Sequence
Abort Status.
Note: The activate and reset of the “Trip Multiply” is included in the device typical to allow
these functions to be available in Manual and Local modes of operation.
6.5.4.6 Booster Pump Set Offline Sequence
The Booster Pump Set Offline sequence is activated on receipt of:
an offline request from the SCADA
a Booster pump circulation offline sequence request (station dependent)
due to the pump being tripped via PTR or TVR output
a device fault (Bxx OR XV BxxE) condition exists
a No Valid Flow-path trip condition exists
a flow low trip condition exists after a configurable time (default 5 sec) has elapsed
a tank level low trip condition exists when route online
an online sequence aborted
Offline sequence performs the following functions:
Stop the booster pump (remote stop signal (IRT) from PLC is removed)
On receipt of pump stopped feedback, close pump discharge valve XV BxxE. The
Spillback control valve CV BxxJ is interlocked closed when the Booster Pump is
stopped.
See flow diagram for details:
7.2.3.2Figure 7.2-6: Booster Pump Set B01 Offline sequence
Any faults encountered during the running of the offline sequence results in the sequence
continuing to completion. Placing the Group in Manual mode while the sequence is running
will result in the sequence aborting.
6.5.5 Group Availability
The following conditions render the Booster Pump Set Device Group “Not Available”.
Condition Text Logic
Bxx Not Available Bxx Not Avail Refer to [3]
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 74 of 363
Page 74 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
XV BxxE Not Available Or Interlocked
XV BxxE Not Avail or Intlk Refer to [3]
ZV BxxA Not Opened/WB
ZV BxxA Not Opened/Wb Refer to [3]
ZV BxxF Not Opened/WB
ZV BxxF Not Opened/Wb Refer to [3]
MMS Rack Failed MMS Rack Fail The MMS Rack Failed availability status indicates that a fault exists within the MMS rack associated with the pump.
Insufficient Power Available
Insufficient Power Available Refer to Section 6.5.8.2.3
Number of Starts Exceeded
Number Of Starts Exceeded Refer to Section 6.5.8.2.6
Table 6.5-1: Booster Pump Set Bxx Availability
A no flow path condition is not monitored for availability. The online sequence checks if there
is a flow-path in the first step before the sequence is executed. It is however possible to run
an offline sequence with a no flow path condition.
6.5.6 Group Status
6.5.6.1 Group Alarm Status Indications
The following Group Alarm Statuses are configured using display LEDs which are grey in the
inactive condition and red in the active condition, with an associated alarm. Refer to the
Alarm Configuration Database (3) for details including text to be used for the message.
Condition Text Logic
No Valid Flow-path Interlock
No Valid Flow-path Trip
Refer to Section 6.5.8.2.4
MMS Modbus failure
Bxx MMS Comms Fail The MMS Modbus Failure indication is provided when the Modbus communications link has failed.
Table 6.5-2: Booster Pump Set Bxx Group Alarm Status
6.5.6.2 Group Error Status Indications
The following Group Error Statuses are configured using display LEDs which are grey in the
inactive condition and red in the active condition, with an associated event. Refer to the
Alarm Configuration Database (3) for details including text to be used for the message.
Condition Text Logic
No Valid Flow-path Status
No Valid Flow-path Refer to Section 6.5.4.2.1
Insufficient Power Insufficient Power Refer to Section 6.5.8.2.3
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 75 of 363
Page 75 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Condition Text Logic
Available Available
Number of Starts Exceeded
Number Of Starts Exceeded
Refer to Section 6.5.8.2.6
Table 6.5-3: Booster Pump Set Bxx Group Error Status
6.5.6.3 Group Information Status Indications
None defined.
6.5.7 Additional Device Alarms
None defined.
6.5.8 Group Interlocks
6.5.8.1 Hardwired Interlocks
A hardwired MMS trip signal TVR2 is used to interlock the pump off independently of the
control system. When the TVR2 trip condition resets or returns to a healthy condition, the
TVR2 output is latched in the MMS and needs to be manually reset.
6.5.8.2 PLC Interlocks
To achieve control of the pump while in local the hardwired PTR and TVR1 trip signals are
used to interlock the pump off if required. When the PTR trip condition resets or returns to a
healthy condition the PTR output is reinstated. When the TVR1 trip condition resets or
returns to a healthy condition, the TVR1 output is latched in the electrical protection relay
and needs to be manually reset.
6.5.8.2.1 Bxx: Flow Low Trip (FT xx1A) (PTR)
If low flow (FT xx1A < xxxx L/min,) is detected for a configurable time (default 30 seconds)
on startup, the Booster Pump Set is tripped. This protection inoperative delay is used during
start-up to prevent spurious trips from occurring. This interlock’s associated alarm is blocked
if the pump is not running.
Trip after startup is instantaneous.
6.5.8.2.2 Bxx: Suction Pressure Low Trip (PT xx1) (PTR)
If a low suction pressure trip (PT xx1) is detected after a configurable time (default 10
seconds on startup), the Booster Pump Set is tripped. This protection inoperative delay is
used during start-up to prevent spurious trips from occurring. This interlock’s associated
alarm is blocked if the pump is not running.
Trip after startup is instantaneous.
6.5.8.2.3 Bxx: Insufficient Power Available Start Interlock
If insufficient power is available to run the Pump Set (either utility or MV Genset), this
interlock will prevent the pump set from starting in Auto, Manual and Local. Insufficient
Power Available is a signal generated within the Electrical Device Group.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 76 of 363
Page 76 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Refer to Section 6.27.4.2 for details.
6.5.8.2.4 Bxx: No Valid Flow-path Trip Interlock
If any of the valves, which block the flow through the booster pump and spillback, are not
open and not in Wirebreak, a “No Valid Flow-path” interlock is activated.
LP Route No Valid Flow-path
AND
(ZV BxxA Not Open AND Not Wirebreak AND
ZV BxxF Not Open AND Not Wirebreak)
6.5.8.2.5 Bxx: Axx Tank Low Level Trip
If a Route is Online (as determined by device status), and Pump Running, and a low level trip
is detected on the associated Accumulator Tank, the Booster Pump Set (Bxx) is tripped
(unless there is another route online to the same pump from a tank without a low level).
This alarm/trip is suppressed if there is no route online and the pump is not running.
6.5.8.2.6 Bxx: Number Of Starts Exceeded
In order to prevent the motor from overheating due to high inrush current, the number of
starts is limited within the EPR Relay. When the thermal energy count is exceeded, the EPR
Relay issues a Multi-Start Inhibit signal to the PLC. On receipt of Bxx_SPH, the Booster Pump
is prevented from starting via an interlock and an event message is generated.
The Booster Pump will not be interlocked off if it is already running, i.e. the signal inhibits the
start request only.
6.5.9 Failure Modes
None defined.
6.5.10 Graphic Representation
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 77 of 363
Page 77 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.6 Booster Pump Bxx Flow Control
This section is not a device group on its own, but these devices and associated control forms
part of the MV Booster Pump Set Bxx device group.
MV Booster Pump Sets – DOL associated with this device group are installed Island View and
Jameson Park Terminals.
6.6.1 Group Description
The flow control valve is either under closed- (automatic) or open-loop (manual) control to
control the spillback flow.
There is no pressure (ICP or SDP) override configured on this control valve.
Flow control is based on the booster pump uncompensated flow.
This control and monitoring functionality is achieved via the following devices:
Valves
Bxx Spillback Flow Control Valve CV BxJ
Instrumentation
Booster Pump Bxx Flow FT xxx_G*
* Devices form part of another group
6.6.2 Modes of Control
The Booster Pump Flow Control may be controlled from the PCS either locally at the Station
or remotely from the MCC.
6.6.3 Modes of Operation
The Control Valve has its own Mode of operation, independent of the Group:
Local
Manual
Automatic
Default mode of operation is Auto.
6.6.4 Group Functionality
6.6.5 Spillback control
Spillback control is implemented to provide minimum flow protection to the associated
booster pump. Spillback flow control is achieved via a PID controller and control valve, which
is by default enabled and in Auto. When the Booster pump is stopped the spillback Control
valve is interlocked closed. The interlock is removed as soon as the Booster pump reaches a
state of not stopped.
Control is based on uncompensated flow FT xxx_G.
Minimum flow protection is achieved by minimum flow override. In addition to the minimum
flow pump protection, the spillback line is also used for inter-tank transfers.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 78 of 363
Page 78 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.6.5.1 Inter-tank Transfer control
Inter-tank transfers shall take place via the booster pumps and associated spillback lines.
Inter-tank transfer is a manual function, with correct line-up and flowrate selection remaining
the responsibility of the operator.
6.6.5.2 Non-Modulating Actuators
Not applicable to this device group.
6.6.5.3 Modulating Actuators
Figure 6.6-1: Booster pump Bxx spillback - Flow Control Schematic
Control valves are part of the respective Booster pump Group and do not have their own
graphic. Hence the PV’s and control loop are not visible to the operator.
The typical consists of two PID loops each with a hard coded override:
Flow PID
SDP PID (not used)
The operator can choose to control on:
Flow
Manual (manual mode only)
6.6.5.4 Flow compensation
FT xxx_G is uncompensated.
6.6.6 Group Availability
Not Required.
xxx
PT
xxxCV
xxxCV
FT
xxx
xxxPT
PT
xxxFIC
xxxPT
xxxPIC
xxxOVR
xxxOVR xxx
PICxxx
OVR
ICPSDP
FLOW
xxxMAN
SP SPOR
SP
SP
CONTROL VALVE
SPOR
SPOR
0%
100%
SPOR
ICP
Va
lve
Ove
rrid
e
Po
stio
n
0%
100%
Flow/SDP
Va
lve
Ove
rrid
e
Po
stio
n
SPOR
OVERRIDE FUNCTIONS
LinearisationLinearisation
FT xxx_S
(Not used)
>
(Not used)
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 79 of 363
Page 79 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.6.7 Group Status
6.6.7.1 Group Alarm Status Indication
None defined.
6.6.7.2 Group Error Status Indication
None defined.
6.6.7.3 Group Information Status Indication
None defined.
6.6.8 Additional Device Alarms
Flow Deviation High alarm is not used for this application.
6.6.9 Group Interlocks
6.6.9.1 Hard-wired Interlocks
None defined.
6.6.9.2 PLC Interlocks
6.6.9.2.1 CV BxxJ: Booster Pump Spillback Control Valve Interlock
The Booster Pump Spillback Control valve (CV BxxJ) is interlocked closed when the Booster
Pump Bxx is stopped.
6.6.10 Failure Modes
In the case of transmitter failures, the following should apply:
Should a flow transmitter fail, the substitute value is shown to the operator (hold
last).
On instrument failure, the instrument goes into substitute value (hold last) complete with
alarming. Operator action is required to prevent control loop wind-up.
6.6.11 Graphic Representation
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 80 of 363
Page 80 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.7 MV Mainline Pump Sets – DOL (Series Configuration)
This section is associated with the control and monitoring of MV Mainline Pump Set – DOL
Device Groups.
MV Mainline Pump Sets are installed on most stations associated with the Crude, Refined
Product and Inland Pipeline networks.
6.7.1 Group Description
This section covers Medium Voltage DOL Pump-sets used in mainline, accumulator and
Mainline pump applications, where the Pump-set is not equipped with its own individual Lube
Oil System, where Machine Monitoring Systems are not installed and where the Pump-sets
are placed in a series configuration.
A Medium Voltage Pump Set Device Group comprises of the pump, motor, inlet (PxA), outlet
(PxE) and bypass (PxK) valves. Multistage pump sets are used to maintain desired pressure
profiles, by switching online and offline as required. Valves and instrumentation may vary
according to application.
This control and monitoring functionality is achieved via the following devices:
6.7.1.1 Signals Interfaced from the Field to the PLC via Hardwired Interface
Instruments (Typically)
Mainline Pump Pxx Suction Pressure PT 0x1
Mainline Pump Pxx Discharge Pressure PT 0x2
Mainline Pump Pxx Seal Leakage (i)
PS 0x1
Mainline Pump Pxx Flow FS 0x1
Mainline Pump Pxx Pump NDE Bearing Temperature (i)
TT 0x1
Mainline Pump Pxx Pump Casing Temperature TT 0x2
Mainline Pump Pxx Pump DE Bearing Temperature (i)
TT 0x3
Mainline Pump Pxx Motor DE Bearing Temperature (i)
TT 0x4
Mainline Pump Pxx Motor Winding Temperature (i)
TT 0x5
Mainline Pump Pxx Motor NDE Bearing Temperature (i)
TT 0x6
Mainline Pump Pxx Pump Vibration (i)
VT 0x1
Mainline Pump Pxx Motor Vibration (i)
VT 0x2
Mainline Pump Pxx Motor Current (i)
IT 0x1
Valves
Mainline Pump Pxx Suction Valve ZV PxA Mainline Pump Pxx Bypass Valve XV PxK (1)
Mainline Pump Pxx Discharge Valve XV PxE
Drives
Mainline Pump P0x (i)
P0x
6.7.1.2 Signals Interfaced from the Electrical Switchgear to the PLC via Hardwired
Interface
Typical electrical interface for Mainline Pump Set Breakers installed on stations associated
with the RPP and COP Pipelines is as follows:
MV01 P0x Running (i)
MV01P0x PON
MV01 P0x Stopped (i)
MV01P0x POF
MV01 P0x In Local (i)
MV01P0x SLO
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 81 of 363
Page 81 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
MV01 P0x Master Trip Relay (i)
MV01P0x MTR
MV01 P0x Thermal Overload Trip (i)
MV01P0x TOP
MV01 P0x Earth Fault Trip (i)
MV01P0x ELP
MV01 P0x Fuse Blown Trip (i)
MV01P0x FBL
MV01 P0x Electronic Protection Relay Fail (i)
MV01P0x ERP
MV01 P0x Loss of Control Voltage (i)
MV01P0x VT
MV01 P0x Remote Emergency Stop (i)
MV01P0x RES
MV01 P0x Multi-Start Inhibit (i)
MV01P0x SPH
MV01 P0x Breaker Racked Out (i)
MV01P0x BRS
MV01 P0x Start Request (i)
MV01P0x IRC
MV01 P0x Stop Request (i)
MV01P0x IRT
MV01 P0x Process Trip Request (i)
MV01P0x PTR
MV01 P0x Mechanical Trip Request (i)
MV01P0x TVR
Mv01 P0x Current (i)
IT 0x1
(i) Devices form part of Pump Device Typical
Notes:
1. In some installations, XV PxK may be a check valve.
2. The control and monitoring functionality of the Mainline Pump Device Typical is described
in the Software Control Module Standard [3].
3. Refer to Electrical Device Group Section 6.26.1 for details on motor electrical interface.
6.7.2 Modes of Control
The Mainline Pump Set may be controlled from the PCS either locally at the Station or
remotely from the MCC.
6.7.3 Modes of Operation
All devices related to the Mainline Pump Set shall have the following three Modes of
Operation:
Local
Manual
Automatic
6.7.4 Group Functionality
6.7.4.1 Maximum Demand Inhibit
Booster/Mainline Pumps are combined for maximum demand inhibit. This implies that only
one pump can be started at a time. In automatic, the pumps of each manifold are started in
the same order as the start commands were issued.
If a pump running feedback is detected, this pump sets a maximum demand inhibit for all the
other pumps. The maximum demand is active for the required delay time as preconfigured
per pump. Pump current is not used for the maximum demand inhibit.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 82 of 363
Page 82 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.7.4.2 Mainline Pump States
6.7.4.2.1 Mainline Pump Online
The Mainline Pump is in an Online state if:
Pump Inlet Valve ZV PxA is Open AND
Pump Outlet Valve XV PxE is Open AND
Pump Bypass Valve XV PxK is Open AND
Mainline Pump P0x is running
6.7.4.2.2 Mainline Pump Offline
The Mainline Pump is in an Offline state if:
Pump Outlet Valve XV PxE is Closed AND
Pump Bypass Valve XV PxK is Open AND
Mainline Pump P0x is stopped
6.7.4.2.3 Mainline Pump Flushing
The Mainline Pump is in an Online/Flushing state if:
Pump Inlet Valve ZV PxA is Open AND
Pump Outlet Valve XV PxE is Open AND
Pump Bypass Valve XV PxK is Closed
6.7.4.3 Valid Flow-path
The Mainline Pump has a valid flow-path if:
Pump Bypass Valve XV PxK is Open/Wire-break
OR
Pump Inlet Valve ZV PxA is Open/Wire-break AND Pump Outlet
Valve XV PxE is Open/Wire-break.
Note: This status is not the same as the No Valid Flow-Path Interlock detailed in the
interlock section.
6.7.4.4 Mainline Pump Flags
These flags are raised by the process control software as configured on the Mainline Pump
block. The flags are used to generate Group Status indications, Group Availability indications
and for Group Event and Group Alarm logging. The triggering of each flag is described here
in detail.
6.7.4.4.1 Mainline Pump Flow-path
The Mainline Pump Flow-path flag is raised whenever the Mainline Pump has a Valid Flow-
path as defined in Section 6.7.4.2.3.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 83 of 363
Page 83 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.7.4.4.2 Possible Hotspot
Should a Mainline Pump not be flushed (i.e. the "Mainline Pump Not Flushed" flag is raised)
AND an Interface is not present in the Online route (Interface in Station Flag set High), and
the Mainline Pump moves from an Offline state (as determined by valve status), a Possible
Hotspot flag is raised.
This alarm is cleared when the Mainline Pump goes Online.
6.7.4.4.3 Mainline Pump Not Flushed
The Not Flushed flag is raised under the following conditions:
A Mainline Pump Set Flush request initiated
AND
device failure while running the Flush sequence OR Mainline Pump Set Flush not
online timer (configured as the time it takes the Mainline Pump Set to reach a Flush
Online state) has expired.
The Not Flushed flag is cleared if the Mainline Pump Set is placed online as determined by
valve status.
6.7.4.5 Mainline Pump Set Online Sequence
The Mainline Pump Set On-line Sequence is activated on receipt of –
an Online Request from the SCADA
a LWC Online Sequence request from the MCC
a Station Online Sequence request
A check is undertaken to ascertain if the Pump Set Device Group is "Ready". If the group is
not ready, the sequence will not be initiated. The first step of the online sequence also checks
if there is a flow path before the sequence continues. If there is no flow path the sequence is
aborted.
The Bypass Valve is initially opened (if not already open) and the Discharge Valve closed (if
not already closed). The sequence will now wait until all the other Pump Sets “Start Inhibits”
are reset before the pump is started.
When the Discharge valve is closed and there is no maximum demand inhibit from another
pump, a Start-up Request (via the IRC Output) is then issued to the Switchgear. When the
pump is running, the discharge valve is opened. The sequence does not look at the motor
current after the pump is started and opens the discharge valve if the pump running feedback
is detected and a configurable timer (default 5 secs) has elapsed. The Bypass Valve is left
open.
See flow diagram for details:
7.2.4.1: Mainline Pump P01 Online Sequence
The following conditions while the sequence is running will result in the sequence aborting,
complete with all associated alarming and event logging:
ZVPxA Fault OR
XVPxK Not Available OR
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 84 of 363
Page 84 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
XVPxE Not Available OR
Pxx Not Available OR
No valid flow-path trip (Internal to sequence)
Placing the Group in Manual mode while the sequence is running will result in the sequence
aborting.
Note: The Mainline Pump Offline Sequence is activated on receipt of an Online Sequence
Abort Status.
6.7.4.6 Mainline Pump Set Offline Sequence
The Mainline Pump Set Offline sequence is activated on receipt of:
an offline request from the SCADA
a Station Offline request
a LWC Offline Sequence request from the MCC
a Pump Set Online sequence aborted
due to the pump being tripped via PTR or TVR output
a device fault (Pxx OR XV PxK OR XV PxE) condition exists
a No Valid Flow-path Trip condition exists
Lube Oil not healthy as per Section 6.7.8.2.6
Insufficient power is available (usually determined by all Incomer OCB’s being open).
a Line Over-pressure interlock (P0x-SIF1 is activated)
Station Discharge Pressure High interlock as per Section 6.7.8.2.4
The Pump Set Offline Sequence is always Available.
A check is undertaken to ascertain if the Pump Set Device Group is "Ready". If the group is
not “Ready”, the sequence cannot be initiated by operator request (Note the sequence can
be initiated by device fault/interlock conditions if in automatic).
The Remote Stop Signal (IRT) from the PLC is first removed. On receipt of the Pump
Stopped Feedback (POF), the Bypass valve is opened and once open, the Discharge valve is
closed, and the Offline Sequence completed. Should the bypass valve fail to open, the
sequence will abort to prevent a no flow path condition.
See flow diagram for details:
7.2.4.2: Mainline Pump P01 Offline Sequence
Any faults encountered during the running of the offline sequence results in the sequence
continuing to completion. Placing the Group in Manual mode while the sequence is running
will result in the sequence aborting.
6.7.4.7 Pump Set Flushing Sequence
A Mainline Pump Set Flush Request is activated, on receipt of:
an Flush Request from the SCADA, if not Online OR
a Manifold Flush Request from the SCADA Overview Screen, if not Online (Station
dependent) OR
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 85 of 363
Page 85 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
a Route change (Station dependent)
On receipt of a Mainline Pump Set Flush Request, the Mainline Pump Set Flush Sequence is
initiated if Ready and not already online. The Discharge Valve is initially opened and on
successful completion, the Bypass Valve closed.
Note that the bypass valve actuator limits are set to ensure that the bypass valve is only
partially closed. Setting of bypass valve limits ensures that, during flushing, the pump is not
wind milled beyond a predetermined limit.
Mainline Pump sets not flushed will need to be manually isolated, drained and re-primed by
operators on site.
Flushing will be terminated based on operator request.
See flow diagram for details:
7.2.4.3: Mainline Pump P01 Flush Sequence
The following conditions while the sequence is running will result in the sequence aborting,
complete with all associated alarming and event logging:
ZVPxA Fault OR
XVPxK Not Available OR
XVPxE Not Available
Placing the Group in Manual mode while the sequence is running will result in the sequence
aborting.
6.7.5 Group Availability
The following conditions render the Mainline Pumpset Device Group “Not Available”.
Condition Text Logic
P0x Not Available P0x Not Avail Refer to [3]
ZV PxA Not Opened or Wirebreak
ZVPxA Not Opened/Wb Refer to [3]
XV PxE Not Available XVPxE Not Avail Refer to [3]
XV PxK Not Available or
Interlocked
XVPxK Not Avail or Intlk Refer to [3]
No Lube Oil Flow (or Pressure)
No Lube Oil Flow (or Pressure) As per Section 6.11.4.2
No Purge Air Flow No Purge Air Flow As per Section 6.21.4.2
Insufficient Power
Available
Insufficient Power Available As per Section 6.7.8.2.5
SDP High Trip Station Discharge Pressure High Refer to Section 6.7.8.2.4
Line Over-pressure Protection Activated
Line Overpressure Protection Refer to 6.7.8.2.8. Includes:
- Line Over-Pressure Protection
Interlock
- SIF Failure Time Exceeds MTTR
- PTxxx Fault and in MTTR Trip
- Pressure Deviation High and in MTTR
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 86 of 363
Page 86 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Condition Text Logic
Trip
Table 6.7-1: Mainline Pump Set Pxx Availability
A no flow path condition is not monitored for availability. The online sequence checks if there
is a flow-path in the first step before the sequence is executed. It is however possible to run
an offline sequence with a no flow path condition.
6.7.6 Group Status
6.7.6.1 Group Alarm Status Indications
The following Group Alarm Statuses are configured using display LEDs which are grey in the
inactive condition and red in the active condition, with an associated alarm. Refer to the
Alarm Configuration Database (3) for details including text to be used for the message.
Condition Text Logic
No Valid Flow-path Interlock
No Valid Flow-path Trip Refer to Section 6.7.8.2.7
Possible Hotspot Possible Hotspot Refer to Section 6.7.4.4.2
Table 6.7-2: Mainline Pump Set Pxx Group Alarm Status
6.7.6.2 Group Error Status Indications
The following Group Error Statuses are configured using display LEDs which are grey in the
inactive condition and red in the active condition, with an associated event. Refer to the
Alarm Configuration Database (3) for details including text to be used for the message.
Condition Text Logic
Pump Not Flushed Pump Not Flushed As per Section 6.7.4.4.3
No Valid Flow-path No Valid Flow-path As per Section 6.7.4.2.3
Insufficient Power Available
Insufficient Power Available As per Section 6.7.8.2.5
Number of Starts Exceeded
Number Of Starts Exceeded Refer to Section 6.7.8.2.9
Table 6.7-3: Mainline Pump Set Pxx Group Error Status
6.7.6.3 Group Information Status Indications
None defined
6.7.7 Additional Device Alarms
None defined
6.7.8 Group Interlocks
The following interlocks have been defined for the MV Mainline Pump Sets – DOL Group:
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 87 of 363
Page 87 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.7.8.1 Hardwired Interlocks
6.7.8.1.1 PTR Trip
The PTR Trip signal is hardwired into the electrical switchgear starter circuit via a PLC
controlled interposing relay and will result in a non-latched trip within the starter circuit.
When the condition resets or returns to a healthy condition the P0x PTR output is reinstated.
6.7.8.1.2 TVR Trip
The TVR signal is hardwired into the electrical switchgear starter circuit via a PLC controlled
interposing relay and will result in a latched trip within the starter circuit (Master Trip Relay).
When the condition resets or returns to a healthy condition the P0x TVR output is reinstated.
6.7.8.1.3 Line Over-pressure Trip
An independent SIL rated safety system is installed to perform the following functionality:
On detection of a high trip Station Outlet pressure all the pumps are tripped
simultaneously via a SIL1 rated relay, and will result in a non-latched trip within the
starter circuit.
6.7.8.2 PLC Interlocks
Interlocks run the pump set offline sequence if in auto and will interlock the pump off if in
manual or local.
6.7.8.2.1 P0x: Pump Suction Pressure Low (PT 0x1) (Trip)
On low-low suction pressure to Mainline Pump P0x as detected by PT 0x1 after a configurable
time (default 10 seconds) on startup, trip Mainline Pump P0x. This protection inoperative
delay is used during start-up to prevent spurious trips from occurring. This interlock and
associated alarm is blocked if the pump is not running.
Trip after startup is instantaneous.
6.7.8.2.2 P0x: Pump Discharge Pressure High (PT 0x2) (Trip)
On high-high discharge pressure from Mainline Pump P0x as detected by PT 0x2 after a
configurable time (default 10 seconds) on startup, trip Mainline Pump P0x. This protection
inoperative delay is used during start-up to prevent spurious trips from occurring. This
interlock and associated alarm is blocked if the pump is not running.
Trip after startup is instantaneous.
6.7.8.2.3 P0x: Pump Casing Temperature (TT 0x4) (Trip)
When the pump casing temperature (TT 0x4) exceeds a pre-defined high limit the pump is
tripped.
6.7.8.2.4 P0x: Station Discharge Pressure High (PT x2x) (Interlock)
Protection against line overpressure is performed by constantly monitoring the station
discharge pressure. Should the discharge pressure exceed the safe limit [configurable in the
PLC], pump sets are prohibited from starting by interlocking non-running pumps off and a
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 88 of 363
Page 88 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
check is undertaken to see which is the last running pump on the Station. This pump is
interlocked off irrespective of the mode i.e. automatic, manual or local, and if Ready will run
off line.
The station discharge pressure is then re-evaluated after an elapsed time (configurable in the
PLC - default 5 seconds). Should the pressure still be above the safe limit, the next last-
running pump will be interlocked off (and run off line if Ready) and the same process
repeated until all Pump sets are interlocked off (and run off line if Ready) or station discharge
pressure has fallen within limits.
6.7.8.2.5 P0x: Insufficient Power Available (Interlock)
If insufficient power is available to run the pump set (defined as all electrical incomer OCBs
being open), the pump P0x is interlocked off.
6.7.8.2.6 P0x: No Lube Oil Flow (or Pressure) (Interlock)
If the lube oil system indicates a no flow (or pressure) condition after a configurable time
(default 15 secs) has elapsed and the Mainline Pump is running, the Mainline Pump is
interlocked off.
If the Lube Oil System indicates a no flow (or pressure) condition after a configurable time
(default 15 secs) has elapsed and the Mainline Pump is not running, the Mainline Pump is
interlocked off. This is a start interlock.
6.7.8.2.7 P0x: No Valid Flow-path Trip (Interlock)
If any of the valves which block the flow through the relevant manifold are Not Open, a “No
Valid Flow-path Trip” interlock is activated.
This No Valid Flow Path Interlock is a combination of the Valid Flow Path Interlocks as
defined in the following Device Groups:
Receiver
Launcher
HP Routing
LP Routing
Other Pump Set D.O.L (series configuration)
6.7.8.2.8 P0x: Line Over-Pressure Protection (LOP) (SIF) (Interlock)
On detection of a line over-pressure active (PYx2xA_SIF) or QSifEnable signal the Mainline
Pump is interlocked off. Signal QSifEnable is calculated in SisLop function block. See SIS
Section 6.16.7.2.1
6.7.8.2.9 P0x: Number Of Starts Exceeded (Interlock)
In order to prevent the motor from overheating due to high inrush current, the number of
starts is limited within the EPR Relay. When the thermal energy count is exceeded, the EPR
Relay issues a Multi-Start Inhibit signal to the PLC. On receipt of Pxx_SPH, the Mainline Pump
is prevented from starting via an interlock and an event message is generated. The Mainline
Pump will not be interlocked off if it is already running, i.e. the signal inhibits the start
request only.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 89 of 363
Page 89 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.7.8.2.10 Maximum Demand Inhibit (interlock)
If the pump is in local or manual mode and it is not running, a maximum demand inhibit from
another pump will interlock this pump off to prevent it from starting.
6.7.8.2.11 P0x: No Purge Air Flow (Interlock)
If the purge air system indicates a no flow condition after a configurable time (default 15
secs) has elapsed and the Mainline Pump is running, the Mainline Pump is interlocked off.
If the purge air system indicates a no flow condition after a configurable time (default 15
secs) has elapsed and the Mainline Pump is not running, the Mainline Pump is interlocked off.
This is a start interlock.
6.7.9 Failure Modes
None defined.
6.7.10 Graphic Representation
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 90 of 363
Page 90 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.8 MV Mainline Pump Sets – VSD (Parallel Configuration)
This section is associated with the control and monitoring of MV Mainline Pump Set – VSD
Device Groups.
MV Mainline VSD Pump Sets are installed on stations associated with the new 24” Multi-
product Pipeline.
6.8.1 Group Description
This section covers Medium Voltage Pump Sets used in mainline applications, where ABB
ACS1000 air/water-cooled VSD’s with Machine Monitoring Systems are installed and where
the Pump-Sets are placed in a parallel configuration.
VSD Pump Sets are used to maintain pressure/flow along the pipeline as required.
Note: A Pump Set is operated in conjunction with Inlet and Discharge Valves. Only the
discharge valve is automated.
Pumps will start on an open flow-path (never against closed input/output valves).
The drive is inhibited from operating in local (at the VSD panel) without the PLC, SIS and
MMS providing protective interlocking, i.e. NO operation without the PLC online (the
protection hard-wired links from the PLC (P01 PTR and P01 TVR1)), the MMS (P01 TVR2) and
SIF Trip relay (P01 SIF1) signals being healthy. Note that local control at the VSD itself is
possible, provided the hard-wired PTR and TVR signals are in a healthy state.
VSDs that are water-cooled have a chiller interface, those that are air-cooled do not.
The pump set is connected to a Machine Monitoring System (GE System 1 based on Bentley
Nevada 3500 sensing equipment). Signals are interfaced to the PLC via hardwired and
Modbus RS422 interface.
The control and monitoring functionality is achieved via the following devices:
6.8.1.1 Signals Interfaced from the Field to the PLC via Hardwired Interface
Valves and Pumps
Mainline Pump P0x Inlet Valve ZV PxA
Mainline Pump P0x Discharge Valve XV PxE
Mainline Pump P0x (i)
P0x
Instruments
Station Discharge Pressure * PT x2x
Mainline Flow * FT x2x
Instruments (Hardwired)
Mainline Pump P0x Suction Pressure PT 0x1
Mainline Pump P0x Discharge Pressure PT 0x2 Mainline Pump P0x Flow FT 0x1
Mainline Pump P0x Sonic Velocity KT 0x1
Mainline Pump P0x Casing Temperature TT 0x4
Mainline Pump P0x NDE Seal Leak Detection (i)
LS 0x1
Mainline Pump P0x DE Seal Leak Detection (i)
LS 0x2
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 91 of 363
Page 91 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.8.1.2 Signals Interfaced between the PLC – VSD (Modbus Interface)
Typical electrical interface for Mainline MV Pump Set VSD installed on stations associated with
the 24” MPP Pipeline is as follows:
MV01 P0x Current (i)
IT0x1
MV01 P0x Speed (i)
ST0x1
MV01 P0x Motor Winding Current (i)
TT0x8A/B/C
MV01 P0x Speed Reference (i)
SC0x1
MV01 P0x VSD VCB Ready to be Closed (i)
MV01P0x RDYON
MV01 P0x VSD Ready to Run (i)
MV01P0x RDYRUN
MV01 P0x VSD Running (i)
MV01P0x RDYREF
MV01 P0x VSD Running at Speed (i)
MV01P0x ASP (AT_SETPOINT)
MV01 P0x VSD Mechanical Trip Request (i)
MV01P0x MTR (TRIPPED)
MV01 P0x Remote Emergency Stop (i)
MV01P0x RES (EmergStop)
MV01 P0x Loss of Control Voltage (i)
MV01P0x VT (AUX POWER)
MV01 P0x Motor Winding Temp Wirebreak (i)
MV01P0x TT0x5WB (MotWdgMLoss)
MV01 P0x Under Voltage (i)
MV01P0x UV (Undervoltage)
MV01 P0x VSD In Local (i)
MV01P0x SLO (REMOTE)
MV01 P0x VSD Chiller Alarm (i)
MV01P0x CHALM (ExtWtrCool)
MV01 P0x VSD Chiller Fault (i)
MV01P0x CHFLT (ExtWtrCool)
MV01 F5x VCB Close Request (i)
MV01F5x C
MV01 P0x Start Request (i)
MV01P0x IRC
MV01 P0x VSD Remote Reset Request (i)
MV01P0x RR
6.8.1.3 Signals Interfaced between the PLC – VSD (Hardwired Interface)
MV01 P0x Process Trip Request (i)
MV01P0x PTR
MV01 P0x Mechanical Trip Request (i)
MV01P0x TVR1
6.8.1.4 PLC - MMS Interface
6.8.1.4.1 Signals Interfaced between the PLC – MMS (Modbus Interface)
The following signals are interfaced between the PLC and MMS System via Modbus interface:
Mainline Pump P0x Pump NDE Thrust Bearing Temp TT 0x1A/B
Mainline Pump P0x Pump NDE Thrust Bearing Temp TT 0x2A/B
Mainline Pump P0x Pump NDE Radial Bearing Temp TT 0x3A/B Mainline Pump P0x Pump NDE Radial Bearing Temp TT 0x5A/B
Mainline Pump P0x Pump NDE Radial Bearing Vib X-Axis VT 0x1x Mainline Pump P0x Pump NDE Radial Bearing Vib Y-Axis VT 0x1y
Mainline Pump P0x Pump DE Radial Bearing Vib X-Axis VT 0x2x
Mainline Pump P0x Pump DE Radial Bearing Vib Y-Axis VT 0x2y Mainline Pump P0x NDE Thrust Bearing Axial Displacement ZT 0x1
Mainline Pump P0x NDE Thrust Bearing Axial Displacement ZT 0x2 Mainline Pump P0x NDE Bearing Vibration ST 0x1
Mainline Pump P0x DE Bearing Vibration ST 0x2 Mainline Pump P0x Keyphase KT 0x2
Mainline Pump P0x Motor DE Radial Bearing Temp TT 0x6A/B Mainline Pump P0x Motor NDE Radial Bearing Temp TT 0x7A/B
Mainline Pump P0x Motor DE Radial Bearing Vib X-Axis VT 0x3x
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 92 of 363
Page 92 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Mainline Pump P0x Motor DE Radial Bearing Vib Y-Axis VT 0x3y
Mainline Pump P0x Motor NDE Radial Bearing Vib X-Axis VT 0x4x Mainline Pump P0x Motor NDE Radial Bearing Vib Y-Axis VT 0x4y
Mainline Pump P0x Motor DE Bearing Vibration ST 0x3
Mainline Pump P0x Motor NDE Bearing Vibration ST 0x4
6.8.1.4.2 Signals Interfaced between the PLC – MMS (Hardwired Interface)
The following signals are interfaced between the PLC and MMS System via hardwired
interface:
Mainline Pump P0x MMS Fail P0x BNARM
Mainline Pump P0x Pump Radial Bearing High Vibration Alarm (i)
P0x VSH0x1
Mainline Pump P0x Motor Radial Bearing High Vibration Alarm (i)
P0x VSH0x2
Mainline Pump P0x NDE Thrust Bearing Axial Displacement Alarm (i)
P0x ZSH0x1
Mainline Pump P0x Pump High Vibration Alarm (i)
P0x SSH0x1
Mainline Pump P0x Motor High Vibration Alarm (i)
P0x SSH0x2
Mainline Pump P0x Pump Radial Bearing High Temperature Alarm (i)
P0x TSH0x1
Mainline Pump P0x Motor Radial Bearing High Temperature Alarm (i)
P0x TSH0x2
Mainline Pump P0x Pump Radial Bearing High Vibration Trip (i)
P0x VSHH0x1
Mainline Pump P0x Motor Radial Bearing High Vibration Trip (i)
P0x VSHH0x2
Mainline Pump P0x NDE Thrust Bearing Axial Displacement Trip (i)
P0x ZSHH0x1
Mainline Pump P0x Pump High Vibration Trip (i)
P0x SSHH0x1
Mainline Pump P0x Motor High Vibration Trip (i)
P0x SSHH0x2
Mainline Pump P0x Pump Radial Bearing High Temperature Trip (i)
P0x TSHH0x1
Mainline Pump P0x Motor Radial Bearing High Temperature Trip (i)
P0x TSHH0x2
Mainline Pump P0x MMS Trip Multiply (i)
P0x BNTM
Mainline Pump P0x MMS Trip Reset (i) P0x BNRST
Mainline Pump P0x MMS Alarm Inhibit (Not Used) (i)
P0x BNINH
6.8.1.4.3 PLC to System 1 Modbus signals (MMS)
The following signals are interfaced via Modbus to the System 1 Server for diagnostic
purposes:
Station Discharge Pressure* PT x2x Mainline Pump P0x Suction Pressure PT 0x1
Mainline Pump P0x Discharge Pressure PT 0x2 Mainline Pump P0x Flow FT 0x1
Mainline Pump P0x Casing Temperature (i)
TT 0x4
Mainline Pump P0x Lube Oil Flow * FS 16x Mainline Pump P0x Lube Oil Header Pressure* PT 16x
Mainline Pump P0x Lube Oil Tank Level* LT 16x
Mainline Pump P0x Lube Oil Strainer Diff Pressure* PDT 16x Mainline Pump P0x Lube Oil Tank Temperature* TT 16xA
Mainline Pump P0x Lube Oil Cooler Outlet Temp* TT 16xB
Mainline Pump P0x Seal Pressure (i)
PT 16x
Mainline Pump P0x Seal Pressure (i)
PT 16x
Mainline Pump P0x Motor Winding Temperature A-C (i) TE 0x8A-C
(i) Devices form part of Pump Device Typical
* Devices form part of another group
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 93 of 363
Page 93 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Notes:
1. The control and monitoring functionality of the Mainline Pump VSD Device Typical is
described in the Software Control Module Standard [3].
2. Refer to Electrical Device Group Section 6.26.1 for details on motor electrical interface.
3. MMS Protection instrumentation form part of the Mainline Pump Device Typical.
6.8.2 Modes of Control
The Mainline Pump Set may be controlled from the PCS either locally at the Station or
remotely from the MCC.
6.8.3 Modes of Operation
All devices related to the Mainline Pump Set shall have the following three Modes of
Operation:
Local
Manual
Automatic
6.8.4 Group Functionality
6.8.4.1 Flow Compensation
FT 0x1_S is compensated for pressure, temperature and density.
6.8.4.2 Maximum Demand Inhibit
Not required.
6.8.4.3 Mainline Pump States
6.8.4.4 Pump Set Lined up State
The Pump Set is in a Lined up state if:
Breaker closed AND
XV PxE is Closed
6.8.4.4.1 Mainline Pump Online/Flushing State
The Mainline Pump is in an Online/Flushing state if:
Pump Inlet Valve ZV PxA is Open AND
Pump Outlet Valve XV PxE is Open AND
Pump P0x is Running
6.8.4.4.2 Mainline Pump Offline State
The Mainline Pump is in an Offline state if:
Pump Outlet Valve XV PxE is Closed AND
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 94 of 363
Page 94 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Pump Px1 is Stopped
6.8.4.5 Pump Set No Valid Flow-path Status
If a Pump Set No Valid Flow-path alarm condition is detected, a group 'No Valid Flow-path'
bit is active.
A Valid Flow-path for the Mainline VSD Pump exists, if the following conditions are met:
Discharge Valve XV PxE is (Open OR Wirebreak) AND
Suction Valve ZV PxA is (Open OR Wirebreak)
6.8.4.6 Mainline Pump Flags
These flags are raised by the process control software as configured on the Mainline Pump
block. The flags are used to generate Group Status indications, Group Availability indications
and for Group Event and Group Alarm logging. The triggering of each flag is described here
in detail.
6.8.4.6.1 Mainline Pump Flow-path
The Mainline Pump Flow-path flag is raised whenever the Mainline Pump has a Valid Flow-
path as defined in Section 6.8.4.5.
6.8.4.6.2 Possible Hotspot
Should a Mainline Pump not be flushed (i.e. the "Mainline Pump Not Flushed" flag is raised)
AND an Interface is not present in the Online route (Interface in Station Flag set High), and
the Mainline Pump moves from an Offline state (as determined by valve status), a Possible
Hotspot flag is raised.
This alarm is cleared when the Mainline Pump goes Online.
6.8.4.6.3 Mainline Pump Not Flushed
The Not Flushed flag is raised under the following conditions:
A Mainline Pump Set Flush request initiated
AND
device failure while running the Flush sequence OR,
Mainline Pump Set Flush not online timer (configured as the time it takes the
Mainline Pump Set to reach a Flush Online state) has expired.
The Not Flushed flag is is cleared if the Mainline Pump Set is placed online as determined by
valve status.
6.8.4.7 Pump Set Line-up Sequence
The sequence prepares the pump set for startup as part of the Station Online sequence.
The Pump Set Line-up sequence is activated on receipt of:
a line-up request from the SCADA
a station line-up request
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 95 of 363
Page 95 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
The Pump Set Line-up sequence does two things:
close the pump set breaker
close the pump set discharge valve (XV PxE)
The following conditions while the sequence is running will result in the sequence aborting,
complete with all associated alarming and event logging:
XV PxE Not Available OR
P0x Not Available OR
Placing the Group in Manual mode
See flow diagram for details:
7.2.5.1: Mainline Pump Set P01 Line-Up Sequence
6.8.4.8 Pump Set Online Sequence
The Pump Set Online Sequence is activated on receipt of:
an Online Request from the SCADA
a LWC Online Sequence request from the MCC
a Station Online Sequence request
A check is undertaken to ascertain if the Pump Set Device Group is “Ready.” If the group is
not ready the sequence cannot be initiated. The first step of the online sequence also checks
if there is a flow-path through the rest of the manifold before the sequence continues. If
there is no flow-path through the rest of the manifold the sequence is aborted.
The Pump Set is started as follows:
Check for a No valid flow path trip condition (through the rest of the manifold). If not
the sequence is aborted.
Perform a “Trip Reset” on the relevant Bentley Nevada 3500 Rack (MMS)
Check if relevant Bentley Nevada 3500 Rack "MMS Healthy" signal present. If not,
the sequence is aborted.
Open the Mainline Pump P0x Discharge valve.
Close the pump breaker at the same time as the discharge valve is opened.
Start the Mainline Pump.
Note that the “Trip Multiply” function on Bentley Nevada system and a 2 second
timer (configurable) is initiated in the Bentley Nevada system prior to issuing a start
command. This function is done outside the sequence to cater for manual and local
mode and is implemented within the device typical.
Once the pump running feedback is received, reset the trip multiplier function of
Bentley Nevada system after 10s (configurable). Note the reset of the trip multiplier
is implemented within the device typical.
See flow diagram for details:
7.2.5.2: Mainline Pump Set P01 Online Sequence
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 96 of 363
Page 96 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
The following conditions while the sequence is running will result in the sequence aborting,
complete with all associated alarming and event logging:
ZV PxA Fault OR
XV PxE Not Available OR
P0x Not Available or Interlocked OR
No Flow-path Trip (internal in sequence) OR
MMS not healthy (internal in sequence) OR
Placing the Group in Manual mode
Note: The Mainline Pump Set Offline Sequence is activated on receipt of an Online Sequence
Aborted.
6.8.4.9 Pump Set Offline Sequence
The Pump Set Offline Sequence is activated on receipt of:
an Offline request from the SCADA.
A Station Offline request
a command from Duty Speed Controller
a Pump Set Online sequence aborted
due to the pump being tripped via PTR or TVR output
a device fault condition exists (P0x OR XV PxE)
a No Valid Flow-path Trip interlock condition exists.
Lube Oil not healthy
A Pump Set Online sequence Aborted
Insufficient power is available. If the VSD under voltage indicates a power failure for
a configurable time (up to 15 seconds) the drive stops (Note: station brownout of
< 5 seconds does not stop drive).
a Line Over-pressure interlock (P0x_SIF is activated).
Station Discharge pressure high interlock as per Section 6.8.7.2.5.
The Pump Set Offline Sequence is always Available.
A check is undertaken to ascertain if the Pump Set Device Group is "Ready". If the group is
not “Ready”, the sequence cannot be initiated by operator request (Note the sequence can
be initiated by device fault/interlock conditions if in automatic).
The Pump Set is run offline as follows:
place the lube oil system online unless it is already running
stop the Mainline Pump (the remote stop signal (IRT) from the PLC is removed)
on receipt of the Pump Stopped feedback (POF) close the Mainline Pump P0x
discharge valve (XV PxE)
See flow diagram for details:
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 97 of 363
Page 97 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
7.2.5.3: Mainline Pump Set P01 Offline Sequence
Any faults encountered during the running of the offline sequence (stopping P01) result in
the sequence continuing to completion, complete with all associated alarming and event
logging procedures.
Placing the Group in Manual mode while the sequence is running will result in the sequence
aborting.
6.8.4.10 Pump Set Flushing Sequence
Refer to HP Routing - Interface detection section 6.12.4.8 for general flushing requirements.
Note that a pump set flush will always handle all parallel pump sets as a unit for flushing.
The pump set flushing sequence is only allowed to run if the lube system for the associated
pump is healthy.
The Pump Set Flushing Sequence is activated:
an Flushing request from the SCADA
a Manifold Flush Request from the SCADA Overview Screen, if not Online (Station
dependent) OR
a Route change (Station dependent)
an Flushing request from the Mainline Pump Flush Sequence controller
The Mainline Pump Sequence Controller will determine if the pump needs to be flushed. The
pump speed is determined by the duty controller that will assume a “Flush Active” condition
during flushing – see “Duty and Speed Controller” in section 6.15.4.1.6 for more details.
All Pump Sets will only be flushed if the flow rate, as measured by the sum of mainline pump
flowmeters (FT0x1), through the station is more than 12000 L/min (configurable). This
minimum flowrate of is achieved by running three pumps at minimum speed of 1611 rpm
(4000 L/min per pump).
Mainline Pump sets not flushed due to low flow rates will need to be manually isolated,
drained and re-primed by operators on site.
Flushing will be terminated based on operator request.
The following conditions while the sequence is running will result in the sequence aborting,
complete with all associated alarming and event logging:
ZV PxA Fault OR
XV PxE Not Available OR
P0x Not Available or Interlocked OR
No Flow-path Trip (checked in sequence) OR
MMS not healthy(checked in sequence) OR
Placing the Group in Manual mode
Pump Set Offline Sequence running
See flow diagram for details:
7.2.5.4: Mainline Pump Set P01 Flush Sequence
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 98 of 363
Page 98 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.8.5 Group Availability
The following conditions render the Line-up sequence “Not Available” and automatic
sequences are inhibited:
Condition Text Logic
P0x Not Available P0x Not Avail Refer to [3]
XV PxE Not Available XVPxE Not Avail Refer to [3]
Table 6.8-1: Mainline VSD Pump Set P0x Line-up Availability
The following conditions render the Online, Offline and Flush sequence “Not Available” and
automatic sequences are inhibited:
Condition Text Logic
P0x Not Available or Interlocked
P01 Not Avail or Intlk Refer to [3]
XV PxE Not Available XVPxE Not Avail Refer to [3]
ZV PxA Not Opened or WB
ZVPxA Not Opened/Wb Refer to [3]
MMS Rack Fail MMS Rack Fail The MMS Rack Failed availability status indicates that the MMS Rack communication link has failed.
Lube Oil Not Ready Lube Oil Not Ready Refer to Section 6.8.7.2.7
Insufficient Power Available
Insufficient Power Available
Refer to Section 6.8.7.2.6
SDP High Trip Station Discharge Pressure High
Refer to Section 6.8.7.2.5
Line Over-pressure Protection Activated
Line Overpressure Protection
Refer to Section 6.8.7.2.9
Table 6.8-2: Mainline VSD Pump Set P0x Online, Offline and Flush Availability
6.8.6 Group Status
The following status indications are to keep the Operator informed of the status of the Device
Group
6.8.6.1 Group Alarm Status Indication
The following Group Alarm Statuses are configured using display LEDs which are grey in the
inactive condition and red in the active condition, with an associated event.
Condition Text Logic
Possible Hotspot Possible Hotspot As per Section 6.8.4.6.2
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 99 of 363
Page 99 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
MMS Modbus Failure MMS Modbus Failure The MMS Modbus Failure indication is provided when the Modbus communications encounters a fault state.
No Valid Flow-path Trip
No Valid Flow-path Trip As per Section 6.8.7.2.8
Table 6.8-3: Mainline VSD Pump Set P0x Group Alarm Status
6.8.6.2 Group Error Status Indication
The following Group Error Statuses are configured using display LEDs which are grey in the
inactive condition and red in the active condition, with an associated event. Refer to the
Alarm Configuration Database (3) for details, including the text to be used for the event
messages.
Condition Text Logic
Pump Not Flushed Pump Not Flushed As per Section 6.8.4.6.3
No Valid Flow-path
No Valid Flow-path As per Section 6.8.4.5
Insufficient Power Available
Insufficient Power Available
As per Section 6.8.7.2.6
Table 6.8-4: Mainline VSD Pump Set P0x Group Error Status
6.8.6.3 Group Information Status Indication
None defined.
6.8.7 Group Interlocks
The following interlocks have been defined for the Pump Sets – VSD Group:
6.8.7.1 Hardwired Interlocks
6.8.7.1.1 PTR Trip
The PTR trip signal is hardwired to the VSD panel as a “Process Stop” input and will result in
a non-latched trip within the VSD. When the condition resets or returns to a healthy condition
the P01 PTR output is reinstated.
6.8.7.1.2 TVR Trip
TVR1 (and TVR2, SIF1) signals are hardwired to the VSD panel as an “External Motor
Protection” input and will result in a latched trip within the drive, and the VCB is opened.
When the condition resets or returns to a healthy condition the P0x TVR output is reinstated.
6.8.7.1.3 Line Over-pressure Trip
An independent SIL rated safety system is installed to perform the following functionality:
On detection of a high trip Station Outlet pressure all the pumps are tripped
simultaneously via the TVR input to the VSD.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 100 of 363
Page 100 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Operation of this trip is interfaced to the PLC for alarming purposes and also for
remote reset function once the condition has normalised.
6.8.7.2 PLC Interlocks
Interlocks run the pump set offline sequence if in auto and will interlock the pump off if in
manual or local.
6.8.7.2.1 P0x: Pump Suction Pressure Low (PT 0x1)
On low-low suction pressure to Mainline Pump P0x as detected by PT 0x1 after a configurable
time (default 10 seconds) on startup, trip Mainline Pump P0x. This protection inoperative
delay is used during start-up to prevent spurious trips from occurring. This interlock and
associated alarm is blocked if the pump is not running.
Trip after startup is instantaneous.
6.8.7.2.2 P0x: Pump Discharge Pressure High (PT 0x2)
On high-high discharge pressure from Mainline Pump P0x as detected by PT 0x2 after a
configurable time (default 10 seconds) on startup, trip Mainline Pump Px1. This protection
inoperative delay is used during start-up to prevent spurious trips from occurring. This
interlock and associated alarm is blocked if the pump is not running.
Trip after startup is instantaneous.
6.8.7.2.3 P0x: Pump Flow Low (FT 0x1) (PTR)
On detection of low flow (FT0x1 < 500 L/min, 30s (configurable) after pump speed > min
speed) the pump is tripped. This protection inoperative delay is used during startup to
prevent spurious trips from occurring. This interlock and associated alarm is blocked if the
pump is not running.
Trip after startup is instantaneous.
6.8.7.2.4 P0x: Pump Casing Temperature (TT 0x4) (PTR)
When the pump casing temperature (TT 0x4) exceeds a pre-defined high limit the pump is
tripped.
6.8.7.2.5 P0x: Station Discharge Pressure High (PT x2x) (Interlock)
When station discharge pressure (PT x2x) exceeds a pre-defined high limit all pumps are
interlocked off.
6.8.7.2.6 P0x: Insufficient Power Available (Interlock)
If insufficient power is available to run the pump set (either utility or MV Genset), this
interlock prevent the Mainline Pump Set from starting in Auto, Manual and Local. Note that
for this interlock to occur, utility power needs to be lost for a period > 5 seconds
(configurable). Restoration of utility power within 5 seconds is termed a brownout condition,
and the pumps carry on running. Insufficient Power is a signal generated within the MV
Switchgear and interfaced to the PLC.
Refer to section 6.27.4.2 for details.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 101 of 363
Page 101 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.8.7.2.7 P0x: Lube Oil Not Healthy (P0x-LBFLT) (Interlock)
If the lube oil system indicates not healthy and the Mainline Pump is running, the Mainline
Pump is interlocked off.
If the Lube Oil System indicates Not Ready and the Mainline Pump is not running, the
Mainline Pump is interlocked off. This is a start interlock.
6.8.7.2.8 P0x: No Valid Flow-path Trip (Interlock)
If any of the valves which block the flow through the relevant manifold are Not Open, a “No
Valid Flow-path Trip” interlock is activated.
This No Valid Flow Path Interlock is a combination of the Valid Flow Path Interlocks as
defined in the following Device Groups:
Receiver
Launcher
HP Routing
LP Routing
Other Pump Set D.O.L (series configuration)
6.8.7.2.9 P0x: Line Over-Pressure Protection (LOP) (SIF) (Interlock)
On detection of a line over-pressure active (PYx2xA_SIF) or QSifEnable signal the Mainline
Pump is interlocked off. Signal QSifEnable is calculated in SisLop function block. See SIS
Section 6.16.7.2.1 for details.
6.8.8 Failure Modes
Failure of communication between PLCs and MMS: Alarm only
Instrument failures: Alarm and use substitute values
6.8.9 Graphic Representation
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 102 of 363
Page 102 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.9 MV Mainline Pump Sets – VSD (Crude Booster Stations)
This section is associated with the control and monitoring of MV Mainline Pump Set – VSD
Device Groups.
MV Mainline VSD Pump Sets are installed on stations associated with the Crude Booster
Stations.
6.9.1 Group Description
This section covers Medium Voltage Pump Sets used in mainline applications, where ABB
ACS1000 air-cooled VSD’s without Machine Monitoring Systems are installed and where the
Pump-Sets are placed in a series configuration.
VSD Pump Sets are used to maintain pressure/flow along the pipeline as required.
Note: A Pump Set is operated in conjunction with Inlet and Discharge Valves.
Pumps will start on an open flow-path (never against closed input/output valves).
The drive is inhibited from operating in local (at the VSD panel) without the PLC providing
protective interlocking, i.e. NO operation without the PLC online (the protection hard-wired
links from the PLC (P01 PTR and P01 TVR) being healthy). Note that local control at the VSD
itself is possible, provided the hard-wired PTR and TVR signals are in a healthy state.
VSDs are air-cooled i.e. chillers are not installed.
The control and monitoring functionality is achieved via the following devices:
6.9.1.1 Signals Interfaced from the Field to the PLC via Hardwired Interface
Valves and Pumps
Mainline Pump P0x Inlet Valve ZV PxA Mainline Pump P0x Discharge Valve ZV PxE
Mainline Pump P0x P0x
Instruments (Hardwired)
Pump seal leak detection (i) PS0x1
Pump suction pressure PT0x1 Pump discharge pressure PT0x1
Pump non-drive end (NDE) bearing temperature (i) TT0x1
Pump casing temperature (i) TT0x2
Pump drive end (DE) bearing temperature (i) TT0x3
Motor drive end (DE) bearing temperature (i) TT0x4
Motor Winding temperature (i) TT0x5a
Motor Winding temperature (i) TT0x5b
Motor Winding temperature (i) TT0x5c
Motor non-drive end (NDE) bearing temperature (i) TT0x6
Pump vibration (i) VT0x1
Motor vibration (i) VT0x2
6.9.1.2 Signals Interfaced between the PLC – VSD (Modbus Interface)
Typical electrical interface for Mainline MV Pump Set VSD installed on Crude Booster stations
associated with the Crude Pipeline is as follows:
MV01 P0x Current (i)
IT0x1
MV01 P0x Speed (i)
ST0x1
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 103 of 363
Page 103 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
MV01 P0x Motor Winding Current (i)
TT0x8A/B/C
MV01 P0x Speed Reference (i)
SC0x1
MV01 P0x VSD VCB Ready to be Closed (i)
MV01P0x RDYON
MV01 P0x VSD Ready to Run (i)
MV01P0x RDYRUN
MV01 P0x VSD Running (i)
MV01P0x RDYREF
MV01 P0x VSD Running at Speed (i)
MV01P0x ASP (AT_SETPOINT)
MV01 P0x VSD Mechanical Trip Request (i)
MV01P0x MTR (TRIPPED)
MV01 P0x Remote Emergency Stop (i)
MV01P0x RES (EmergStop)
MV01 P0x Loss of Control Voltage (i)
MV01P0x VT (AUX POWER)
MV01 P0x Motor Winding Temp Wirebreak (i)
MV01P0x TT0x5WB (MotWdgMLoss)
MV01 P0x Under Voltage (i)
MV01P0x UV (Undervoltage)
MV01 P0x VSD In Local (i)
MV01P0x SLO (REMOTE)
MV01 F5x VCB Close Request (i)
MV01F5x C
MV01 P0x Start Request (i)
MV01P0x IRC
MV01 P0x VSD Remote Reset Request (i)
MV01P0x RR
6.9.1.3 Signals Interfaced between the PLC – VSD (Hardwired Interface)
MV01 P0x Process Trip Request (i)
MV01P0x PTR
MV01 P0x Mechanical Trip Request (i)
MV01P0x TVR
(i) Devices form part of Pump Device Typical
Notes:
1. The control and monitoring functionality of the Mainline Pump VSD Device Typical is
described in the Software Control Module Standard [3].
2. Refer to Electrical Device Group Section 6.26.1 for details on motor electrical interface.
6.9.2 Modes of Control
The Mainline Pump Set may be controlled from the PCS either locally at the Station or
remotely from the MCC.
6.9.3 Modes of Operation
All devices related to the Mainline Pump Set shall have the following three Modes of
Operation:
Local
Manual
Automatic
6.9.4 Group Functionality
6.9.4.1 Flow Compensation
FT 0x1_S is compensated for pressure, temperature and density.
6.9.4.2 Maximum Demand Inhibit
Not required.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 104 of 363
Page 104 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.9.4.3 Mainline Pump States
6.9.4.3.1 Pump Set Lined up State
The Pump Set is in a Lined up state if:
Breaker closed AND
XV PxE is Closed
6.9.4.3.2 Mainline Pump Online State
The Mainline Pump is in an Online state if:
Pump Inlet Valve ZV PxA is Open AND
Pump Outlet Valve ZV PxE is Open AND
Pump P0x is Running
6.9.4.3.3 Mainline Pump Offline State
The Mainline Pump is in an Offline state if:
Pump Px1 is Stopped
6.9.4.4 Pump Set No Valid Flow-path Status
If a Pump Set No Valid Flow-path alarm condition is detected, a group 'No Valid Flow-path'
bit is active.
A Valid Flow-path for the Mainline VSD Pump exists, if the following conditions are met:
Discharge Valve ZV PxE is (Open OR Wirebreak) AND
Suction Valve ZV PxA is (Open OR Wirebreak)
6.9.4.5 Mainline Pump Flags
These flags are raised by the process control software as configured on the Mainline Pump
block. The flags are used to generate Group Status indications, Group Availability indications
and for Group Event and Group Alarm logging. The triggering of each flag is described here
in detail.
6.9.4.5.1 Mainline Pump Flow-path
The Mainline Pump Flow-path flag is raised whenever the Mainline Pump has a Valid Flow-
path as defined in Section 6.9.4.4.
6.9.4.5.2 Possible Hotspot
Not required – dedicated product.
6.9.4.5.3 Mainline Pump Not Flushed
Not required – dedicated product.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 105 of 363
Page 105 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.9.4.6 Pump Set Line-up Sequence
The sequence prepares the pump set for startup as part of the Station Online sequence.
The Pump Set Line-up sequence is activated on receipt of:
a line-up request from the SCADA
a station line-up request
The Pump Set Line-up sequence does two things:
close the pump set breaker
close the pump set discharge valve (XV PxE)
The following conditions while the sequence is running will result in the sequence aborting,
complete with all associated alarming and event logging:
XV PxE Not Available OR
P0x Not Available OR
Placing the Group in Manual mode
See flow diagram for details:
7.2.6.1: Mainline Pump Set P01 Line-Up Sequence
6.9.4.7 Pump Set Online Sequence
The Pump Set Online Sequence is activated on receipt of:
an Online Request from the SCADA
a Station Online Sequence request
A check is undertaken to ascertain if the Pump Set Device Group is “Ready.” If the group is
not ready the sequence cannot be initiated. The first step of the online sequence also checks
if there is a flow-path through the rest of the manifold before the sequence continues. If
there is no flow-path through the rest of the manifold the sequence is aborted.
The Pump Set is started as follows:
Check for a No valid flow path trip condition (through the rest of the manifold). If not
the sequence is aborted.
Close the pump breaker.
Start the Mainline Pump.
See flow diagram for details:
7.2.6.2: Mainline Pump Set P01 Online Sequence
The following conditions while the sequence is running will result in the sequence aborting,
complete with all associated alarming and event logging:
ZV PxA Fault OR
ZV PxE Fault OR
P0x Not Available or Interlocked OR
No Flow-path Trip (internal in sequence) OR
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 106 of 363
Page 106 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Placing the Group in Manual mode
Note: The Mainline Pump Set Offline Sequence is activated on receipt of an Online Sequence
Aborted.
6.9.4.8 Pump Set Offline Sequence
The Pump Set Offline Sequence is activated on receipt of:
an Offline request from the SCADA.
A Station Offline request
a command from Duty Speed Controller
a Pump Set Online sequence aborted
due to the pump being tripped via PTR or TVR output
a device fault condition exists (P0x OR XV PxE)
a No Valid Flow-path Trip interlock condition exists.
Insufficient power is available. If the Power Quality Meter (PQM) indicates a power
failure for a configurable time (up to 15 seconds) the drive stops (Note: station
brownout of < 5 seconds does not stop drive) OR all electrical Incomer OCBs indicate
an open status.
Fire detected – Plant active
Station Discharge pressure high interlock as per Section 6.9.7.2.4.
The Pump Set Offline Sequence is always Available.
A check is undertaken to ascertain if the Pump Set Device Group is "Ready". If the group is
not “Ready”, the sequence cannot be initiated by operator request (Note the sequence can
be initiated by device fault/interlock conditions if in automatic).
The Pump Set is run offline as follows:
stop the Mainline Pump (the remote stop signal (IRT) from the PLC is removed)
See flow diagram for details:
7.2.6.3: Mainline Pump Set P01 Offline Sequence
Any faults encountered during the running of the offline sequence (stopping P01) result in
the sequence continuing to completion, complete with all associated alarming and event
logging procedures.
Placing the Group in Manual mode while the sequence is running will result in the sequence
aborting.
6.9.4.9 Pump Set Flushing Sequence
Not required – dedicated product.
6.9.5 Group Availability
The following conditions render the Online and Offline sequence “Not Available” and
automatic sequences are inhibited:
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 107 of 363
Page 107 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Condition Text Logic
P0x Not Available or Interlocked
P01 Not Avail or Intlk Refer to [3]
ZV PxA Not Opened or WB
ZVPxA Not Opened/Wb Refer to [3]
ZV PxE Not Opened or WB
ZVPxE Not Opened/Wb Refer to [3]
Insufficient Power Available
Insufficient Power Available
Refer to Section 6.9.7.2.5
SDP High Trip Station Discharge Pressure High
Refer to Section 6.9.7.2.4
Table 6.9-1: Mainline VSD Pump Set P0x Online, Offline and Flush Availability
6.9.6 Group Status
The following status indications are to keep the Operator informed of the status of the Device
Group
6.9.6.1 Group Alarm Status Indication
The following Group Alarm Statuses are configured using display LEDs which are grey in the
inactive condition and red in the active condition, with an associated event.
Condition Text Logic
No Valid Flow-path Trip
No Valid Flow-path Trip As per Section 6.9.7.2.6
Table 6.9-2: Mainline VSD Pump Set P0x Group Alarm Status
6.9.6.2 Group Error Status Indication
The following Group Error Statuses are configured using display LEDs which are grey in the
inactive condition and red in the active condition, with an associated event. Refer to the
Alarm Configuration Database (3) for details, including the text to be used for the event
messages.
Condition Text Logic
No Valid Flow-path
No Valid Flow-path As per Section 6.9.4.4
Insufficient Power Available
Insufficient Power Available
As per Section 6.9.7.2.5
Table 6.9-3: Mainline VSD Pump Set P0x Group Error Status
6.9.6.3 Group Information Status Indication
None defined
6.9.7 Group Interlocks
The following interlocks have been defined for the Pump Sets – VSD Group:
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 108 of 363
Page 108 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.9.7.1 Hardwired Interlocks
6.9.7.1.1 PTR Trip
The PTR trip signal is hardwired to the VSD panel as a “Process Stop” input and will result in
a non-latched trip within the VSD. When the condition resets or returns to a healthy condition
the P0x PTR output is reinstated.
6.9.7.1.2 TVR Trip
The TVR signal is are hardwired to the VSD panel as an “External Motor Protection” input and
will result in a latched trip within the drive, and the VCB is opened. When the condition resets
or returns to a healthy condition the P0x TVR output is reinstated.
6.9.7.2 PLC Interlocks
Interlocks run the pump set offline sequence if in auto and will interlock the pump off if in
manual or local.
6.9.7.2.1 P0x: Pump Suction Pressure Low (PT 0x1)
On low-low suction pressure to Mainline Pump P0x as detected by PT 0x1 after a configurable
time (default 10 seconds) on startup, trip Mainline Pump P0x. This protection inoperative
delay is used during start-up to prevent spurious trips from occurring. This interlock and
associated alarm is blocked if the pump is not running.
Trip after startup is instantaneous.
6.9.7.2.2 P0x: Pump Discharge Pressure High (PT 0x2)
On high-high discharge pressure from Mainline Pump P0x as detected by PT 0x2 after a
configurable time (default 10 seconds) on startup, trip Mainline Pump Px1. This protection
inoperative delay is used during start-up to prevent spurious trips from occurring. This
interlock and associated alarm is blocked if the pump is not running.
Trip after startup is instantaneous.
6.9.7.2.3 P0x: Pump Casing Temperature (TT 0x4) (PTR)
When the pump casing temperature (TT 0x4) exceeds a pre-defined high limit the pump is
tripped.
6.9.7.2.4 P0x: Station Discharge Pressure High (PT x2x) (Interlock)
When station discharge pressure (PT x2x) exceeds a pre-defined high limit the pump is
interlocked off.
6.9.7.2.5 P0x: Insufficient Power Available (Interlock)
If insufficient power is available to run the pump set, this interlock prevent the Mainline
Pump Set from starting in Auto, Manual and Local. Note that for this interlock to occur, utility
power needs to be lost for a period > 15 seconds (configurable) OR all electrical Incomer
OCBs indicate an open status. Restoration of utility power within 5 seconds is termed a
brownout condition, and the pumps carry on running. Insufficient Power is a signal generated
within the MV Switchgear (Power Quality Meter) and interfaced to the PLC.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 109 of 363
Page 109 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.9.7.2.6 P0x: No Valid Flow-path Trip (Interlock)
If any of the valves which block the flow through the relevant manifold are Not Open, a “No
Valid Flow-path Trip” interlock is activated.
This No Valid Flow Path Interlock is a combination of the Valid Flow Path Interlocks as
defined in the following Device Groups:
Receiver
Launcher
HP Routing
6.9.7.2.7 P0x: Routing Valve Failure (Interlock)
If a remote pig is detected, pig in station or multiple pigs detected and a routing valve is not
available then the Pump Set will run offline if in auto or forced off if in manual or local.
Refer to HP routing (Station specific EDS) for impact on station bypass.
6.9.7.2.8 P0x: Fire Detected - Plant (Interlock)
On detection of Plant Fire Alarm UA198, P0x is forced off.
6.9.8 Failure Modes
Instrument failures: Alarm and use substitute values
6.9.9 Graphic Representation
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 110 of 363
Page 110 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.10 Lube Oil System – 24” MPP Stations
This section is associated with the control and monitoring of MV Mainline Pump Set – Lube
Oil Device Group.
Lube Oil Systems of this type have been installed on stations associated with the new 24”
Multi-product Pipeline.
6.10.1 Group Description
The lube oil device group will consist of all individual lube oil systems associated with the MV
Mainline Pump Sets installed on 24” MPP Stations.
Each Mainline Pump set is equipped with a separate lube oil system. The lube oil system is
used for the lubrication of pump set bearings where forced lubrication is required. Lube oil is
circulated through the pump set bearings and back to a lube oil tank.
Pump sets may only be run with lube oil circulation active.
There are two lube oil pumps per pump set. A mechanical pump which operates when the
Mainline Pump is in operation, and an electrical auxiliary lube oil pump. A single flow switch
and pressure transmitter are used to indicate lube oil header flow and pressure.
The mechanically driven pump is active as soon as the Mainline Pump is running and will
remain active until the pump set is stopped. Once the Mainline Pump set is running at
minimum speed the electrically driven pump may be switched off but will remain on standby
(if in automatic) should the mechanically-driven pump not supply sufficient flow or pressure.
All lube oil systems associated with a Mainline Pump manifold are placed online and offline
together in order to cater for the possible windmilling of Mainline Pumps.
The auxiliary lube oil pump can be switched on at any time to keep the lube oil circulating.
Lube oil cooling is achieved by means of a heat exchanger, which includes two cooling fans
controlled by means of a duty/standby controller.
Lube oil heating is achieved by means of heaters that are switched by means of dual
thermostats (hardwired). These heaters are also interlocked on and off from the PLC.
The control and monitoring functionality is achieved via the following devices:
Instruments
Mainline Pump P0x Lube Oil Flow FS 16x
Mainline Pump P0x Lube Oil Header Pressure PT 16x
Mainline Pump P0x Lube Oil Tank Level LT 16x Mainline Pump P0x Lube Oil Strainer Diff Pressure PDT 16x
Mainline Pump P0x Lube Oil Tank Temperature TT 16xA Mainline Pump P0x Lube Oil Cooler Outlet Temperature TT 16xB
Equipment
P0x Lube Oil Pump Xxx
P0x Lube Oil Cooling Fans 1, 2 Q0x P0x Lube Oil Heater H0x
6.10.2 Modes of Control
The Mainline Pump Lube Oil System may be controlled from the PCS either locally at the
Station or remotely from the MCC.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 111 of 363
Page 111 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.10.3 Modes of Operation
All devices related to the Mainline Pump Set shall have the following three Modes of
Operation:
Local
Manual
Automatic
6.10.4 Group Functionality
6.10.4.1 Lube Oil System
A lube oil system is left operational (auxiliary pump running) while the Mainline Pump is not
in operation in order to permit flushing of the pump-set. In addition, the power to the lube oil
heater is left ON, which ensures that the lube oil is kept at the right temperature to ensure a
“quick” start-up of the Mainline Pump.
6.10.4.1.1 Pressure Control (PT 16x)
A pressure transmitter is provided on the lube oil discharge header line for control and
monitoring of the lube oil system.
A “self-regulating” (mechanical) spillback pressure control valve is installed to protect the
lube oil system (set at 200 kPa).
If pressure in the lube oil header is below a pre-configured set-point, 150 kPa (low pressure),
the lube ready signal is removed (via P0x-LBRDY) and the Mainline Pump is prevented from
starting.
If the lube oil group is in automatic, the auxiliary pump is switched on automatically if the
pressure in the lube oil header drops below 120 kPa (low pressure) if the Mainline Pump is
not stopped.
If the pressure in the lube oil header drops below a pre-configured set-point, 80 kPa (low trip
pressure) while the Mainline Pump is running, the Mainline Pump is interlocked off. In order
to protect against lube oil leakage, the auxiliary lube oil pump is interlocked off if a lube oil
header low pressure trip condition exists (< 80 kPa) for longer than a configurable time (120
secs) with the lube oil pump running.
After initial start of the Mainline Pump operation the auxiliary pump is switched off after a
predetermined time (default 60 seconds) if the Mainline Pump is running and the lube oil
header pressure is above 120 kPa (the mechanical lube oil pump continues to supply enough
lube oil header pressure and flow).
6.10.4.1.2 Filtering System
A duplex filtering system is installed, one in operation and one for standby.
Switching between the operational and standby filters is done manually at the filters
themselves without interrupting the operation of the lube oil system. Indication of filter
blockage is achieved via a differential pressure alarm in the PLC (PDT 16x > 100kPa).
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 112 of 363
Page 112 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.10.4.1.3 Oil Cooling
Oil cooling is achieved by dedicated air coolers with redundant fans, one in operation and one
in standby. These fans are controlled by a duty/standby controller within the PLC (see PCS
Software Control Module Standard [3].
Each fan is designed to handle 100% of the cooling power needed by the system.
If the Mainline Pump is not running and the lube oil header temperature (TT 16xB) rises
above 60°C, the Mainline Pump is prevented from starting.
If the Mainline P0x is Running and the Lube Oil Header Temperature (TT 16xB) > 60°C, the
standby fan is started.
If the lube oil header temperature (TT 16xB) rises above 40°C and the lube oil group is in
automatic, the lube oil fan duty controller is started.
If the lube oil header temperature (TT 16xB) drops below 25°C, the lube oil fan duty
controller is stopped. It is also stopped when the Mainline Pump is stopped after a
configurable time (default 60 seconds).
The standby fan is stopped at TT 16xB < 55°C.
Note: At least one fan needs to be ready for duty for the Duty Controller to run
6.10.4.1.4 Temperature Control
A local thermostat-controlled heater is provided to heat up the lube oil in the lube oil tank.
An internal thermostat is installed to switch the heater on for temperatures below 25°C,
regardless of whether the associated Mainline Pump-set is running or not.
For safety reasons a second thermostat is installed to switch the heater off above 85°C
(manual reset required).
A third safety interlock is provided by the PLC as follows:
In the event of a lube oil tank temperature (TT 16xA) high (80°C) being detected, the supply
to this heater is interlocked off. A low temperature below 20°C results in the heater being
interlocked on.
A low lube oil temperature below 20°C in the lube oil tank (TT 16xA) prevents the Mainline
Pump from starting – if not already running (via P0x-LBRDY).
6.10.4.1.5 Level Control
A level transmitter (LT 16x) is installed on the lube oil tank for monitoring and control.
If a low level (40%) is detected inside the lube oil tank, the lube oil heater is interlocked off
and the Mainline Pump is prevented from starting in Auto and Manual.
A low alarm will be raised when the level drops below 50%. This will prevent the lube oil
from starting in Automatic and the mainline pump will be prevented from starting, in
Automatic and Manual.
A low-low lube oil tank level (25%) stops the lube oil pump X2x, unless the Mainline Pump is
running.
6.10.4.1.6 Flow Control
A flow switch (FS 16x) installed in the lube oil header is used as follows:
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 113 of 363
Page 113 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
If low flow is detected by the PLC while the Mainline Pump is running, the auxiliary lube oil
pump is started automatically. If low flow is still detected after 2 minutes of auxiliary lube oil
pump start, the Mainline Pump is tripped interlocked off.
If low flow is detected by the control system and the Mainline Pump is not running, this
interlock prevents the Mainline Pump from starting (via P0x-LBRDY).
A low lube oil tank level will prevent the lube oil pump from starting in Auto, when the
mainline pumps are not running.
6.10.4.1.7 Lube Oil Auxiliary Pump Control
An auxiliary lube oil pump is started in cases of no flow or low pressure (PT 16x < 120 kPa)
in the lube oil header when the Mainline Pump is not stopped and the lube oil device group is
in automatic.
After restart of the auxiliary lube oil pump by either No Flow or Low Pressure, the auxiliary
lube oil pump will remain on for a configurable time (default 90sec) if the Mainline Pump is
not stopped and the flow and pressure is healthy. This timer can be set to indefinite if the
auxiliary pump is required to run until an operator stop command.
The auxiliary lube oil pump is stopped on request by the operator in manual, irrespective of
whether the Mainline Pump is running or not. If the lube oil system is placed online by the
operator, it is restarted if not already running after the Mainline Pump has been switched off
(provided the lube oil device group is in automatic).
After initial start of the Mainline Pump the auxiliary pump is switched off after a
predetermined time (default 60 seconds) if the Mainline Pump is running and the lube oil
header pressure is above 120 kPa (the mechanical lube oil pump continues to supply enough
lube oil header pressure).
6.10.4.2 Lube Oil System Statuses
Two statuses are defined for the Lube Oil System that may be used in order to simplify the
interface into this packaged unit.
6.10.4.2.1 Lube Oil System Ready (P0x-LBRDY)
Lube oil system not ready status prevents the Mainline Pump from starting in automatic and
in manual.
Lube Oil Ready Status is defined as follows:
Condition Text Logic
LT16x Lube Tank Level Low
LT16x Lube Tank Level Low
If the Lube Oil tank level LT16x falls below the low level limit set-point (LT 16x < 50%).
TT16xA Temperature Not Between 20°C And 80°C
TT16xA Not Between 20°C and 80°C
The Lube Oil Tank Temperature TT 16xA is not between 20°C and 80°C then the P0x Lube Oil Group status indicates a not ready status.
TT16xB Temperature Not Between 20°C And 60°C
TT16xB Not Between 20°C and 60°C
The Lube Oil Cooler Outlet Temperature TT 16xB is not between 20°C and 60°C then the P0x Lube Oil Group status
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 114 of 363
Page 114 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
indicates a not ready status.
PDT16x Strainer Differential Pressure High
PDT16x Strainer Diff Press High
The Strainer Differential Pressure PDT 16x across Lube Oil duplex filters is greater than the High limit set-point (PDT 16x >100kPa(g)) then the P0x Lube Oil Group status indicates a not ready status.
PT16x Header Pressure < 150kPa
PT16x Header Press <150kPa
The Header Pressure PT16x is less than High limit set-point (PT 16x <150kPa(g)) then the P0x Lube Oil Group status indicates a not ready status.
FS16x Header Flow Not Healthy
FS16x Header Flow Not Healthy
The Header Flow FS16x is not healthy then the P0x Lube Oil Group status indicates a not ready status.
Table 6.10-1: P0x Lube Oil Ready Status
6.10.4.2.2 Lube Oil System Not-Healthy status (P0x-LBFLT)
Lube oil not-healthy status detected whilst the Mainline Pump is running trips the pump in
manual and automatic, and is defined as follows:
Lube oil header pressure below a predefined limit (PT 16x < 80kPa)
Lube oil inlet header flow (FS 16x not healthy, detected for 2 minutes)
6.10.4.3 Lube Oil Online Sequence
All lube oil systems (P0x) are started simultaneously, and are treated as one within the online
sequence.
The lube oil system online sequence is activated on:
A Start Online Sequence request from the SCADA or
A Station Lineup request or
A VSD Pump Set Offline Sequence request or
At the end of the Mainline Pump Flushing sequence
If any devices controlled by the sequence becomes Not Available (Xxx) during the running of
the online sequence, the sequence continues, complete with all associated Alarming and
Event Logging procedures. Placing the Group in Manual mode while the sequence is running
results in the sequence aborting.
See flow diagram for details:
7.2.7.1: Lube Oil Online Sequence
6.10.4.4 Lube Oil Online Indication
The Lube Oil is in an Online state if:
Xxx Running
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 115 of 363
Page 115 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.10.4.5 Lube Oil Offline Sequence
The lube oil system offline sequence is activated on:
A Start Offline sequence request from the SCADA or
A Station Isolation sequence request from the SCADA
Any faults encountered during the running of the offline sequence will result in the sequence
continuing to completion, complete with all associated Alarming and Event Logging
procedures. Placing the Group in Manual mode while the sequence is running results in the
sequence aborting.
See flow diagram for details:
7.2.7.2: Lube Oil Offline Sequence
6.10.4.6 Lube Oil Offline Indication
The Lube Oil is in an Offline state if:
Xxx Stopped
6.10.5 Group Availability
6.10.5.1 Lube Oil Availability
At least one of the Lube Oil systems should be available (as below) for the Lube Oil Sequence
to be available.
The following conditions will render the P01 Lube Oil Group "Not Available".
Condition Text Logic
Xxx Pump Not Available
Xxx Pump Not Avail
Refer to [3]
LT16x Lube Tank Level Low
LT16x Lube Tank Level Low
The Lube Tank level is below the Low alarm set-point (50%).
TT16xA < 20C Tank Temp Low
TT16xA < 20°C Lube Tank Temp Low
The Tank Temperature is below the Low alarm set-point (< 20°C).
Q0x Fan Duty Not Available
Q0x Fan Duty Not Avail
No Fans are Ready for Duty (Duty Controller)
Instrument Fault Instrument Fault Any Instrumentation Fault (FS16x, PT16x, LT16x, PDT16x, TT16xA and TT16xB)
Table 6.10-2: P0x Lube Oil Availability
6.10.6 Group Status
6.10.6.1 Group Alarm Status Indication
None defined
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 116 of 363
Page 116 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.10.6.2 Group Error Status Indication
None defined
6.10.6.3 Group Information Status Indication
None defined
6.10.7 Group Interlocks
The following interlocking strategies have been defined for the Lube Oil System Group:
6.10.7.1 Hardwired Interlocks
6.10.7.1.1 Lube Oil Electric Heater
If the lube oil reaches an alarm high temperature (85°C) the lube oil thermostat trips the
lube oil heater off and will need to be manually reset.
6.10.7.2 PLC Interlocks
6.10.7.2.1 H0x: Lube Oil Tank Temperature High
If a high lube oil temperature (TT 16xA > 80°C) is indicated the lube oil heater is interlocked
off.
6.10.7.2.2 H0x: Lube Oil Tank Temperature Low
If a low lube oil temperature (TT 16xA < 20°C) is indicated the lube oil heater is interlocked
on.
6.10.7.2.3 H0x: Lube Oil Tank Level Low
If the level (LT 16x) in the lube oil tank reaches a low level (LT 16x < 40%), the lube oil
heater is interlocked off.
6.10.7.2.4 Xxx: Lube Oil Tank Level Low
If the Mainline Pump is running and a low level is reached (LT16x < 25%) inside the lube oil
tank the auxiliary pump is not prevented from starting. This is to protect the Mainline Pump.
The limits will be configured at acceptable values to allow enough buffer that prevent
unnecessary stoppages of the Mainline Pump.
If the Mainline Pump is not running and the lube oil tank level low is reached (LT16x < 25%),
the auxiliary lube oil pump is interlocked off and the Mainline Pump is prevented from
starting in automatic.
6.10.7.2.5 Xxx: Lube Oil Header Pressure Low
The auxiliary lube oil pump is interlocked off in the event that the lube oil header pressure
low trip condition exists (<80 kPa) for longer than a configurable time (120 sec) while the
lube oil pump is running and provided the Mainline Pump is not running.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 117 of 363
Page 117 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.10.8 Failure Modes
None defined.
6.10.9 Graphic Representation
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 118 of 363
Page 118 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.11 Lube Oil System – RPP & COP Stations
This section is associated with the control of the Lube Oil Device Group and its associated
devices.
Lube Oil Systems of this type have been installed on stations associated with the RPP and
COP Pipelines.
6.11.1 Group Description
The lube oil device group comprises of a single lube oil system used to provide lubrication for
all associated MV Mainline Pump Sets installed on COP and RPP Stations.
A single lube oils system is used for the lubrication of pump set bearings where forced
lubrication is required. Lube oil is circulated through the pump set bearings and back to a
lube oil tank.
Pump sets may only be run with lube oil circulation active.
The control and monitoring functionality is achieved via the following devices:
Instruments
Lube Oil Flow FS 16x (RPP Pipeline installations)
Lube Oil Header Pressure PT 16x (COP Pipeline installations) Lube Oil Tank Level LS 16x (COP Pipeline installations)
Equipment
Lube Oil Pumps 1, 2 X0x, X0y
Lube Oil Cooling Fan Q0x
6.11.2 Modes of Control
Control is from the SCADA system locally at the station, or remotely from the MCC or SCC.
6.11.3 Modes of Operation
All devices related to the Lube Oil Group shall have the following three modes of operation:
Local
Manual
Automatic
6.11.4 Group Functionality
6.11.4.1 Duty Controller
No sequences have been defined for the lube oil system but the two lube oil pumps are
controlled according to the duty/standby controller typical (Refer to [3] for details).
Automatic selection of duty and standby status of pumps is based on Run Hour differentials
[Configurable in the PLC – Default 100 hours]. Note that each pump will run for a period of
twice the set point, i.e. 200 hours.
If the group is ready, the duty controller is activated from a:
Start sequence Request from the SCADA
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 119 of 363
Page 119 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
An indication “control active” is indicated on the SCADA. The duty controller is now activated
and will start and stop the lube oil pumps accordingly.
The duty controller is stopped from a:
Stop sequence Request from the SCADA
Manual mode
Group not available
6.11.4.2 Lube Oil Flow/Pressure
Mainline pumps can only run if the lube oil flow switch is active. If the duty controller is
running and the flow switch is not active, after a delay of 5 seconds the standby pump is also
started and the duty controller is switched off (duty control not active). The operator needs
to investigate the problem and restart the duty controller or stop the standby pump in
manual mode.
If no flow is detected after 15 seconds, the mainline pumps are interlocked off.
6.11.5 Group Availability
The following conditions render the DuC “Not Available”.
Condition Text Logic
Xxx Not Available Xxx Not Avail or Intlk Refer to [3]
Table 6.11-1: Lube Oil DuC Availability
6.11.6 Group Status
6.11.6.1 Group Alarm Status Indications
None defined.
6.11.6.2 Group Error Status Indications
None defined.
6.11.6.3 Group Information Status Indications
None defined.
6.11.7 Additional Device Alarms
None defined.
6.11.8 Group Interlocks
6.11.8.1 Hard-wired Interlocks
None defined.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 120 of 363
Page 120 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.11.8.2 PLC Interlocks
6.11.8.2.1 Xxx: Lube Oil Pump No Flow (RPP Stations only)
If a low flow (FS 16x) is detected while the Lube Oil Pump (Xxx) is running, after a
predefined time (15 seconds) after the pump has been started, the Lube Oil Pump is
interlocked off. This interlock and associated alarm is blocked if the pump is not running.
6.11.8.2.2 Xxx: Lube Oil Header Pressure Low (COP Stations only)
If a low header pressure (PS 16x) is detected while the Lube Oil Pump (Xxx) is running, after
a predefined time (15 seconds) after the pump has been started, the Lube Oil Pump is
interlocked off. This interlock and associated alarm is blocked if the pump is not running.
6.11.9 Graphic Representation
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 121 of 363
Page 121 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.12 HP Routing
This section is associated with the control and monitoring of HP Routing Manifold Device
Groups.
6.12.1 Group Description
Control and Monitoring functionality shall be achieved via the following devices:
Valves
Station Inlet Isolation Valve (XV IxA)
Station Outlet Isolation Valve (XV IxE)
Strainer Inlet Valves (XV SxA)
Strainer Outlet Valves (XV SxE)
Strainer Bypass Valves (XV SxK)
Main Flow Control Valve (CV PxJ)
Instrumentation
Station Inlet temperature (TTx21)
Station Outlet temperature (TTx22)
Station Inlet pressure (PTx21)
Station Outlet pressure (PTx22)
Strainer differential pressure (PDT x21)
Mainline Flow (FTx21)
Mainline Product Sonic Velocity (KT x21)
Remote Density (DTx21)
Remote Optic Interface Detector (OTx21)
Remote Chamber Intruder Alarm (AS x21)
Remote Chamber Panel Intruder Alarm (AS x22)
Station Inlet Chamber Intruder Alarm (AS x23)
Station Outlet Chamber Intruder Alarm (AS x24)
Remote Chamber High Level switch (LSH x21)
Station Inlet Chamber High Level switch (LSH x22)
Station Outlet Chamber High Level switch (LSH x23)
Where xx denotes the HP Routing Device Group ID
6.12.1.1 HP Strainers
Dual HP Strainers form a separate device group enabling local operation of strainers outside
of the HP Routing device group.
Single Strainers form part of the HP Routing device group.
6.12.2 Modes of Control
HP Routing may be controlled from the PCS either locally at the Station or remotely from the
MCC.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 122 of 363
Page 122 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.12.3 Modes of Operation
All devices related to the Mainline Pump Set shall have the following three Modes of
Operation:
Local
Manual
Automatic
6.12.4 Group Functionality
6.12.4.1 Remote Block Valve Chamber
The Remote Chamber may be used to house the following equipment:
Sphere Detector/s to detect incoming spheres or pigs.
Densitometer (DT-xx1) is used to measure product density and detect product
interface. Primary function of interface detection is assist in switching operations and
placement of device groups on flushing.
Optic Interface Detector (OT-xx1) and Sonic Velocity measurement (KT-xx1) is used
to detect product interface. Primary function of interface detection is assist in
switching operations and placement of device groups on flushing.
Intruder switches and a product level switch make up the remainder of the
instrumentation within the Remote chamber.
6.12.4.2 Station Outlet Isolation Valve Chambers
The Station Isolation Valve Pits are used to isolate the station for maintenance and shutdown
purposes. Pressure and temperature instrumentation installed in these pits are used in
conjunction with flow meters by the Pipeline Monitoring System for Leak Detection.
6.12.4.3 Product Identification: SCADA Line Colouring
Product Identification and the associated SCADA Line coloring for multi-product HP Routing
manifolds will be determined by valve status and interface detection i.e. volume tracking
through the station will not be provided.
Line coloring will not differentiate between different grades of the same product where the
product is determined by interface detection. Dedicated product lines will differentiate
between different grades of product where possible.
6.12.4.4 Density Hut HP Routing Panel
The Density Hut HP Routing Panel is installed where HP switching facilities are required at a
particular station and where they are required to be based on hydrometer readings as taken
within the Density Hut. The HP Routing Panel provides the following functionality:
6.12.4.4.1 Command Push-Buttons
The interface makes provision for the operator to issue the following commands to the
control system, on an individual sequence basis:
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 123 of 363
Page 123 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
1. Route xx Online (XS121) - integral P/Button / Lamp (Green)
2. Route xx Offline (XS122) - integral P/Button / Lamp (Red)
All command buttons comprise of an integral push-button/lamp facility, the lamp being lit
when the command button is enabled (as per the MDS Interface):
6.12.4.4.2 Indication Lamps
The interface makes provision for the following status indications from the control system to
the operator, on an individual sequence basis:
1. Route xx Online sequence available (XI121) - Lamp (Green). Lit when all
associated actuated valves are either available or in their correct state and all associated ZV’s are in their correct state.
2. Route xx Offline sequence available (XI122) - Lamp (Red). Lit when all associated actuated valves are either available or in their correct state and all
associated ZV’s are in their correct state.
3. Route xx running/online (XI803) - Lamp (Green). Flashes when the route is in the process of being opened. Changes to steady state on when the route has
been successfully put online. 4. Route xx running/offline (XI804) - Lamp (Red). Flashes when the route is in
the process of being closed. Changes to steady state on when the route has been successfully put offline.
5. Sequence Fault (XI805) - Lamp (Red). Lit when the selected sequence is in
Fault condition.
6.12.4.5 No Valid Flow-path Status
A HP Routing No Valid Flow-path status is determined by any of the valves on the route
being in a Not Open OR Wirebreak state. This status is used for mainline pump interlocking
purposes.
6.12.4.6 Pipeline Monitoring System Interface
Interface to the PCS is limited to the following functionality:
6.12.4.6.1 Station No Valid Flow-path
Station No Valid Flow-paths are used by the PLMS System for determining routes that are on
line. Station No Valid Flow-paths differ from Device Group No Valid Flow-paths in that 'valve
not-closed OR wire break' states are used (as opposed to 'valve open OR wire break' status).
The PLMS requires, as input, an indication of which routes are online. For a route to be
active, all the valves marked with ‘X’ are ((Not Closed) OR (Wirebreak)). When this condition
is true, the route is considered Not Closed. Each route has an associated inlet and outlet
flowmeter so that PLMS can verify the amount of product flowing into each direction.
Each route corresponds to a single bit of a 32-bit integer value and when a route is Not
Closed, the corresponding bit is high (e.g. 0000 0000 1000 0000 0100 0000 0000 0000). If
multiple routes are online, each corresponding bit will be high and the PLMS will perform bit-
stripping to determine which are not closed.
The no valid flow-path (required for LDS) for a particular source can be derived from no
routes open from that source.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 124 of 363
Page 124 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.12.4.6.2 Leak Detection RTA
The following statuses and alarms shall be interfaced from the PLMS System and
displayed/alarmed on the PCS:
Leak Detection warning and alarm
6.12.4.6.3 Batch Tracking RTA
The following statuses and alarms shall be interfaced from the PLMS System and
displayed/alarmed on the PCS:
Batch ETA (Estimated Time of Arrival)
6.12.4.6.4 Dynamic Pig Tracking RTA
The following statuses and alarms shall be interfaced from the PLMS System and
displayed/alarmed on the PCS:
Pig/Sphere ETA (Estimated Time of Arrival)
6.12.4.6.5 Pressure Dynamic Tracking RTA
The following statuses and alarms shall be interfaced from the PLMS System and
displayed/alarmed on the PCS:
MAOP Violation warning and alarms
Pressure POI (Points of Interest)
6.12.4.7 Flow Compensation
The uncompensated flowrate, FT 12x, is used by PLMS.
The compensated flowrate, FT 12x_S is used for control purposes. Flow compensation is
done using the pressure, temperature and density values as follows:
Flow Transmitter Pressure Temperature Density
FT 12x PT 12x TT 12x HP/LP Route dependent
Table 6.12-1: HP Routing Flow compensation
Where no densitometer is installed, a fixed density value per product is selected depending
on the online route. Where 2 routes are online (i.e. during switching), density for flow
compensation will be based on the first route open until the switch is completed. Refer to
section 7.1 for details.
6.12.4.8 Interface Detection
Density, Sonic Velocity and Refractive Index (OID) is currently used to detect interfaces on
the multi-products line, based on rate of change.
The “Interface Detected bit” will be configured to return a value of true based on rate of
change in the values of KT, DT or OT. The signal will be based on the following:
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 125 of 363
Page 125 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
There will be two Low Pass Filters to smooth noise out of the signal while allowing
detection of interface:
Reference LPF Value
Current LPF Value
The Reference LPF Value will have a time typical constant of 1 minute (configurable
per instrument) while the Current LPF Value will have a typical time constant of 5
seconds.
If the absolute value of the instantaneous difference between these two Low Pass
Filters is greater than a preconfigured threshold value (configurable per instrument),
the Interface Detected bit will be set.
The end of the interface is at the time when the difference between the Reference LP
Value and Current LPF Value drops and remains below the set threshold value for a
preconfigured time.
Should additional interfaces be detected, instantaneous alarms will be issued for each
occurrence. No volume tracking shall be provided and switching of interfaces to respective
interface tanks remains the responsibility of the operator.
6.12.4.8.1 Operator Flush
Any device group will not be flushed unless the operator places them online manually/locally.
Flushing is initiated by any of the following conditions (flush request bit is set):
an Flush Online Request from the SCADA, if not Online OR
a Manifold Flush Request from the SCADA Overview Screen, if not Online (Station
dependent) OR
a Route change (Station dependent)
Flushing will be terminated based on operator request.
A “Not flushed” status is determined by a device group not being placed on flush within a
configurable time (configurable within the PLC, for each device group) after flushing is
initiated.
Flushed status for device groups will no longer be tracked.
6.12.4.8.2 Interface Passed
After the interface detected bit has cleared and an additional pre-calculated time has elapsed
(configurable in PLC) has passed through the manifold, a bit “Interface Passed” is indicated.
This bit indicates that the interface has passed.
6.12.4.8.3 Interface in Station
The “Interface in Station” indicates that the product in the station is Intermix. This indication
is used for line colouring.
It is set when a “Interface Detected” alarm is triggered and reset when the “Interface
Passed” is active.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 126 of 363
Page 126 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.12.4.9 Station Discharge Pressure Deviation High
If the deviation between PT12x and PY12xA_AI is greater than a pre-defined percentage
(default 1%) an indication will be triggered. This deviation is calculated on the basis of a 5
min moving average. When the two signals fall within a configurable percentage (default
0.5%) of each other, this status is automatically reset.
6.12.4.10 Station Efficiency Calculations
Station efficiency information as calculated within the PLMS and displayed on the SCADA is
no longer required to be displayed on the SCADA.
6.12.4.11 HP Routing Sequences
6.12.4.11.1 HP Routing Matrix
A HP Routing Matrix is used by the operator for selection of multiple HP Routing sequences.
For Routing Matrix details refer to Section 4.9.
6.12.4.11.2 HP Routing Online Sequence
HP Routing online sequence is activated on receipt of:
an Online Request from the SCADA
an Online Request from the HP Routing Panel DH12 within the Density hut
A check is undertaken to ascertain if the HP Routing Group is "Ready". If so, the associated
HP Routing valves are opened or closed as required. If the group is not “Ready”, the
sequence cannot be initiated.
When the HP Routing Online sequence is initiated, the strainer software will also be enabled.
See typical flow diagram for details:
7.2.8.1: HP Routing Isolation Online Sequence (Typical)
All faults during the online process shall result in the Sequence aborting, complete with all
associated alarming and event logging procedures. Placing the Group in Manual mode while
the sequence is running will result in the sequence aborting.
6.12.4.12 HP Routing Offline
HP Routing off-line sequence is activated on receipt of:
an Offline Request from the SCADA
an Offline Request from the HP Routing Panel DH12 within the Density hut
A check is undertaken to ascertain if the HP Routing Group is "Ready". All Mainline Pumps are
stopped. Associated HP Routing valves are closed and opened as required.. If the group is
not “Ready”, the sequence cannot be initiated.
When the station is taken offline, the strainer flow path will remain. This implies that the
operator needs to change to manual and close the flow path should he want to close all
valves.
See typical flow diagram for details:
7.2.8.2: HP Routing Isolation Offline Sequence (Typical)
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 127 of 363
Page 127 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Any faults encountered during the running of the offline sequence will result in the sequence
continuing to completion. Device faults during offline shall be used to continue the Sequence,
complete with all associated Alarming and Event Logging procedures.
6.12.5 Group Availability
6.12.5.1 Sequence Availability
Availability is indicated on the ‘Routing Matrix Sequence’ button displaying either yellow (not
available) or green (available).
6.12.6 Group Status
6.12.6.1 Group Alarm Status Indications
The following Group Alarm Statuses are configured using display LEDs which are grey in the
inactive condition and red in the active condition, with an associated alarm. Refer to the
Alarm Configuration Database (3) for details including text to be used for the message.
Condition Text Logic
Station Discharge Pressure Deviation
SDP Deviation High Refer to Section 6.12.4.9
Strainer Sxx Blocked Strainer Sxx Blocked Refer to Section 6.12.4.9
Table 6.12-2: HP Routing Group Alarm Status
6.12.6.1.1 Station Discharge Pressure Deviation High
If the deviation between PT12x and PY12xA_AI is greater than a pre-defined percentage
(default 1%) will be alarmed as ‘Station Discharge Pressure Deviation'. This deviation is
calculated on the basis of a 5 min moving average. When the two signals fall within a
configurable percentage (default 0.5%) of each other, this status is automatically reset.
6.12.6.1.2 Strainer Blocked (Single Strainers)
If the duty strainer indicates a high differential pressure, an alarm shall be issued. This alarm
is reset once both the strainer valves are closed.
6.12.6.2 Group Error Status Indications
The following Group Error Statuses are configured using display LEDs which are grey in the
inactive condition and red in the active condition, with an associated event. Refer to the
Alarm Configuration Database (3) for details including text to be used for the message.
Condition Text Logic
HP No Valid Flow-path HP No Valid Flow-path Refer to Section 6.12.4.5
Station No Valid Flow-path
Station No Valid Flow-path Refer to Section 6.12.4.6.1
Remote Interface Detected
Remote Interface Detected Refer to Section 6.12.4.8
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 128 of 363
Page 128 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Table 6.12-3: HP Routing Group Error Status
6.12.6.3 Group Information Status Indications
The following Group Information Statuses are configured using display LEDs which are grey
in the inactive condition and green in the active condition, with an associated event. Refer to
the Alarm Configuration Database (3) for details including text to be used for the message.
Condition Text Logic
Interface in Station Interface in Station Refer to Section 6.12.4.8.3
Interface Passed Interface Passed Refer to Section 6.12.4.8.2
Table 6.12-4: HP Routing Group Information Status
6.12.7 Additional Device Alarms
None defined.
6.12.8 Group Interlocks
6.12.8.1 Hardwired Interlocks
None defined.
6.12.8.2 PLC Interlocks
None defined.
6.12.9 Failure Modes
None defined.
6.12.10 Graphic Representation
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 129 of 363
Page 129 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.13 Dual Strainers
This section is associated with the control and monitoring of Dual Strainer Device Groups.
Dual Strainers are installed within HP and LP Manifolds on most stations.
6.13.1 Group Description
The control and monitoring functionality is achieved via the following devices:
Instruments
Strainer S01 Diff Pressure PDT xx1 Strainer S02 Diff Pressure PDT xx2
Valves
Strainer S01 Inlet Valve XV S1A
Strainer S01 Outlet Valve ZV S1E
Strainer S02 Inlet Valve XV S2A Strainer S02 Outlet Valve ZV S2E
6.13.2 Modes of Control
Dual Strainers may be controlled from the PCS either locally at the Station or remotely from
the MCC.
This device group has a separate Mode of Control to that of HP/LP Routing, although they
appear on the HP/LP Routing graphics. The Strainer MoC is independently handed over, i.e.
does not necessarily follow the HP/LP groups MoC.
6.13.3 Modes of Operation
All devices related to the Mainline Pump Set shall have the following three Modes of
Operation:
Local
Manual
Automatic
6.13.4 Group Functionality
Dual strainers have separate control and indication per strainer leg.
Dual Strainer control is enabled from the associated HP/LP Routing online sequence.
6.13.4.1 Strainer States
6.13.4.1.1 Strainer Online/Flushing
The Strainer S01 is in an Online/Flushing state if:
XV S1A is Open AND
ZV S1E is Open / Wirebreak
The Strainer S02 is in an Online/Flushing state if:
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 130 of 363
Page 130 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
XV S2A is Open AND
ZV S2E is Open / Wirebreak
6.13.4.1.2 Strainer Offline
The Strainer S01 is in an Offline state if:
XV S1A is Closed OR
ZV S1E is Closed
The Strainer S02 is in an Offline state if:
XV S2A is Closed OR
ZV S2E is Closed
6.13.4.2 Strainer Flags
These flags are raised by the process control software as configured on the Strainer block.
The flags are used to generate Group Status Indications, Group Availability Indications and
for Group Event and Group Alarm logging. The triggering of each flag is described here in
detail.
6.13.4.2.1 No Valid Flow-path
A Valid Flow-path for the Strainer exists if the following conditions are met:
XV S1A AND
ZV S1E
OR
XV S2A AND
ZV S2E
Note that the "Open OR Wirebreak" state is required from each device.
6.13.4.2.2 Possible Strainer Hotspot
Should a Strainer leg fail to be flushed (i.e. the Flushed flag is not raised or the Failed to
Flush flag is raised) and the Strainer leg moves from an Offline state (as determined by valve
status), a Possible Hotspot flag is raised.
6.13.4.2.3 Strainer Not Flushed
The Strainer Not Flushed indication is provided when a flush is requested and a strainer leg
has not been placed online, either automatically or manually; the interface has passed
through the station and a configurable timer has elapsed.
6.13.4.2.4 Strainer S0x Blocked
Set strainer S0x blocked
PDT xx1 high for 5 seconds
Reset strainer S0x blocked
PDT xx1 Not High AND
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 131 of 363
Page 131 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
XV S1A is Closed AND
ZV S1E is Closed
The Strainer Blocked flag is indicated on the SCADA per strainer leg. This flag results in the
Strainer software being disabled and will generate a message "Strainer Software Disabled" on
the SCADA.
Alarm and trip set points on PDT xxx shall be configured so as to give the operator enough
time to take corrective action on receipt of the alarm.
6.13.4.2.5 Strainer Fault
A Strainer Fault flag is raised in the event that the online Strainer Blocked flag is active and
the standby strainer is not available or online as detailed below:
S01 Blocked AND (S02 Not Online AND S02 Not Available) OR
S02 Blocked AND (S01 Not Online AND S01 Not Available) OR
S01 Blocked AND S02 Blocked
6.13.4.2.6 Strainer Failure Modes
The following conditions detail the Strainer Failure modes:
PDT Failure - Switch and Disable Strainer Software
Wirebreak on Online XV - Switch and Disable Strainer Software
Wirebreak on Offline XV - Disable Strainer Software
Wirebreak on either ZV - No Change, Strainer Software remains
Enabled
6.13.4.2.7 Enable Strainer
The “Enable strainer” flag is set (Strainer is enabled):
From HP/LP Route Online sequence OR
From the Enable Strainer Button
The “Enable strainer” flag is reset (Strainer is disabled):
From HP/LP Route Offline Sequence, if the Route is Online OR
Strainer Group in manual OR
Strainer Fault
The Enable strainer flag will activate the dual strainer control software.
6.13.4.2.8 Strainer Control
The intention of the dual strainers is to provide a flow path through one strainer leg at all
times.
Bumpless transfer will be achieved when changing the group between automatic and manual
modes.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 132 of 363
Page 132 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
When the Strainer is enabled it will ensure a strainer leg is Open. Strainer S01 has the higher
priority. When the online strainer is blocked, the software will open the other strainer and
close the blocked strainer. No control action will be taken when the Strainer is disabled.
Strainer S01 Online flag (command):
Strainer S02 Not Online AND
Strainer S02 Not Available
OR
Strainer S02 Blocked AND
Strainer Enabled flag AND
Strainer S01 Not Online AND
Strainer S01 Available
Strainer S01 Offline flag (command):
Strainer S01 Blocked AND
Strainer S02 Online AND
Strainer Enabled flag AND
Strainer S01 Available
Strainer S02 Online flag (command):
Strainer S01 Not Online AND
Strainer S01 Not Available
OR
Strainer S01 Blocked AND
Strainer Enabled flag AND
Strainer S02 Not Online AND
Strainer S02 Available
Strainer S02 Offline flag (command):
Strainer S02 Blocked AND
Strainer S01 Online AND
Strainer Enabled flag AND
Strainer S02 Available
If both Strainers are Online and the Strainer Software is enabled, both legs are left Online.
Refer to the Dual Strainer Control Logic detailed in Figure 6.13-1 below.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 133 of 363
Page 133 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Software
Disabled
S06 Online
S05 Online
S05 & S06
Offline
Flush Requested
Software Enabled
If Available
Flush Complete,
Take S06 Offline
S05 Blocked OR
Fault
S06 Offline
Attempt To Take
S06 Offline
Disable Software
S06 Fault
Figure 6.13-1: Dual Strainer (LP Intake) Control Logic
6.13.4.3 Dual Strainer Flushing
A Dual Strainer Flush is initiated from:
A Manual Flush request from the SCADA if Not Online OR
A Receipt of a Manifold Flush Request from the SCADA Overview Screen if Not Online
OR
a Route change (Station dependent)
On receipt of a flush request, the offline strainer valves are opened.
Strainers not flushed will need to be manually isolated, drained and re-primed by operators
on site.
Flushing will be terminated based on operator request.
Flushed status will no longer be tracked.
6.13.5 Group Availability
6.13.5.1 Strainer S01 Availability
The following conditions render the Strainer S01 “Not Available”:
XV S1A Not Opened AND Not Available OR
ZV S1E Not Opened AND Not Wirebreak OR
PDT 801 Blocked OR PDT Fault
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 134 of 363
Page 134 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.13.5.2 Strainer S02 Availability
The following conditions render the Strainer S02 “Not Available”:
XV S2A Not Opened AND Not Available OR
ZV S2E Not Opened AND Not Wirebreak OR
PDT 802 Blocked OR PDT Fault
6.13.5.3 Dual Strainer Availability
The following conditions render the Dual Strainer Device Group “Not Available” for LP routing
sequences:
(Strainer S01 Not Available OR not in Auto) AND
(Strainer S02 Not Available OR not in Auto) AND
No Valid Flow-path through the Strainer Set
Note: HP Sequence Availabilities use "Strainer Not Ready AND No Valid Flow-path".
6.13.6 Group Status
6.13.6.1 Strainer (LP Intake) Group Status
The following status indications are to keep the Operator informed of the status of the
Strainer.
6.13.6.1.1 Group Alarm Status Indication
The following Group Alarm Statuses are configured using display LEDs which are grey in the
inactive condition and red in the active condition, with an associated alarm. Refer to the
ACDB (4) for details, including the text to be used for the alarm messages.
Condition Text Logic
Possible Strainer S01 Hotspot Possible Strainer S01 Hotspot Refer to Section 6.13.4.2.2
Possible Strainer S02 Hotspot Possible Strainer S02 Hotspot Refer to Section 6.13.4.2.2
Strainer Fault Strainer Fault Refer to Section 6.13.4.2.5
Table 6.13-1: Strainer (LP Intake) Group Alarm Status
6.13.6.1.2 Group Error Status Indication
The following Group Error Statuses are configured using display LEDs which are grey in the
inactive condition and red in the active condition, with an associated event. Refer to the
ACDB (2) for details, including the text to be used for the event messages.
Condition Text Logic
Strainer No Valid Flow-path
Strainer No Valid Flow-path Refer to Section 6.13.4.2.1
Strainer S01 Blocked Strainer S01 Blocked Refer to Section 6.13.4.2.4
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 135 of 363
Page 135 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Strainer S02 Blocked Strainer S02 Blocked Refer to Section 6.13.4.2.4
Strainer S01 Not Flushed Strainer S01 Not Flushed Refer to Section 6.13.4.2.3
Strainer S02 Not Flushed Strainer S02 Not Flushed Refer to Section 6.13.4.2.3
Strainer Software
Disabled
Strainer Software Disabled Refer to Section 6.13.4.2.7
Table 6.13-2: Strainer (LP Intake) Group Error Status
6.13.6.1.3 Group Information Status Indication
None defined.
6.13.7 Group Interlocks
6.13.7.1 Hardwired Interlocks
None defined.
6.13.7.2 PLC Interlocks
None defined.
6.13.8 Failure modes
None defined.
6.13.9 Graphic Representation
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 136 of 363
Page 136 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.14 Flow Control – HP Application
This section is not a device group on its own, but these devices and associated control forms
part of the HP Routing device group.
6.14.1 Group Description
The Flow Control Valve installed after the Pump Manifold is used for closed loop control, to
control Station Suction Pressure ICP (Set point configurable by the operator via SCADA),
Manifold Flow (Set point configurable by the operator via SCADA) or Station Discharge
pressure SDP (Set point configurable by the operator via SCADA).
Preferred control at delivery stations is flow, whilst through and intake stations may be either
ICP or SDP control.
The control and monitoring functionality is achieved via the following devices:
Valves
Mainline Flow Control Valve CV PxJ
Instrumentation
Mainline Flow (compensated) FT 121_S2
6.14.2 Modes of Control
HP Flow Control may be controlled from the PCS either locally at the Station or remotely from
the MCC.
This device forms part of the HP Routing device group, and thus does not have its own Mode
of Control.
6.14.3 Modes of Operation
The Control Valve has its own Mode of operation, independent of the Group:
Local
Manual
Automatic
Default mode of operation is Auto.
This control valve has a mode of operation that is independent of the HP routing group.
6.14.4 Group Functionality
6.14.4.1 Non-Modulating Actuators
The control valve position is determined by inching and stepping the valve open/ closed.
6.14.4.2 Modulating Actuators
The control valve position is determined by a 4-20mA analogue output signal.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 137 of 363
Page 137 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
xxx
PT
xxxCV
xxxCV
FT
xxx
xxxPT
PT
xxxFIC
xxxPT
xxxPIC
xxxOVR
xxxOVR xxx
PICxxx
OVR
ICP
Route
dependant
SDP
Not UsedFLOW
xxxMAN
SP SPOR
SP
SP
CONTROL VALVE
SPOR
SPOR
0%
100%
SPOR
ICP
Va
lve
Ove
rrid
e
Po
stio
n
0%
100%
Flow/SDP
Va
lve
Ove
rrid
e
Po
stio
n
SPOR
OVERRIDE FUNCTIONS
LinearisationLinearisation
FT xxx_S
>
Figure 6.14-1: Flow Control – HP Application
Control valves are part of the respective HP Device Group and do not have their own graphic.
Hence the PV’s and control loop are not visible to the operator.
The Control Valve typical has two PID loops configured, each with a hard coded override.
Based on the application, the configured PID loops may be any two of the following
Flow PID
ICP PID
SDP PID
The operator can choose to control on any of two pre-configured PV’s (pre-configured in the
PLC depending on the application):
Flow (Default for Delivery Stations)
ICP (Default for Through and Intake Stations)
Manual (manual mode only)
When a control parameter is chosen, the other parameters are in override control. The set-
points for override control revert back to the override set-points (not operator settable). Note
that the operator set-points are not overwritten and are reverted to should the operator
change back to the original control parameter. The PID loops are not active in manual.
Override Curve
A hard ramp override curve exists for each PID loop. This is enabled when the PID is too
slow to catch transients. This is especially true if the PID loop is tuned for slow response to
reduce wear on the valve.
6.14.5 Group Availability
Not required.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 138 of 363
Page 138 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.14.6 Group Status
6.14.6.1 Group Alarm Status Indications
None defined.
6.14.6.2 Group Error Status Indications
None defined.
6.14.6.3 Group Information Status Indications
None defined.
6.14.7 Additional Device Alarms
None defined.
6.14.8 Group Interlocks
6.14.8.1 Hard-wired Interlocks
None defined.
6.14.8.2 PLC Interlocks
6.14.8.2.1 50-CV PxJ: All Routes Closed
The control valve is interlocked closed (i.e. set-point set to 100% and as a result the valve
will ramp closed) when all associated Routes are Closed.
6.14.9 Failure Modes
On instrument failure, the instrument goes into override value, complete with alarming.
Operator action will be required to prevent control loop wind-up.
6.14.10 Graphic Representation
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 139 of 363
Page 139 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.15 Duty and Speed Control
[Copied from 2684358-S-A00-IN-SP-060/G52001-W4000-U412 Rev 05]
The Duty and Speed Control Device Group is associated with the control of MV Mainline
Pumps – VSD (Parallel Configuration).
MV Mainline Pumps – VSD (Parallel Configuration) have been installed on stations associated
with the new 24” Multi-product Pipeline.
6.15.1 Group Description
Mainline Pumps – VSD (Parallel configuration) are controlled with a single speed set-point
based on the station ICP, SDP or flow, using PID controllers.
A duty controller attempts to match the required number of running pumps with process
conditions.
Each pump has a dedicated drive control which ensures that the individual pump is operated
within its allowable zone.
The following figure details the principle of control:
M
Receiver
M
MM M
M
PT
ES PTFT
PT
ES PTFT
PT
ES PTFT
MM
M
Launcher
DT M
M PT PT TT
TT PT PT M
FT
PIC < PIC
∑
FIC
SDPICP
Speed Setpoint to Drive
Control
Linearisation
MAN
Operator Manual
Speed Input
DrC
DrC
DrC
Figure 6.15-1: Control Methodology
The Station Control Loop will consist of three distinct controllers:
Duty Controller
Speed Controller
Drive Controller
These controllers are described in more detail in subsequent sections below.
The following figure details the functional interface between these three controllers:
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 140 of 363
Page 140 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
2. Duty Controller
1. Speed Control
V
S
D
V
S
D
V
S
D
3. Drive
Control
3. Drive
Control
3. Drive
Control
Line Wide
Control (LWC)
Drive
Interface
Drive
Interface
Drive
Interface
ICP/SDP/FC
Setpoints
Pump Quantity
Setpoint, Status,
and Sequence
Initation
Flush Request
Speed Setpoints
Pump Requests/
Status
Manual Overrides
Station Duty & Speed Control
Process Feedback (PT,FT
etc)
Trips, Statuses &
Modes of
Operation
Figure 6.15-2: Simplified Pump Station Control Methodology
The Line Wide Controller (LWC) will monitor and control the entire trunkline by manipulation
of each station’s individual set-points. Control loops will be executed by the station control
on the set-points provided by the LWC, and process feedback will be provided to the LWC.
The following signals are used for feedback into the Station Duty & Speed Controller:
Variable Speed Drive
Mainline Pump P0x Speed Reference SC 0x1 Mainline Pump P0x Speed ST 0x1
Instrumentation
Station Inlet Pressure PT 121
Station Discharge Pressure PT 122 Station Inlet Flow FT 121
Mainline Pump P0x Flow FT 0x1
Where x defines the pump number.
6.15.2 Modes of Control
The Station Duty and Speed Control Group shall be controllable both locally from the SCADA
System installed at the Station as well as remotely from the Master Control Centre (MCC).
6.15.3 Modes of Operation
6.15.3.1 Duty Controller (DuC)
The Duty Controller has the following modes of operation:
LWC
Manual
SWC
Refer to section Duty Controller (DuC) for more information.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 141 of 363
Page 141 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.15.3.2 Speed Controller (SpC)
The Speed Controller’s PID control loops will always be in Automatic (i.e. active).
It will be possible to switch the Station Controller into one of the following modes of
operation:
LWC
Manual
SWC
The Speed Controller provides functionality to allow disabling of the Flow PID controller,
External Speed Set-point and the Manual Operator Speed Set-point.
Refer to section Speed Controller (SpC) for more information.
6.15.3.3 Drive Controller (DrC)
The Drive Controller will always be in Automatic. It will be active whenever its VSD is not in
Local.
Refer to section Drive Controller (DrC) for more information.
6.15.4 Group Functionality
6.15.4.1 Duty Controller (DuC)
The DuC consists of two functional areas:
Run Hour Management
Pump Selection
The Duty controller in Running state is responsible for all remote requests to start and stop
pumps. As a result no Line Wide Controller (remote) sequence can request an individual
pump start without going through the Duty Controller.
For each pump set group there will be an Online, Offline and Flush sequence. These
sequences are available to the operator for starting, stopping and flushing pumps in
Automatic. The Duty Controller will track the states of the pumps and adjust accordingly.
The Duty Controller will trigger the Online and Offline sequences for starting and stopping
pumps.
The diagram below depicts the envisaged control loop for the Duty Controller.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 142 of 363
Page 142 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Pump Scheduler
(DuC)
Load Matching
(DuC)
LWC Mode of Operation
Operator Mode of Operation
LWC Nr Pumps
Operator Nr Pumps
Px Speed FB
Flush Request
Nr Run Pumps Required
Px Ready
Px Online FB
Px Run/Standby Hours
Px Reset Trip for Duty
Px Start Command Pulse
Px Stop Command Pulse
Nr Run Pumps Required
Px Running FB Mask
Nr Running Pumps FB
To / From VSD Pump x Typical, where 1 <= x <= 8
Flush Request
Ave Speed
Speed > Max Speed SP (Staging)
Speed < Min Speed SP (Staging)
Min Switching Speed SP
Max Switching Speed SP
Startup State Matrix
Remaining Time To Start / Stop Next Pump
LWC Start/Stop Command
Actual Mode of Control
Duty State
Operator Start/Stop Command
Run Hr Mgr
(DuC)Px Standby Time
Mx Run Time
Px Run Time
Px Run/Standby Hours
Px Running FB
Px Init Val
Mx Init Val
Px Reset
Mx Reset
Px Trip FB
Pump Sched Stop
Px Flow FB
Figure 6.15-3: Duty Controller Loop
Duty Control will comprise three components:
A Load Matcher to manage set-points and calculations for the “Number of Running
Pumps Required”.
A Run Hour Manager to track pump and motor run and standby hours and provide
information to the Pump Scheduler for pump start / stop order prioritization.
A Pump Scheduler to determine the order in which pumps should start or stop.
6.15.4.1.1 Duty Controller - Pumps Availability
The operator shall start the Duty Controller manually. It can also be started from Station
Online Sequence.
The operator may at any time stop the Duty Controller. This will trigger the Offline sequence
for all running and ready pumps regardless of their availability for duty control. When the
Duty Controller is already in a stopped state, it will not start or stop pumps anymore.
The Duty Controller can only be started if the number of requested pumps is equal or lower
to the number of "Available" pumps.
Pump availability for Duty Control is a combination of two conditions:
Pump "Ready" status
Control button at Duty Controller Faceplate is switched to "AVAIL" mode
The Operator can always exclude pumps from availability by switching control button to the
"NOT AVAIL" state. They will not be treated as "Available" for Duty Controller (i.e. will not be
started by Duty Controller) even if they are ready.
The Duty Controller faceplate below shows:
Pump P01 - Ready and Available (for duty),
Pump P02 - Ready but Not Available (operator action required),
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 143 of 363
Page 143 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Pump P03 - Not Ready (can't be selected as Available).
Figure 6.15-4: Duty Controller Faceplate
A pump can lose "AVAIL" state in two cases:
Pump was tripped - control button will change state to “NOT AVAIL” and become
disabled
Pump was "Not Flushed" (Fsh LED is red) and is not "Ready" status (for example
Pump was interlocked before was flushed or was in Manual mode when "not flushed"
state occurred)
If pump with "AVAIL" status becomes not ready, the control button will be disabled but it
remains in "AVAIL" mode. Once it is ready again, it is enabled automatically and the Pump
will be ready for duty control.
When a pump trips (latched or unlatched) it becomes unavailable for duty control (NOT
AVAIL) until reset from the Duty Controller.
To reset a trip on the Duty Controller faceplate, the operator has to change the mode for a
specific Pump (using control button) from “NOT AVAIL” to “AVAIL” after the button is
enabled.
Note: The Duty Controller will latch a “Not Flushed” condition which will prevent the Duty
Controller from starting the pumpset. This “Not Flushed” condition is cleared by running the
pump at a speed of the minimum set-point. Irrespective of the state of the “Not Flushed”
condition, the operator can manually enable the pump for operation for duty control (by
switching the "Not Flushed" Pump to “AVAIL” state after Pump is "Ready" again).
6.15.4.1.2 Duty Controller - Pumps Startup
The Duty Controller has three states:
Startup
Running
Stopped
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 144 of 363
Page 144 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
The Startup State will look at three operator-configurable parameter sets: Normal (default),
Tightline, and Slackline. Each parameter set comprises the following parameters:
Number of Pumps Required
Pump Speed (for use by the Speed Controller)
Time Expired Trigger Startup Condition
ICP ROC Trigger Startup Condition
SDP Trigger Startup Condition
Flow Trigger Startup Condition
Figure 6.15-5: Duty Controller Faceplate
When started by the SWC, the Duty Controller uses the Startup Matrix (according to the
selected Mode: Normal, Tightline, Slackline) to determine the number of required pumps and
speed.
Duty Controller remains in Startup state until one of the following triggers occurs:
Timer compared with Time Trigger elapsed
Actual value for ICP ROC is greater than ICP ROC Trigger
Actual value for SDP is less than SDP Trigger
Actual value for Flow is greater than Flow Trigger
After a trigger occurred the Duty Controller is changing state from Startup to Running and is
activating the Load Matching function.
Once a trigger is detected, the Duty Controller changes state from Startup to Running and
activates the Load Matching function.
The Speed Controller sets the initial value of the ICP as the set-point. By default the Speed
Controller operates in ICP mode.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 145 of 363
Page 145 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
If the active set-point is greater than the actual SDP value, the Speed Controller
changes to SDP mode. The set-point is changed to the SDP set-point.
If the active set-point is greater than the Flow value AND the FlowPID is enabled, the
Speed Controller changes to Flow mode. The set-point is changed to the Flow set-
point.
If the active set-point is greater than the Operator value AND the Operator speed is
enabled, the Speed Controller changes to Operator mode. The set-point is changed
to the Operator set-point.
If the active set-point is greater than the Duty Controller set-point value AND Duty
Control is enabled, the Speed Controller changes to Duty Control mode. The set-point
is changed to the Duty Control set-point.
6.15.4.1.3 Load Matching
The Load Matching component will inhibit load matching calculations while in Startup state.
Upon any of the trigger conditions being achieved, the Load Matching component will go to
Running state.
The Load Matching component is responsible for managing the “Number of Running Pumps
Required” based on its mode of operation.
LWC: The “Number of Running Pumps Required” is, determined by the LWC; i.e. the LWC
passes down the Number of Running Pumps Required based on the required flow set-point
from the Trunkline.
Manual: The “Number of Running Pumps Required” can be entered via a faceplate. The
operator should be able to enter a value of pumps required. This is the default mode with a
value of 1.
SWC: The “Number of Running Pumps Required” is determined by the local station to
enable standalone station operation. The logic behind this selection is based on pump
loading.
This logic shall implement damping to prevent oscillation of starting and stopping
pumps. Any changes in the number of pumps running in response to the local logic
shall require a period of stabilisation before another decision is made.
If the pump speed is above 90% (configurable) for more than a configurable time,
then the “Number of Running Pumps Required” should be increased by 1.
If the pump speed is below 70% (configurable) for more than a configurable time,
then the “Number of Running Pumps Required” should be reduced by 1.
Note that Mode of Operation changes will be edge-triggered; i.e. last one wins.
The Load Matching component will include a configuration parameter for “Auto Load
Matching”. If enabled, the Load Matching component will use LWC “Number of Running
Pumps Required” for start conditions. After a configurable timer has elapsed, the Load
Matcher will revert to calculations executed in SWC Mode of Operation without a mode
change.
6.15.4.1.4 Run Hour Manager
The main function of the Run Hour Manager is to totalise the run hours. The management
will have the following functionality:
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 146 of 363
Page 146 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Totalise individual pump and motor run hours separately.
Totalise total individual pump and motor hours since last maintenance (resettable
from SCADA); This shall be protected by password
There are a total of 2 run hours values for a pump set which shall be visible from the
SCADA and 1 x Standby time.
The hours for both the pump and the motor totalizers shall be integrated based on
the running feedback from each motor, therefore it tracks local operation of the
drive.
The standby time (time for which the pump set does not have running feedback) of
each pump and motor shall also be tracked and automatically reset with running
feedback.
6.15.4.1.5 Pump Scheduler
The Pump Scheduler is responsible for ensuring that the “Number of Running Pumps
Required” is achieved.
The following events will be used to initiate a start and stop request to a pump:
Pump trip (will initiate a pump start on the pump marked next to start as detailed
below)
Pump stop (in manual or local)
”Number of Running Pumps Required” changes
Note that pump start and stops will only occur on these start and stop events. Therefore
pumps will not be cycled without an event.
Note that the operator may at any stage force a change by stopping a drive.
The pump chosen to start next will be based on the following criteria:
Pump Ready and selected as "AVAIL" on Duty Controller faceplate. Only that pump
will be "Ready for Duty".
Pump Standby Time – the pump with the highest standby time will be started.
The pump chosen to stop next will be based on the following criteria:
Pump Ready – only pumps marked as “Ready”, correct MoC and running will be
selectable to stop.
Pump Running Hours – The pump with the highest running hours (since last
maintenance) will be stopped.
Note: The Pump may be “Ready” but will still not be in the Duty Controller’s control until it
has been set for duty (with Duty Control button). Stopping Duty Controller will stops all
pumps regardless of MoC.
6.15.4.1.6 Flushing
To avoid conflict of control and loss of flushing functionality when the Duty Controller is in
Stopped state, the Duty Controller will inhibit its activity while at least one of the flushing
sequences is active.
In any Mode of Operation, the Duty Controller will track the drive online and ready feedback
statuses as well as the “Number of Running Pumps Required” set-point from either the LWC,
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 147 of 363
Page 147 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
SWC or the operator but will not start or stop any pumps. After flushing has completed, the
Duty Controller will immediately revert to the “Number of Running Pumps Required”.
Upon completion of flushing, the Duty Controller will resume its functionality and return the
station to the current “Number of Running Pumps Required” state using the rules described
in the section above. Note that this may result in different pumps running to what was
running before.
If a pumpset was not flushed, the Duty Controller will latch a Not Flushed condition as
described in the section above.
6.15.4.2 Speed Controller (SpC)
The Speed Controller Loop consists of three independent PID controllers (ICP, Flow, SDP)
and an Override Controller.
The PID Controllers will always be active and their outputs will be limited between the drive
minimum (configurable in the PLC source code) and maximum (100 %, configurable in the
PLC source code) speeds.
The Override Controller will select the active controller and switch its output to the drives.
This switch is inherently bumpless as the override controller will act as a minimum selector.
Gain Scheduling will allow PID gains to be modified in response to changes in the number of
running pumps.
Linearization will be used to linearize the output from the ICP & SDP controllers.
The Station Speed Controller will be activated as soon as at least one pump set is operating
“At Station Set-point” (see section Drive Controller (DrC) for details). While inactive, the
Speed Contoller’s Station Set-point will be set to drive minimum speed (60 %).
The following figure depicts the envisaged control loop for the Speed Controller:
Flow SP
Flow FB
SDP SP
SDP FB
ICP FB
From Duty Controller
Gain
Scheduler
Nr Pumps at Station SP
Selected
Controller
Tracking Output
Enable Flow Ctrl
ICP SP
Flow
PID
SP
PV
Gains
MV
TRK SP
LIM
ICP
PID
SP
PV
Gains
MV
TRK SP
LIM
SDP
PID
SP
PV
Gains
MV
TRK SP
LIM
Gain
Scheduler
Gain
Scheduler
External Speed SP
Station SP
Enable Station ControlCount > 0
Px At Station SP
Pn Clamp Max Flow
Pn Clamp Min Flow
PID LIM
EN
From Drive Controller
Setpoint
Manager
LWC Setpoints
SWC Setpoints
Mode of Operation
Override Controller
(SpC)Operator Speed SP
Figure 6.15-6: Speed Controller Loop
The Speed Controller will comprise the following constituent components which are detailed
in subsections below:
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 148 of 363
Page 148 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Set-point Management: this functionality will manage LWC set-points SWC, or
manual set-points and allow for switching between the two sets of set-points.
Manual Entry of Speed: this functionality allows the operator to enter an Operator
Speed Set-point. This entry will only be enabled in Manual Mode of Operation.
Gain Scheduling: a number of sets of gains will be tuned and managed per PID
controller. The gain set will be chosen based on the number of pumps that are
running At Station Set-point.
Flow PID Controller: this PID controller controls the Station Flow Rate.
Flow controller can be enabled / disabled from the Set-point Manager.
ICP PID Controller: this PID controller controls the Station Incoming Pressure.
SDP PID Controller: this PID controller controls the Station Discharge Pressure.
Pressure linearization function for ICP and SDP PID controller outputs.
Override Controller: this controller bumplessly switches the output of the active PID
controller to the Drive Controller. It also performs Limit calculations to prevent
integral windup.
6.15.4.2.1 Set-point Management
The Set-point Management component is responsible for managing the ICP set-point, SDP
set-point, Flow set-point, Operator Speed set-point, Flow enable / disable and Operator
Speed enable / disable based on its mode of operation:
LWC: The LWC will pass down the Flow, ICP and SDP set-points. The Operator Speed Set-
point will be disabled.
SWC: The operator will first nominate a preferred controller (i.e. Flow, ICP, SDP, Operator
Speed Set-point) and then provide a set-point for that controller. Upon nominating the
preferred controller, the other controllers (ICP and/or SDP respectively) will revert to their
override (protective) set-points. These protection set-points are editable from the SCADA
(e.g. for slackline protection) but will be limited to the upper SDP limit for line protection and
the lower ICP limit for pump protection (these limits are hardcoded in the PLC per pump
station). Note that if the Flow controller is disabled at this station, the operator will not be
able to nominate this controller as the preferred controller.
An External Speed Set-point will be provided by the Set-point Controller to drive the VSDs to
a certain set-point during Startup conditions (note: protective controllers are still active).
Once the Duty Controller is in Running state, this input will be disabled.
Manual: Refer to Section 6.15.4.2.2 Manual Entry of Speed below.
The Speed Controller will either be in Line Wide Control, Station Wide Control or Manual
modes of operation. It will not be possible to have a mixture of set-point sources.
The Set-point Management component will allow the changing of the mode of operation from
both the Line Wide Controller and the Station operator (last one wins).
All set-point changes to the PID controllers shall be ramped to the new value. The ramp rate
will be individually configurable per PID controller.
In LWC mode, the set-point from the SWC shall be tracked to match the LWC set-point.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 149 of 363
Page 149 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.15.4.2.2 Manual Entry of Speed
The “Operator Speed Set-point” will be entered as a percentage of drive speed and will be
limited to the minimum (site depend) and maximum (100%) of the VSD with visual feedback
to the operator that the entry is out of bounds.
When active, the Operator’s Speed Set-point will be included by the Override Controller. The
ICP and SDP protective PID loops are still active, but their set-points are governed at the
respective protective values. The Flow PID loop will be set to track.
Transitions from Manual Mode of Operation back to LWC or SWC Modes of Operation will
result in set-points being ramped and the output remaining bumpless.
6.15.4.2.3 Gain Scheduling
All PID controllers support gain scheduling. The PID gain parameters change in response to
the number of pumps running “At Station Set-point”.
The update of PID settings will match the number of pumps currently running “At Station
Set-point” (controlled by the station controller).
Starting and stopping pumps will be seen as a disturbance. Upon completion of the startup
ramp the Drive Control will switch to “At Station Set-point” and the PID gain parameters will
be changed. Upon detecting a pump stop event (number of “At Station Set-point” pumps will
decrease on event), the PID gain parameters will be changed.
6.15.4.2.4 Flow PID Controller
This is a PID controller which ensures the station is achieving its desired flow rate. This PID
controller is disabled if it is not required.
The flow PV is the summation of the individual pump flows or from common flowmeter (site
depend).
The Flow loop is always in Automatic and cannot be set to manual.
The Flow PID’s set-point and set-point mode will be handled by the Set-point Management
component detailed above.
By factoring in “Station Speed Set-point” from the Override Controller, the Flow PID will
prevent integral windup when it is not the active controller.
6.15.4.2.5 ICP PID Controller
This is an override control which ensures the pump ICP is within limits. Depending on the
chosen set-point, this controller may operate as the preferred controller under normal control
mode.
The ICP loop is always in Automatic and cannot be set to manual. This loop cannot be
disabled.
The set-point will have a lower limit clamp to prevent the trip limit set-point being exceeded.
The output of the ICP PID is adjusted by a linearization function to account for the non-linear
characteristic of pressure to pump speed.
The ICP PID’s set-point and set-point mode will be handled by the Set-point Management
component detailed above.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 150 of 363
Page 150 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
By factoring in “Station Speed Set-point” from the Override Controller, the ICP PID will
prevent integral windup when it is not the active controller.
6.15.4.2.6 SDP PID Controller
This is an override control which ensures that the overall station delivery pressure is
controlled away from a trip point. Depending on the chosen set-point, this controller may
operate as the preferred controller under normal control mode.
The SDP loop is always in Automatic and cannot be set to manual. This loop cannot be
disabled.
The set-point will have an upper limit clamp to prevent the trip limit set-point being
exceeded.
The output of the SDP PID is adjusted by a linearization function to account for the non-
linear characteristic of pressure to pump speed.
The SDP PID’s set-point and set-point mode will be handled by the Set-point Management
component detailed above.
By factoring in “Station Speed Set-point” from the Override Controller, the SDP PID will
prevent integral windup when it is not the active controller.
6.15.4.2.7 PID Controller Summary of Operation
The following table details each PID controller’s operation:
Property ICP Loop SDP Loop Flow Loop
Auto/Manual (1) Auto only Auto Only Auto Only
Enable/Disable Always Enabled Always Enabled Allow to be disabled
LWC Set-point Yes Yes Yes
Station Set-point Yes Yes Yes
Set-point Clamped
(but configurable)
Yes at minimum Yes at maximum No
Set-point Deviation
alarm on active loop
(only enabled for
the active station
controller, disabled
for the override
controllers)
Yes Yes Yes
Output Linearized Yes Yes No
Gain Scheduling
Supported
Yes Yes Yes
Prevents Integral
Wind-Up
Yes Yes Yes
Set-points Ramped Yes Yes Yes
Allows Override
Control
Yes Yes Yes
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 151 of 363
Page 151 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Table 6.15-1: PID Controller Modes of Operation
Note (1): This refers to the PID Control Function and not the control loop, which has three Modes of Operation: LWC, SWC, Manual.
6.15.4.2.8 Linearization Function
The output of the ICP and SDP PID controllers will be linearized using an inverse function.
This will be a static function and the co-efficient will be calculated during implementation.
6.15.4.2.9 Override Controller
The Override Controller nominates the most critical input (PID controller’s output) by means
of minimum selection. Due to the minimum selection, the output to the drive is inherently
bumpless.
The output is fed back to PID controllers to prevent integral windup.
6.15.4.3 Drive Controller (DrC)
The Drive Controller is responsible for ramping a pump from minimum speed to “Station
Speed Set-point”, managing the pump within its operating window, and interfacing to the
VSD typical.
The following figure depicts the envisaged control loop for the Drive Controller:
Drive Control
(DrC)
Px Speed SPPx Running
Feedback Mask
Station SP
Px Speed FB
Px Flow FB
Px SDP FB
To / From VSD Pump x Typical, where 1 <= x <= 8
C1
C2
C3
C4
From Speed Control
Hydraulic Envelope
MUX
Ramp Rate
SR Flip-
Flop
S = Px Tripped
R = NrRunFB = NrRunSp
OR 5 min timer expire
SR Selection
Slow Ramp Rate
Fast Ramp Rate
At Station SP
Ramping
Clamp Max Flow
Clamp Min Flow
Bypass Hydraulic Envelope
From Duty Controller
VSD Local FB
Figure 6.15-7 Drive Controller Loop
Note: the “Bypass Hydraulic Envelope” allows an engineer to disable the hydraulic envelope
calculations from within the PLC, should this be required.
The Drive Controller will comprise the following constituent components which are detailed in
subsections below:
Operating Window Management
Drive Ramping
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 152 of 363
Page 152 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Drive Control
6.15.4.3.1 Operating Window Management
Each pump will be controlled within its “operating window” where possible.
They “operating window” will be characterized and defined by four curves. The speed set-
point sent to the VSD typical will be clamped based on:
Maximum flow rate
Minimum flow rate
Pump maximum speed
Pump minimum speed
When the speed set-point of all operational pumps is limited due to the “operating window”,
the PID controllers will be clamped to ensure they do not windup.
During startup and shutdown, the “operating window” will be ignored for the individual
pump.
Note that if the drive’s Flow Transmitter fails, the “operating window” will be ignored for the
individual pump.
The “operating window” will be visible from the SCADA and the operating point of each pump
will be plotted on it.
6.15.4.3.2 Drive Ramping
Upon starting a pump, the following sequence of events will occur:
1. Upon receiving a start command, the VSD will ramp to minimum speed (site depend) at
the VSD’s internally configured ramp rate (R0).
2. Upon reaching minimum speed, the Drive Controller will ramp the VSD to the Speed
Controller’s “Station Set-point” at a preconfigured ramp rate (R1).
3. When the VSD’s speed feedback is greater than or equal to the Speed Controller’s
“Station Set-point”, then the pump is switched over to the Speed Controller’s “Station
Set-point” and is considered On Duty.
There will be two ramp rates (R1) configured. A ‘fast’ ramp rate will be used when
recovering from a pump trip. The ‘slow’ ramp rate will be used for all other conditions to
minimize hydraulic disturbances. The ramp rate selection will revert from fast to slow upon
the following conditions:
Upon the number of required pumps running being reached and all pumps are
running “At Station Set-point”
Upon a five minute (configurable) timer elapsing.
Upon stopping, the pump coasts (freewheels) to standstill.
If a VSD is started in Local and switched to either Automatic or Manual, its speed set-point
will be ramped toward the “Station Set-point” at the ramp rates described above. Upon
exceeding the Station Set-point, the drive will be switched to “Station Set-point”.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 153 of 363
Page 153 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.15.4.3.3 Drive Control
Once the Drive Controller has switched over to Station Set-point, the Drive Controller will
follow the Speed Controller’s “Station Set-point”.
While running “At Station Set-point”, the Operating Window Management is active.
Note that a drive that is started in local or is switched to local cannot be controlled by the
Drive Control and will hence fall out of “At Station Set-point”, or not achieve “Station Set-
point”. Upon being placed back in either Manual or Automatic, the drive will be ramped to
“Station Set-point” and then switched over to Station control again.
6.15.5 Device Group Availability
6.15.5.1 Duty Controller (DuC)
The Duty Controller is only available if at least one pump set is Ready. The Duty Controller
will not have its own availability state but will depend on the availability of the pump sets
under its control. If it is not able to run pump sets to achieve the “Number of Running
Pumps Required”, it will automatically go to Stopped state and will have to be restarted by
the operator once the condition is no longer prevailing.
6.15.5.2 Speed Controller (SpC)
The Speed Controller is always available. The Speed Controller will be active as soon as at
least one pump is “At Station Set-point”. When inactive, the Speed Controller will be set to
minimum speed.
6.15.5.3 Drive Controller (DrC)
The Drive Controller is available whenever its VSD is not in local.
6.15.6 Inter-PLC Communication
6.15.6.1 Signals from Station PLC to Line Wide Control PLC
Heartbeat (for Watchdog)
Number of Running Pumps Feedback (pumps running, irrespective of mode of
operation)
Number of On Duty Pumps Feedback (pumps running At Station Set-point)
Number of Pumps Ready to Stop
Number of Pumps Ready to Start
Number of Tripped Pumps
Number of Stopped Pumps
Station Flow Feedback
Station ICP Feedback
Station SDP Feedback
Actual Flow Set-point
Actual ICP Set-point
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 154 of 363
Page 154 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Actual SDP Set-point
Duty and Speed Controller Mode of Operation
6.15.6.2 Signals from Line Wide Control PLC to Station PLC
Heartbeat (for Watchdog)
LWC Number of Running Pumps Required
ICP Set-point
SDP Set-point
Flow Set-point
Duty and Speed Controller Mode of Operation
6.15.7 Actions in Event of Communication Failure
In the event of Communication Failure:
If the Duty Controller is in LWC Mode of Operation and the Auto Load Matching is
disabled, the Duty Controller will re-enable AutoLoadMatching upon detection of
communication failure. The operator will have to disable AutoLoadMatching again
later.
The Speed Controller set-points and mode of control will remain where they currently
are. Upon re-establishing communication, it will resynchronize with the Line Wide
Controller and respond to mode and set-point updates if in LWC mode.
It will be possible for an operator to change the mode of control to SWC and then
change the set-points if required. Upon re-establishing communication, it will
resynchronize with the Line Wide Controller but will not respond to mode and set-
point updates until it is placed back in LWC mode by the operator.
6.15.8 Event Strategies
6.15.8.1 Speed Controller Event Strategies
6.15.8.1.1 Speed Controller Manual Mode Selected
This event will be generated when the Speed Controller’s Mode of Operation has changed
from SWC to Manual Mode.
6.15.8.1.2 Speed Controller SWC Mode Selected
This event will be generated when the Speed Controller’s Mode of Operation has changed
from Manual to SWC Mode.
6.15.8.1.3 Speed Controller ICP Active
This event will be generated when the ICP controller becomes active.
6.15.8.1.4 Speed Controller SDP Active
This event will be generated when the SDP controller becomes active.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 155 of 363
Page 155 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.15.8.1.5 Speed Controller Flow Active
This event will be generated when the Flow controller becomes active.
6.15.8.1.6 Speed Controller Operator Input Active
This event will be generated when the Speed Controller’s Mode of Operation has changed
from SWC to Manual Mode.
6.15.8.1.7 Override Active
This event will be generated when the Override Controller will become active.
6.15.8.1.8 Speed Controller – Contention
This event will be generated when the Drive Controller detects that any of the pumps is
operating outside its “operating window”, the output of the Speed Controller is at minimum
or maximum and the ICP / SDP controllers are requesting a value outside the minimum /
maximum (i.e. SDP / ICP protection not achievable).
6.15.8.2 Drive Controller Event Strategies
6.15.8.2.1 Drive x Operating Window Clamp Active
This event will be generated when a Pump is operating outside its “operating window” where
"x" is a number of the Pump.
6.15.8.2.2 Drive x Operating Window Calculation Error
This event will be generated when one of the linearization curves are not defined properly i.e.
x-axis values at GenCurve10Pt blocks must be increasing.
6.15.8.3 Duty Controller Event Strategies
6.15.8.3.1 Duty Controller - Mode Selection
This event will be generated when the following Duty Controller’s Mode of Operation has
changed:
Duty Controller Manual Mode Selected
Duty Controller LWC Mode Selected
Duty Controller SWC Mode Selected
6.15.8.3.2 Duty Controller – Startup Matrix State
This event will be generated whenever the operator changes a following Startup Mode:
Startup Matrix Normal Line State Selected
Startup Matrix Tight Line State Selected
Startup Matrix Slack Line State Selected
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 156 of 363
Page 156 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.15.8.3.3 Duty Controller – State
This event will be generated whenever the following Duty Controller state changes:
Duty Controller Stopped
Duty Controller Startup
Duty Controller Running
6.15.8.3.4 Duty Controller – Startup Matrix Triggers
This event will be generated whenever the following Duty Controller startup matrix triggers
activate:
Startup Matrix Time Trigger Occurred
Startup Matrix Flow Trigger Occurred
Startup Matrix SDP Trigger Occurred
Startup Matrix ICP ROC Trigger Occurred
6.15.8.3.5 Duty Controller – Commands
An event is triggered when the Duty controller issues a pump start or stop command:
Duty Controller Pump x Start Command Active
Duty Controller Pump x Stop Command Active
where x is a number of current Pump (started or stopped).
6.15.8.3.6 Duty Controller – No Standby Exist
This event will be generated when the number of available pump is equal or less to the
number of required pump.
6.15.8.3.7 Duty Controller – Change State
This event will be generated when Duty Controller is working in Load Matching Mode and
DuC will change number of required pumps (increase or decrease).
6.15.8.3.8 Duty Controller – Comms Fail
This event will be generated when Duty Controller will recognize communication failure.
6.15.9 Alarm Strategies
6.15.9.1 Speed Controller Alarm Strategies
6.15.9.1.1 Speed Controller – Loop Control Deviation
This alarm will be generated when the active PID loop’s error is greater than a configurable
value (default 5 %) for a configurable time (default 60 seconds). This alarm will be
suppressed for a configurable time (default 120 seconds) after detection of a pump start /
stop and set-point change. Only the active PID Loop will be alarmed. There are three
possible alarm messages:
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 157 of 363
Page 157 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Speed Controller Process Deviation High (ICP PID Err: xxx* kPa)
Speed Controller Process Deviation High (SDP PID Err: xxx* kPa)
Speed Controller Process Deviation High (Flow PID Err: xxx* L/min)
* where xxx is triggered value
6.15.9.2 Drive Controller Alarm Strategies
None defined.
6.15.9.3 Duty Controller Alarm Strategies
6.15.9.3.1 Duty Controller Upstage
This alert will be generated when the “Number of Running Pumps Required” is greater than
the sum of the “Number of Running Pumps” and the “Number of Ready Pumps" i.e. an
Upstage Request cannot be initiated. This alert will stop the Duty Controller but will not
trigger a pumps offline sequence.
6.15.9.3.2 Duty Controller Downstage
This alert will be generated when the “Number of Running Pumps” is greater than the sum of
the “Number of Running Pumps Required” and the “Number of Ready Pumps” i.e. a
Downstage Request cannot be initiated. This alert will stop the Duty Controller but will not
trigger a pumps offline sequence.
6.15.10 Interlocking Strategies
6.15.10.1 Hardwired Interlocks
None defined.
6.15.10.2 PLC Interlocks
None defined.
6.15.11 Graphic Representation
In addition, the following will be displayed on WinCC:
All run hours and associated resets will be displayed on a faceplate.
The current duty selection of pumps will be displayed, including “next to start” and
“next to stop”.
The active PID controller will be evident from the display.
The graphical pump curves and efficiency loci with associated operating point,
including the operating window will be available on the operator display on request.
The efficiency (optimal) lines shall be highlighted in this display. This curve display
will be static, and will include all actual pump loci on a single display.
Commands, set-points and modes of operation will be configurable from the operator
stations with appropriate security level. These include the following:
Duty Controller:
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 158 of 363
Page 158 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Start / Stop command
Manual Number of Pumps Required
Minimum and Maximum Speed set-points
Stabilization Timer Set-point
Run Hour initial values and resets
LWC, SWC Manual mode of control
Speed Controller:
Active (preferred) controller
Station Flow / ICP / SDP / Operator Speed set-points
LWC, SWC, Manual mode of control
Drive Controller:
Fast and Slow Ramp Rate set-points
Reset Timer Set-point
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 159 of 363
Page 159 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.16 Safety Instrumented System (Line Over-pressure
Protection)
This device group is associated with the control and monitoring of the Safety Instrumented
System (SIS) (Line Over-pressure Protection) Device Group.
SIS LOP Protection is installed on all stations with Mainline Pump Sets installed and where
this requirement has been identified by HAZOP and LOPA Studies.
6.16.1 Group Description
The ‘SIS (Line Over-pressure Protection)’ Device Group will display all SIS devices associated
with Line Over-pressure Protection related to the IVW Mainline Pumps, along with their
associated “health” statuses, maintenance support and event timestamps. Time stamping is
done in the process control system.
Pipeline Over-pressure Protection adheres to the following protection philosophy:
1. An alarm will be issued when the Station Discharge Pressure exceeds a high-alarm set-
point. This set-point is usually set 200 kPa lower than the maximum allowable operating
pressure (MAOP) of the pipeline.
2. Station Discharge Pressure interlock will provide the first level of protection against over
pressurisation. In parallel pump configurations, this interlock will trip all running Mainline
Pumps simultaneously, based on high-trip set points. In series pump configurations, this
interlock will trip the last running Mainline Pump in sequence until all the pumps are
tripped or the station discharge pressure falls below the high-trip set point.These set-
points are usually set to the maximum allowable operating pressure (MAOP) of the
pipeline.
3. Line Overpressure Protection SIL will provide the second level of protection, and will trip
all Mainline Pump-sets simultaneously, based on a SIL protection set point to be set high
to act as last resort. This set-point is usually set at the maximum allowable working
pressure (MAWP) or design pressure of the pipeline.
The following SIS interface signals are applicable to this group:
Instruments connected to SIL
Station Discharge Pressure (SIL) PT 12xA
Instruments connected to PLC
Station Discharge Pressure (SIF) PY 12xA _SIF Station Dis charge Pressure (SIL) PY 12xA _AI
Station Discharge Pressure* PT 12x
PLC03 Panel Power Supply Fail* G5x.K11_FA MV01 FX Open* MV01FxxOP
* Devices form part of another group
6.16.1.1 Station Line Over-pressure Protection
An independent SIL-rated safety system is installed to perform the following functionality:
On detection of a high trip Station Discharge pressure as detected by the independent
SIL-rated station discharge pressure transmitter, all Mainline Pumps will be interlocked off
simultaneously via the TVR input to the VSD/EPR (Electrical Protection Relay). This system is
not configured for fail-safe operation on an instrument failure.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 160 of 363
Page 160 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.16.2 Modes of Control
SIS LOP may be controlled from the PCS either locally at the Station or remotely from the
MCC.
6.16.3 Modes of Operation
This group cannot be controlled and hence there is no Mode of Operation defined.
6.16.4 Group Functionality
6.16.4.1 SIS Diagnostic Failure
Should the signal G51.K11_FA indicate a single 24V power supply failure, the SIS diagnostic
failure flag is triggered and an associated alarm is raised. This flag is reset when the
G5x.K11_FA signal returns to a healthy state.
Note: This is common to all SIS device groups and is repeated on each associated SIS device
group for consistency. This flag indicates that one of the redundant power supply modules
has failed and the system is operating in a non-redundant mode.
6.16.4.2 Line Over-pressure Protection (LOP)
The trip as issued by the SIL Relay is latched in the VSD/EPR via the mechanical trip (TVR)
issued from the SIF relay. The function is executed within 2 seconds from a physical
overpressure to trip.
The function is hard-wired and interfaced to the control system for monitoring via the signal
PY 12xA_SIF. On receipt of a SIF trip (PY 12xA_SIF) the PLC shall remove the run command
(P0x_IRC) from the VSD/EPR drives to prevent a control error.
This trip function is also latched in the PLC. While latched, the SIF trip indication on the
overview is shown (dotted line on graphic). A SIF reset button on the SIS page becomes
available under the latched trip condition and, when selected, performs the following
functions:
Reset each of the VSD/EPR latched trips AND
Reset the latched trip flag in the PLC
This button is shared with the MTBF trip function.
The SIF Reset button is coloured red under the following conditions:
SIF Trip Function latched within PLC
SIF Failed to Trip is active
6.16.4.3 LOP Proof Test Interval (Mitigation of Undetected Dangerous Failures)
The period between successful SIF trips is monitored and timed by the PLC. If the period
exceeds a PLC configurable time, a ‘Proof-test Interval Exceeded’ flag is set in the PLC. The
default time period is 180 days.
A successful proof test requires the following signals to be actuated (in order):
PT 12xA_AI Trip High Set point (kPa)
PY 12xA_SIF
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 161 of 363
Page 161 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
MV Mainline Pump Supply Breaker/s Open Status. In the case of DOL Motors, this will
be the motor supply breaker status (hardwired from the breaker). In the case of
VSDs, this will be the motor supply breaker status (hardwired from the breaker) OR
the VSD MCB Open status (via Profibus).
(This condition requires all MV Pump MCB's to be Not Closed, and at least one MCB to have
moved off its closed limit)
A proof test is credited as successful if all conditions are received within 5 seconds of the
trigger (PT 12xA Alarm High), as measured by PY 12xA_AI event in the PLC. A successful
proof test will reset the "Time since last proof" countdown timer.
The required proof test interval and the elapsed time since the last proof test will be visible
on the SCADA.
The elapsed time since the last proof test will be reset when a successful proof test has been
executed. Note that a trip event resulting in the above signals being activated within the
configured time will also be considered a proof test and will hence reset this timer.
An event is raised when the SIF transmitter value PY 12xA_AI exceeds the predefined SIF
Trip value. This event will be used for trip evaluation during proof test procedures. The text
to be displayed is "PY 12xA_AI LOP Trip Value Exceeded".
Note: The validity of this monitoring timer cannot be guaranteed. It relies on proper
procedures in place to validate the execution of the proof test.
6.16.4.4 LOP SIF Diagnostic (Detected Dangerous Failures - DDF)
For the Line Over-pressure SIF, the following signals form part of DDF diagnostics:
PY 12xA_AI Fault (PLC configurable time delay, default 5 minutes), hardware fault,
sensor fault and under-range.
LOP SIF Fail-to-Trip (instantaneous setting of the diagnostic flag). SIF Function Failed
to Trip is reset when the trip relay (PY 12xA_SIF) is healthy.
The above two functions are alarmed independently as detailed in alarm strategies below.
The SIF diagnostic failure flag set includes a time filter to ensure that glitches do not set and
reset the flag spuriously. This timer should be set to a default of 5 minutes on instrument
failure/recovery only.
The following functions are to occur on detection of a SIF diagnostic failure:
Start an MTTR timer
Generate a SIF Diagnostic Failure alarm (Medium Priority)
PY 12xA_AI may not be put into simulation by an operator.
The operator should inform maintenance of the failure immediately and rectification action
should start.
6.16.4.4.1 SIF Function Failed to Trip
Calculation of SIF Function Failed to Trip alarm is as follows:
The sensing element value has initiated a trip (PY 12xA_AI Trip Set point Exceeded)
AND
The VSD has not opened the associated MV breaker within 3 seconds
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 162 of 363
Page 162 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
OR
The trip relay (PY 12xA_SIF) tripped AND
The VSD has not opened the associated MV breaker within 3 seconds
Note: It is possible that some comparison signals will have to be calculated over more than
one scan to allow for signal propagation within the SIS and associated equipment. SIF
Function Failed to Trip is reset on a successful Proof Test (PY 12xA_SIF).
On failure of PT 12x, including simulation or override, all pumps are tripped via the PTR LOP
interlock, if the MTTR is active.
6.16.4.5 Operation Under LOP SIF Diagnostic Failure
After the MTTR timer has started, the station is operating with the following functions active:
PT 12x (SDP) is configured to trip the pumps at the same set-point as the PY
12xA_SIF function would have acted
If PT 12x be in a fault state/simulation state when entering MTTR, all the pumps are
tripped.
If an associated pressure deviation high alarm is enabled on entering an MTTR
condition all the pumps are tripped. Refer to Section 6.12.6.1.1 (The comparison
alarm is averaged over 5 minutes to prevent spurious activation of the function). The
comparison also only occurs if both sensors are healthy, i.e. the alarm and trip is
suppressed under sensor failure conditions. (This condition is not possible for LOP
SIF since the only device able to place the SIF into MTTR is the SIF Pressure
Transmitter, PY 12xA_AI)
The LOP SIF Diagnostic Alarm is repeated every 5 hours after the MTTR time starts.
An Imminent Shutdown Alarm in 1 hour is activated 1 hour before expiry of the
MTTR.
An Imminent Shutdown Alarm in ½ hour is activated ½ hour before expiry of the
MTTR.
If the MTTR timer expires, the pump off-line sequence will be initiated and pumps
interlocked off using the PTR LOP interlock.
The SIF credited MTTR value is available (and editable) on the SIS graphic. It is
editable by Maintenance staff only. The value is adjustable between 0 and 72 hours.
6.16.5 Group Availability
Not required.
6.16.6 Group Status
The following status indications are to keep the Operator informed of the status of the SIS
Group.
6.16.6.1 Group Alarm Status Indication
The following Group Alarm Statuses are configured using display LEDs which are grey in the
inactive condition and red in the active condition, with an associated event. Refer to the
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 163 of 363
Page 163 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Alarm Configuration Database (3) for details, including the text to be used for the alarm
messages.
Condition Text Logic
SIF Diagnostic Failure
HP SIF Diagnostic Failure
Refer to Section 6.16.4.4
SIF Failure Time Exceeds MTTR
HP SIF MTTR Exceeded Trip
The SIF Diagnostic Failure alarm has been present longer than the MTTR credited for that SIF
SIF Function Spurious Trip
HP SIF Spurious Trip
The PY 121A_SIF is active and the PT 121 pressure remains below the Alarm High set-point. (after a configurable delay of 2 secs)
SIF Proof Test Interval Exceeded
HP SIF Proof Test Exceeded
The SIF Proof Test Interval Exceeded status indicates that the Proof Test time has exceeded the required time period
SIF Function Failed To Trip
HP SIF Failed to Trip
Refer to Section 6.16.4.1
SIF Fault and in MTTR Trip (SDP)
HP PT121 Fault & in MTTR Trip
Refer to Section 6.16.4.5
SIF MTTR Imminent Shutdown 1 hour
HP SIF MTTR Imm Shut 1h
Refer to Section 6.16.4.5
SIF MTTR Imminent Shutdown 1/2 hour
HP SIF MTTR Imm Shut 1/2h
Refer to Section 6.16.4.5
SIS Diagnostic Failure
HP SIS Diagnostic Failure
Refer to Section 6.16.4.1
Table 6.16-1: SIS Group – Group Alarm Status
6.16.6.2 Group Error Status Indication
None defined.
6.16.6.3 Group Information Status Indications
None defined.
6.16.7 Group Interlocks
The interlocks listed here are implemented in other groups and are listed here for reference
purposes only. For more information, consult the relevant groups.
6.16.7.1 Hardwired Interlocks
6.16.7.1.1 Line Over-pressure Protection
The SIF trip signal from the trip amp is directly wired into the TVR trip of the VSD, this TVR
trip is latched within the VSD.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 164 of 363
Page 164 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.16.7.2 PLC Interlocks
6.16.7.2.1 P0x: Line Overpressure Protection activated
The pump will be interlocked off using the IRT signal and the pump run Offline if in
Automatic when a SIF trip is active.
6.16.7.2.2 P0x: SIF Failure Time exceeds MTTR
The pump will be interlocked off using the IRT signal and the pump run Offline if in
Automatic when a SIF Failure Time exceeds MTTR.
6.16.7.2.3 P0x: PT 12x Fault and in MTTR Trip, Pressure Deviation High and in
MTTR Trip
The pump will be interlocked off using the IRT signal and the pump run Offline if in
Automatic when a PT 12x Fault and in MTTR Trip or a Pressure Deviation High and in MTTR
Trip occurs.
6.16.8 Failure Modes
If the VSD trip reset is unsuccessful due to communications failure, a local VSD reset is
required.
6.16.9 Graphic Representation
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 165 of 363
Page 165 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.17 Sumps and Intermix Transfer
This section is associated with the control of the Sump and Intermix Transfer Device Group
and its associated devices.
Sump and Intermix Transfer facilities are installed on most Stations.
6.17.1 Group Description
Where multiple Intermix tanks are installed on a station, transfer to both intermix tanks
simultaneously is generally not permitted. Simultaneous transfer from multiple sump tanks
to a single intermix tank is permitted.
The control and monitoring functionality is achieved via the following devices:
Valves
Intermix Tank Txx Inlet Valve XV TxA
Sump Outlet Valve XV GxE
Instruments
Intermix Tank Txx Level LT 75x
Sump Tank Level LT 13x (LP Manifold Sumps) LT 99x (HP Manifold Sumps)
Sump Pump Xxx Flow FS 13x (LP Manifold Sumps) FS 99x (HP Manifold Sumps)
Pumps
Sump Pump Xxx Xxx
6.17.2 Modes of Control
Control is from the SCADA system locally at the station, or remotely from the MCC or SCC.
HP Manifold Sump and Intermix Transfer device groups are usually handed over separately
from HP Routing device groups.
LP Manifold Sump and Intermix Transfer device groups are usually handed over together with
the LP Routing device groups.
6.17.3 Modes of Operation
All devices related to the Sump and Intermix Transfer Group shall have the following three
modes of operation:
Local
Manual
Automatic (station dependent)
6.17.4 Group Functionality
6.17.4.1 Sump and Intermix Transfer Routing Matrix
Where automatic transfer of intermix from the sump to intermix tanks is provided for on a
station, transfer is will be automated using a Routing Matrix (Refer to section 4.9 for details).
If available, selecting the sequence online button will start the sequence, opening all the
valves required for that route. The online button will be disabled if the selected route is not
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 166 of 363
Page 166 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
available or if a conflicting route is online already. Each sump transfer has its own offline
sequence. Selecting the offline will run that specific transfer route offline. The offline
sequence button will not be linked to availability.
6.17.4.1.1 Offline Indication (Sequencer)
All Routing valves Closed AND
Sump Pump Stopped
6.17.4.1.2 Matrix Online Indication (Green Solid Circle/ Sequencer)
All Routing valves Opened AND
Sump Pump Running
6.17.4.1.3 Matrix Route Closed Indication (Red Solid Circle)
Any Routing valve Closed
6.17.4.2 Intermix Transfer Online Sequence
Intermix Transfer online sequence is activated on receipt of:
an Online Request from the SCADA
A check is undertaken to ascertain if the Intermix Transfer Online Sequence is "Ready". If so,
the associated Routing valves are opened as required. Once the route is open, the sump
pump is started. If the group is not “Ready”, the sequence cannot be initiated.
See typical flow diagram for details:
7.2.9.1: Intermix Transfer Online Sequence
The following conditions during the running of the online sequence shall result in the
sequence aborting, complete with all associated alarming and event logging:
Any associated Routing Valves Not Available OR
Sump Pump Xxx Not Available OR
Placing the Group in Manual mode
6.17.4.3 Intermix Transfer Offline Sequence
Intermix Transfer offline sequence is activated on receipt of:
an Offline Request from the SCADA
a sump low level-trip (LT 13x or LT 99x)
a sump no flow trip (FS 13x or FS 99x)
an Intermix Tank high level-trip (LT75x) and route open into the tank (as determined
by routing valves Not closed status)
A check is undertaken to ascertain if the Intermix Transfer Offline Sequence is "Ready". If so,
the sump pump is stopped. Once the pump has stopped, associated Routing valves are
closed as required. If the group is not “Ready”, the sequence cannot be initiated.
See typical flow diagram for details:
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 167 of 363
Page 167 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
7.2.9.2: Intermix Transfer Offline Sequence
Any faults encountered during the running of the offline sequence will result in the sequence
continuing to completion. Device faults during offline shall be used to continue the Sequence,
complete with all associated Alarming and Event Logging procedures.
6.17.5 Group Availability
Not required.
6.17.6 Route availability
6.17.6.1 Intermix Transfer Sequence Availability
The following conditions render the Online Sequence “Not Available”. The offline sequence
button will not be linked to availability.
Condition Text Logic
Xxx Not Available Xxx Not Avail or Intlk Refer to [3]
LT 75xx High Tank Txx Level High Refer to [3]
XV TxA Not Available Or Interlocked Closed
XVTxA Not Avail or Intlk Refer to [3]
XV Gxx Not Available XVGxx Not Avail Refer to [3]
Table 6.17-1: Intermix Transfer Sequence Availability
6.17.7 Group Status
6.17.7.1 Group Alarm Status Indications
None defined.
6.17.7.2 Group Error Status Indications
None defined.
6.17.7.3 Group Information Status Indications
None defined.
6.17.8 Additional Device Alarms
The following alarms are used to configure the message text on existing alarms in the device
typical:
6.17.8.1 Sump Level Rate of Change
Condition Text Priority Info Text
LT 99x/LT13x ROC High
Sump Level Rate of Change High
Warning Conduct on site investigation
Table 6.17-2: Sump Additional Device Alarm
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 168 of 363
Page 168 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.17.9 Group Interlocks
6.17.9.1 Hard-wired Interlocks
None defined.
6.17.9.2 PLC Interlocks
6.17.9.2.1 Xxx: Intermix Tank Txx Level High Trip
The running Sump Pump (Xxx) shall be interlocked off if a high level trip is detected (LT 75x)
and the route is Not Closed.
6.17.9.2.2 Xxx: Sump Tank Level Low Trip
If the low-low level (LT 13x/99x) is reached the Sump Pump (Xxx) shall be interlocked off.
This interlock's associated alarm will be suppressed if the route is closed or sump pump (Xxx)
not running.
6.17.9.2.3 Xxx: Sump Pump No Flow
If a low flow (FS 13x/99x) is detected while the Sump Pump (Xxx) is running, after a
predefined time (10 seconds) after the pump has been started, the Sump Pump is interlocked
off. This interlock and associated alarm is blocked if the pump is not running.
6.17.10 Graphic Representation
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 169 of 363
Page 169 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.18 Road Loading
This section is associated with the control of Road Loading facilities and its associated
devices. Road Loading forms part of the Sumps and Intermix Transfer device group.
Sump and Intermix Transfer facilities are installed on most Stations.
6.18.1 Group Description
The Road Loading Transfer Pump (Xxx) is used to transfer intermix from one or more
intermix tanks to the Road Tanker Loading facility for transport to an Intermix Refractionator
Plant.
Product cannot be received into and dispatched from intermix tanks at the same time.
Intermix transfer to the road tanker involves opening a flow-path from one intermix tank in
either manual or local before the Road Loading Transfer Pump (Xxx) can be started.
The road loading is automated but requires the local operator input.
The strainer valve, XV SxA, has been identified as a safety shutoff valve in terms of API 1004
and is interlocked closed until a start request from the batch controller is received.
The control and monitoring functionality is achieved via the following devices:
Instruments
Intermix Tank Txx Level LT 75x
Road Loading Transfer Pump Xxx Current IT 71x
Valves
Intermix Tank Txx Outlet Valve XV TxE Strainer S0x Inlet Valve XV SxA
Drives
Road Loading Transfer Pump Xxx
Road Loading
Road Loading Pump Start Request FQIC 71x_IRC
Road Loading Signal Permissive FQIC 71x_RDY
6.18.2 Modes of Control
Control is from the batch controller locally at the station.
6.18.3 Modes of Operation
All devices related to the Road Loading Group shall have the following Mode of Operation:
Intermix Tank Outlet valves locked in manual Mode of Operation
Road Loading Transfer Pump and Strainer S0x Inlet Valve is locked in Automatic
Mode of Operation
Local (from batch controller 50-FQIC 71x)
6.18.4 Group Functionality
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 170 of 363
Page 170 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.18.4.1 Road Tanker Loading – Batch Controller
Tanker loading has its own batch controller. This is a standalone device and handles Load
Bay safety and delivery volumes. The batch controller will interface to a printer in the control
room for printing of Bill of Lading (BOL) dockets.
The batch controller has a hard-wired interface to the PLC as follows:
A Load permissive/grant (FQIC 71x-RDY) signal is sent from the PLC to the batch
controller, indicating that the associated process conditions are met.
The PLC receives a start request (FQIC 71x_IRC) signal from the batch controller if
all of its safety interlocks are met and a START delivery is requested. This signal is
high for the duration of the delivery. The start request signal is displayed on the
SCADA graphic.
On receipt of a "Start Request", the Strainer valve XV SxA interlock is removed and the valve
opened. When the valve is open the Transfer pump Xxx is started.
Should the "Start Request" signal be removed, the Transfer pump Xxx is stopped and the
Strainer valve XV SxA is closed.
The operator will need to close the associated intermix tank outlet valve/s (XV TxE).
6.18.5 Group Availability
6.18.5.1 Load Grant
The following conditions will render the Road Loading Device Group “Not Available”.
Condition Text Logic
XV SxA Not Available XVSxA Not Avail Refer to [3]
Xxx Not Available Xxx Not Avail Refer to [3]
XVTxE not Open XVTxE Not Open Routing valves are required to be open.
LT 75x low level if XV TxE Not Closed
Tank T0x Level Low Trip If T0x Intermix outlet valve XVTxE not closed and T01 indicates a low level LT 75x.
XV TxA Not Closed if XV TxE Not Closed
XVTxA Not Closed Prevents intake and dispatch of product from a tank simultaneously.
Table 6.18-1: Road Loading Availability
6.18.6 Group Status
6.18.6.1 Group Alarm Status Indications
None defined.
6.18.6.2 Group Error Status Indications
None defined.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 171 of 363
Page 171 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.18.6.3 Group Information Status Indications
None defined.
6.18.7 Group Interlocks
The following Group Interlocks have been defined for the Road Loading Device Group.
6.18.7.1 Hard-wired Interlocks
An independent overfill and earth monitor relay will remove the start request from the batch
controller under an overfill or no-earth condition.
6.18.7.2 PLC Interlocks
6.18.7.2.1 XV SxA: No Load Start Request
The strainer valve, XV SxA, is interlocked closed if the preset start request signal (FQIC
71x_IRC) is removed.
6.18.7.2.2 Xxx: Tank T0x Low Trip
If the Intermix Tank T0x Level (LT 75x) Low Trip is reached and XV TxE is Not Closed, the
Road Loading Pump (Xxx) is interlocked off.
The low alarm and low alarm trip message is suppressed if Xxx is Not Running or if XV SxA is
Closed.
6.18.8 Failure Modes
None defined.
6.18.9 Graphic Representation
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 172 of 363
Page 172 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.19 Road & Rail Loading
This section is associated with the control of Road/Rail Loading facilities and its associated
devices. Road/Rail Loading facilities are located at the Tarlton Terminal Depot.
6.19.1 Group Description Rail and Road Loading facilities are designed and operated in accordance with API1004
recommended practises. Facilities include transfer pumps, strainer de-aerator combinations,
flow metering, control valves, load arms, batch controllers, earth monitoring and Overfill
Protection Systems.
The road loading facility at TLR consists of three islands and four bays with products being
fed to the bays from dedicated product Accumulator Tanks. Each loading bay is equipped
with three bottom-loading arms. Preset Controllers (Contrec 1010) are used to control and
meter the fuel into road tankers at these bays. Civacon Overfill/Earth Monitor systems are
used for earth- and overfill monitoring and are dedicated one per bay. There are 12 Preset
Controllers for road loading. Additive Dosing facilities for up to six additives are installed on
each load arm.
Rail loading consists of two loading bays, one dedicated to each product. The Diesel loading
bay contains three top loading arms and the ULP loading bay four top loading arms. Unlike
Road Loading, all Rail loading is top-loading and no additive injection facilities are available.
Control of the transfer process is directly and independently controlled and monitored by the
batch controller. To this end, the control valve, flow meter, associated instrumentation and
Overfill/Earth Monitoring Systems are directly connected to the batch controller.
The loading pumps are dedicated to specific loading arms in both road and rail and will be
operated on a rotational basis as determined by duty controllers in the PLC.
Road and Rail loading is automated but also requires manual and local operator input. Only
tanks placed in WORKING status (one per Product at a time) are available for loading
operations. Note that tanks may only be placed in WORKING status when QC has been
successfully completed and the tank released for distribution.
Prior to and during a delivery, the PLC ensures that the associated route to the tanker is open
and that no process interlocks are active. The Tank Outlet valve is opened by the operator
once the tank is placed in WORKING state and is no longer interlocked. The load pump and
associated load valve is opened by the PLC (Duty Controller) on receipt of a START request
from the Contrec 1010.
In the case of Rail loading/offloading an additional check is made to ensure that the RMD
Device is not being controlled.
If the route is open and no process interlocks are active, the PLC sends a permit signal to the
Contrec 1010, which coupled with the Civacon Overfill and Earth Monitoring Signal, ensures
that the transfer is performed safely. If all safeties are ‘healthy’, and a START Request button
is activated on the Preset Controller, a start request is issued to the PLC. The PLC then sends
a start request to a duty controller which opens the associated loading valve/s and starts the
associated pump/s. If the start signal falls away, the PLC will stop the pump and close the
valve automatically.
One Loading pump is started for every two START requests received for ULP Road and Rail
Loading. A Loading pump is started for every START request received for DIE Road and Rail
Loading.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 173 of 363
Page 173 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
If the one or more load operations for a particular product is active, the associated load
pump and valve are kept running/open by the PLC. The load pump is only stopped and valve
is only closed once all product specific loading operations are completed within the gantries.
6.19.1.1 Devices and Instrumentation Control and Monitoring functionality shall be achieved via the following devices:
[Only Road Loading of one product (Diesel) is detailed herein. Details of Road/Rail Loading of
other products cab be found in the Tarlton EDS.]
General
Accumulator Tank A1 Outlet valve XV A1F* Accumulator Tank A2 Outlet valve XV A2F*
Tank Group 2: A1, A2 (fed from LP Manifold 2) Road and Rail Loading
Valves
Road/Rail Transfer Pump X10 Outlet Valve XV X10E Road/Rail Transfer Pump X11 Outlet Valve XV X11E Road/Rail Transfer Pump X12 Outlet Valve XV X12E Road/Rail Transfer Pump X13 Outlet Valve XV X13E Road/Rail Transfer Pump X14 Outlet Valve XV X14E Road/Rail Transfer Pump X15 Outlet Valve XV X15E Road Loading Bay 2 to IRP Tank 4 transfer valve ZV T4B
(indication)
Pumps
Road/Rail Transfer Pump X10 X10 Road/Rail Transfer Pump X11 X11 Road/Rail Transfer Pump X12 X12 Road/Rail Transfer Pump X13 X13 Road/Rail Transfer Pump X14 X14 Road/Rail Loading Pump X15 X15
Instrumentation
Road/Rail Transfer Pump X10 Flow FS 721 Road/Rail Transfer Pump X11 Flow FS 722 Road/Rail Transfer Pump X12 Flow FS 723 Road/Rail Transfer Pump X13 Flow FS 724 Road/Rail Transfer Pump X14 Flow FS 725 Road/Rail Transfer Pump X15 Flow FS 726 Road/Rail Transfer Pump X10 Current IT721 Road/Rail Transfer Pump X11 Current IT722 Road/Rail Transfer Pump X12 Current IT723 Road/Rail Transfer Pump X13 Current IT724 Road/Rail Transfer Pump X14 Current IT725 Road/Rail Transfer Pump X15 Current IT726
Tank Group 2: A1, A2 (fed from LP Manifold 2) Road Loading
Instrumentation
Road Loading Bay 1 Preset controller FQIC 712 Road Loading Bay 2 Preset controller FQIC 721 Road Loading Bay 3 Preset controller FQIC 732 Road Loading Bay 4 Preset controller FQIC 741
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 174 of 363
Page 174 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
FQIC712 Start request FQIC712A_IRC FQIC712 Load Grant FQIC712B_RDY FQIC721 Start request FQIC721A_IRC FQIC721 Load Grant FQIC721B_RDY FQIC732 Start request FQIC732A_IRC FQIC732 Load Grant FQIC732B_RDY FQIC741 Start request FQIC741A_IRC FQIC741 Load Grant FQIC741B_RDY
Tank Group 2: A1, A2 (fed from LP Manifold 2) Rail Loading
Instrumentation
Rail 1 Loading Preset controller FQIC 705 Rail 1 Loading Preset controller FQIC 706 Rail 1 Loading Preset controller FQIC 707 FQIC705 Start request FQIC705_IRC FQIC705 Load Grant FQIC705_RDY FQIC706 Start request FQIC706_IRC FQIC706 Load Grant FQIC706_RDY FQIC707 Start request FQIC707_IRC FQIC707 Load Grant FQIC707_RDY FQIC 705 High Level LSH 705 FQIC 706 High Level LSH 706 FQIC 707 High Level LSH 707
6.19.1.2 Functional Layout of the Road and Rail Loading
A1
A2E-11
E-15
E-5
E-6
E-4
E-13
XVX10EXVX10E XVA1FXVA1F
XVA1GXVA1G
XVA2FXVA2F
XVA2GXVA2G
XVX11EXVX11E
XVX12EXVX12E
XVX13EXVX13E
XVX14EXVX14E
XVX15EXVX15E
FT712FT712
FT721FT721
FT732FT732
FT741FT741
FT705FT705
FT706FT706
FT707FT707
Tank Group 2 (fed from LP Manifold 2) Road Loading
Tank Group 2 (fed from LP Manifold 2) Rail Loading
Figure 6.19.1 – Road and Rail Loading (Diesel)
6.19.2 Modes of Control Road and Rail Loading may only be controlled from the Station. Mode of Control for all devices is set
to Station Mode of Control.
6.19.3 Modes of Operation
All devices shall have the following Modes of Operation:
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 175 of 363
Page 175 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Local
The Transfer pumps’ Transfer Pump Outlet valves are always in automatic mode. The Accumulator
Tank Outlet valves are always in manual mode of operation and need to be controlled by the
operator.
6.19.4 Group Functionality
6.19.4.1 Preset Controller As per the Transnet Pipelines Automation Standard document with modifications as listed.
Once permission to load has been authorised by the Dispatch Clerk, Load
data is automatically sent down to the correct preset controller from the
SAP System. Note that Load data can be manually entered into the preset
controller under supervision, should the SAP System not be available. The operator enters his Driver ID, PIN and Transaction Number into the
preset controller to initiate a particular load.
If all safety interlocks wired into the preset controller are healthy (PLC
Ready, Earth and Overfill Monitoring), then the operator is able to commence the load by pressing the start button on the preset controller.
After the Load has been completed, Bill of Lading data is automatically
uploaded to the SAP System for processing.
6.19.4.2 Loading Pump and Valve Control Loading Pumps are controlled by the PLC. The number of running Loading Pumps depends on the
number of start requests received from associated Preset Controllers. One Loading pump is started
for every two START requests received for ULP Road and Rail Loading. A Loading pump is started for
every START request received for DIE Road and Rail Loading.
Loading Pumps are controlled by a duty standby controller. Each Duty Standby Controller will be
managed by start requests (FQIC7xxx_IRC) received from the Preset Controllers.
When the start signal is received and provided the load grant/ready status (FQIC 7xxB_RDY) is
healthy, the Duty Standby Controller will open the pump Outlet valve and, after a configurable time,
start the corresponding loading pump. When the start signal is removed, the PLC will stop the
loading pump via the duty controller and then close the loading valve.
The duty controller manages the number of pumps to run per product while loading.
No Duty Standby switching on running hours will occur whilst loading is in progress.
6.19.4.3 Transfer Shutoff/Isolation In the event that the Rail Tanker indicates a high level (LSH 70x), the overfill protection system
interfaced into the preset controller will ensure that the control valve is closed and the transfer
terminated.
6.19.5 Group Availability
6.19.5.1 Road Loading Batch Controller Ready The Batch Controller Ready (FQIC7xxB_RDY) is given if the following conditions are met:
An Associated Route is Open (Loading valve open)
Tank in “Working” state
The “Working” Tank has no Low Level Trip, coming from the Tank Gauging
System Any one Transfer Pump available and associated Transfer Pump Outlet valve
available
Rail Loading Plant E-Stop (UA296) healthy
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 176 of 363
Page 176 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Road Loading Plant E-Stop (UA297) healthy
Fire Detection Alarm not activated UA193 or UA194
6.19.5.2 Rail Loading Batch Controller Ready The Batch Controller Ready (FQIC7xxB_RDY) is given if the following conditions are met:
An Associated Route is Open or Available
Tank in “Working” state
The “Working” Tank has no Low Level Trip, coming from the Tank Gauging
System Any one Transfer Pump available and associated Transfer Pump Outlet valve
available
Rail Moving device is not running (QStopped)
Rail Loading Plant E-Stop (UA296) healthy
Road Loading Plant E-Stop (UA297) healthy
Fire Detection Alarm not activated UA193 or UA194
6.19.6 Group Status The following status indications are available to keep the Operator informed of the status of the Road
and Rail Loading Group:
6.19.6.1 Group Alarm Status Indications The following Group Alarm Statuses are configured using display LEDs which are grey in the inactive
condition and red in the active condition, with an associated alarm. Refer to the Alarm Database for
details, including the text to be used for the alarm messages.
None defined.
6.19.6.2 Group Error Indications The following Group Error Statuses are configured using display LEDs which are grey in the inactive
condition and red in the active condition, with an associated event. Refer to the Alarm Database for
details, including the text to be used for the event messages.
None defined.
6.19.6.3 Group Information Indications The following Group Information Statuses are configured using display LEDs which are grey in the
inactive condition and green in the active condition, with an associated event. Refer to the Alarm
Database for details, including the text to be used for the event messages.
None defined.
6.19.7 Group Interlocks The following interlocks have been defined for the Receiver Group:
6.19.7.1 Hard Wired Interlocks The batch controller provides the following protection functionality, by removing the START Request:
Tanker Overfill and Earth monitoring via an independent overfill and earth monitor relay
Low Flow protection.
6.19.7.2 PLC Interlocks
6.19.7.2.1 Road Loading Bay E-Stops Plant E-Stops installed on the Road Loading gantries will be wired in series and interfaced to PLC02 as
a single Road Loading Plant E-Stop UA297.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 177 of 363
Page 177 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
When any of the E-Stops are activated, the PLC will perform the following functionality:
Interlock all loading pumps off. Both road and rail loading pumps are
stopped to avoid confusion as to which are shared between road and rail and which are not.
Interlock closed all open working tanks outlet and routing valves.
Remove ready signals from 1010’s (FQIC_7xxB_RDY) in both Road and Rail
Enable siren UA 291.
Text to be displayed is “Plant Emergency Stop”
6.19.7.2.2 Rail Loading E-Stops Plant E-Stops installed on the Rail Loading gantries will be wired in series and interfaced to PLC02 as
a single Rail Loading Plant E-Stop UA296.
When any of the E-Stops are activated, the PLC will perform the following functionality:
Stop all loading pumps running. Both Road and Rail loading pumps are
stopped to avoid confusion as to which are shared between road and rail and which are not.
Interlock Close all open working tanks outlet and routing valves.
Remove ready signals from 1010’s (FQIC_7xxB_RDY) in both Road and Rail.
Enable siren UA 292
Text to be displayed is “Plant Emergency Stop”
6.19.7.2.3 Pump Low Flow Each Loading Pump is interlocked to the Low Flow Switch. The pump will be tripped if there is low
flow after the pump has been running for a configurable time in the PLC. When a low flow is detected
the PLC will start the next available pump (via a Duty Controller). Note: If no-flow is detected within
the preset controller (based on configurable set-point set up within the preset controller), the preset
controller will remove the start request to the PLC, independently of this interlock.
Text to be displayed is “Road/Rail Transfer Pump No Flow”
6.19.7.2.4 Product Load Valves (API 1004) The API1004 requirement to interlock product load valves closed on loss of start request has not been
implemented at Tarlton due to the complexity of multiple load pumps being able to feed individual
load arms.
6.19.8 Failure Modes
None defined.
6.19.9 Graphic Representation
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 178 of 363
Page 178 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.20 Sump Injection (Venturi)
This section is associated with the control of the Sump Injection (Venturi) Device Group and
its associated devices.
Sump Injection facilities are installed on most RPP and COP Stations.
6.20.1 Group Description
Sump Injection facilities may be used to inject intermixure from the sump at a controlled flow
rate back into the mainline. Injection of the contents of the Sump is based on the venturi
principle, by which a pressure differential across the venturi causes the product from the
sump to be injected into the mainline. Motorised actuators are installed on the Injection Inlet,
Sump Outlet and Injection Outlet Valves for control purposes. Reverse flow into the Sump
Tank is prevented by means of a non-return valve in the Sump Outlet Line.
Sump Injection facilities may be installed on multi-product pipelines and single product
pipelines. Flushing of Sump Injection piping is not required for either multi-product or
dedicated-product pipelines.
In multi-product pipelines, a Control Valve is installed on the main injection line before the
venturi on all multi-product lines and is used to control the sump injection flow rate to two
set points – coarse and fine. This valve is used in open loop control (not PID) with position
feedback. In manual the valve position can be set between 0 – 100 % throttling. In
automatic there are only two preset positions that can be selected (i.e. coarse or fine).
The control and monitoring functionality is achieved via the following devices:
Valves
Sump Injection Inlet valve XV GxA Sump Injection Discharge valve XV GxE
Sump Outlet valve XV GxB Sump Injection flow control valve CV GxJ (Multi-product lines only)
Instruments
Sump Tank Level LT 13x (HP Manifold Sumps)
6.20.2 Modes of Control
Control is from the SCADA system locally at the station, or remotely from the MCC or SCC.
6.20.3 Modes of Operation
All devices related to the Sump Injection Group shall have the following three modes of
operation:
Local
Manual
Automatic (station dependent)
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 179 of 363
Page 179 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.20.4 Group Functionality
6.20.4.1 Sump Injection States
6.20.4.1.1 Sump Injection Online
Sump Injection is in an Online state if:
XV GxA Opened AND
XV GxB Opened AND
XV GxE Opened AND
6.20.4.1.2 Sump Injection Offline
Sump Injection is in an Offline state if:
XV GxA Closed AND
XV GxB Closed AND
XV GxE Closed
6.20.4.2 Sump Injection Sequences
6.20.4.2.1 Sump Injection Online Sequence
The Sump Injection Online Sequence is activated, if Ready, on receipt of:
an Online Request from the SCADA
If Ready, the Sump Injection Inlet and Injection Outlet valves are opened simultaneously
and on successful completion the Sump Outlet valve is opened.
The following conditions while the sequence is running will result in the sequence aborting,
complete with all associated alarming and event logging:
Any actuated Sump Injection valve Not Available (XV GxA, XV GxB,
XV GxE) OR
Placing the Group in Manual mode
See flow diagram for details:
7.2.10.1: Sump Injection Online Sequence
6.20.4.2.2 Sump Injection Offline Sequence
The Sump Injection Offline Sequence is activated, if Ready, on receipt of:
an Offline Request from the SCADA
Sump Level low-trip
Intermix Transfer Route online
If Ready, the Sump Outlet valve is closed and on successful completion, the Sump Injection
Inlet and Outlet valves are closed simultaneously.
Any faults encountered whilst the sequence is running will result in the sequence continuing
to completion, complete with all associated alarming and event logging:
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 180 of 363
Page 180 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
See flow diagram for details:
7.2.10.2: Sump Injection Offline Sequence
6.20.5 Group Availability
6.20.5.1 Sump Injection Availability
The following conditions render the Sump Injection Device Group “Not Available”.
Table 6.20-1: Sump Injection Availability
6.20.6 Group Status
6.20.6.1 Group Alarm Status Indications
None defined.
6.20.6.2 Group Error Status Indications
None defined.
6.20.6.3 Group Information Status Indications
None defined.
6.20.7 Additional Device Alarms
None defined.
6.20.8 Group Interlocks
6.20.8.1 Hard-wired Interlocks
None defined.
6.20.8.2 PLC Interlocks
6.20.8.2.1 XV GxB: Sump Tank Level Low Trip
If the low-trip level (LT 13x) is reached the Sump Outlet valve (XV GxB) shall be interlocked
closed. This interlock's associated alarm will be suppressed if the route is closed.
6.20.8.2.2 XV GxB: Intermix Routing
An Intermix delivery will take precedence over Sump Injection, by interlocking the Sump
Outlet valve closed.
Condition Text Logic
XV GxA Not Available XVGxA Not Avail Refer to [3]
XV GxB Not Available XVGxB Not Avail Refer to [3]
XV GxE Not Available XVGxE Not Avail Refer to [3]
LT13x Low LT13x Low Sump level at low-trip level
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 181 of 363
Page 181 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.20.9 Graphic Representation
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 182 of 363
Page 182 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.21 Purge Air Fans – RPP & COP Stations
This section is associated with the control of the Purge Air Fan Device Group and its
associated devices.
Purge Air Systems are installed on Mainline Pump Sets on stations associated with the RPP
Pipeline.
6.21.1 Group Description
Where installed on mainline pump sets, Purge Air Fan Systems are used to for both cooling of
the motor windings as well as purging of product vapours for hazardous area classification
purposes. A single purge air system caters for all mainline pump sets installed on a respective
station. Mainline pump sets may only be run with purge air circulation active.
Two Purge Air Fans are used (duty and standby), with dedicated flow switches per pump set
indicating the presence of purge airflow. Purge Air Fans, after running for a certain time-
period (configured in the PLC) are alternated to achieve equal run hours (duty and standby).
The control and monitoring functionality is achieved via the following devices:
Instruments
Mainline Pump P0x Purge Air Flow FS 0x1 Purge Air Fan Current IT14x
Equipment
Purge Air Fan Q0x, Q0y
6.21.2 Modes of Control
Control is from the SCADA system locally at the station, or remotely from the MCC or SCC.
6.21.3 Modes of Operation
All devices related to the Purge Air Group shall have the following three modes of operation:
Local
Manual
Automatic
6.21.4 Group Functionality
6.21.4.1 Duty Controller
No sequences have been defined for the Purge Air system but the two fans are controlled
according to the duty/standby controller typical. Automatic selection of duty and standby
status of fans is based on Run Hour differentials [Configurable in the PLC – Default 100
hours]. Note that each fan will run for a period of twice the set point, i.e. 200 hours.
If the group is ready, the duty controller is activated from a:
Start sequence Request from the SCADA
An indication “control active” is indicated on the SCADA. The duty controller is now activated
and will start and stop the Purge Air fans accordingly.
The duty controller is stopped from a:
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 183 of 363
Page 183 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Stop sequence Request from the SCADA
Manual mode
Group not available
6.21.4.2 Purge Air Flow
Mainline pumps can only run if the purge air flow switch is active. If the duty controller is
running and the flow switch is not active, after a delay of 5 seconds the standby fan is also
started and the duty controller is switched off (duty control not active). The operator needs
to investigate the problem and restart the duty controller or stop the standby fan in manual
mode.
If no flow is detected after 15 seconds, the mainline pumps are interlocked off.
6.21.5 Group Availability
The following conditions render the DuC “Not Available”.
Condition Text Logic
Xxx Not Available Xxx Not Avail or Intlk Purge Air Pump Not Available
Table 6.21-1: Purge Air DuC Availability
6.21.6 Group Status
6.21.6.1 Group Alarm Status Indications
None defined.
6.21.6.2 Group Error Status Indications
None defined.
6.21.6.3 Group Information Status Indications
None defined.
6.21.7 Additional Device Alarms
None defined.
6.21.8 Group Interlocks
6.21.8.1 Hard-wired Interlocks
None defined.
6.21.8.2 PLC Interlocks
None defined.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 184 of 363
Page 184 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.21.9 Graphic Representation
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 185 of 363
Page 185 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.22 Ventilation Fans – 24” MPP Stations
This section is associated with the control and monitoring of the Pumphouse Ventilation Fans
Device Group.
Ventilation Fans are installed on all pump stations associated with the 24” MPP Pipeline,
where the mainline pumps are installed in enclosed Pump House buildings.
6.22.1 Group Description
The main pumphouse ventilation fan system comprises six (6) individual fans.
Note: It is acknowledged that the main pumphouse temperature will follow the trend of the
outside ambient temperature.
Control and monitoring functionality is achieved via the following devices:
Main Pumphouse Fans
Ventilation Fan Q22 Q22
Ventilation Fan Q23 Q23
Ventilation Fan Q24 Q24
Ventilation Fan Q25 Q25
Ventilation Fan Q26 Q26
Ventilation Fan Q27 Q27
Instruments
Ventilation Fan Q22 Temperature TT 142
Ventilation Fan Q23 Temperature TT 143
Ventilation Fan Q24 Temperature TT 144
Ventilation Fan Q25 Temperature TT 145
Ventilation Fan Q26 Temperature TT 146
Ventilation Fan Q27 Temperature TT 147
6.22.2 Modes of Control
The Pumphouse Ventilation Fans Device Group shall be controllable both locally from the
SCADA System installed at the Pump Station as well as remotely from the MCC.
6.22.3 Modes of Operation
All devices related to the Ventilation Fan Device Group shall have the following three Modes
of Operation:
Local
Manual
Automatic
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 186 of 363
Page 186 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.22.4 Group Functionality
There are six (6) DOL ventilation fans installed inside the main pump house, each with a
dedicated temperature sensor.
6.22.4.1 Main Pumphouse Ventilation Control
One of the functions of the main pumphouse ventilation fan system is to provide adequate
ventilation, ensuring safe access for personnel. When detected gas levels are above
occupational safety levels (typically 3.6% LEL – AT 184_TH), two (2) fans will automatically
start. The fans will remain running until stopped by the operator.
Automatic selection of duty and standby fans is based on run hours, as per the duty/standby
controller typical.
Note: The gas level (typically 3.6% LEL – AT 184_TH) input for this function is provided
from the Fire and Gas System as a digital input to the PCS (refer to Section Error!
Reference source not found.). This input is different from the gas level signal (typically
20% LEL – AT 184_H) from the Fire and Gas System that is used for the hardwired start
interlock to the six (6) fans. This input is also different from the gas level signal (typically
40% LEL – AT 184_HH) from the Fire and Gas System, which will interlock the Station Inlet
Isolation valve XV I1A.
6.22.4.2 Main Pumphouse Ambient Temperature Control
A second function of the main pumphouse ventilation fan system is to maintain main
pumphouse ambient temperature within a desirable range. Upon the starting of the Duty
Controller, two ventilation fans will be started regardless of the ambient conditions inside the
pumphouse.
Starting of additional fans is based on the standard operating temperature setpoint (25˚C).
The process variable (PV) will be a derived temperature measurement, based on the average
of temperatures associated with fans running. That is, if two fans are running, then the
average of the two temperature sensors will be used as PV by the process control system. If
the derived process variable exceeds the standard operating temperature setpoint by more
than a configurable temperature (typically 2˚C) for a configurable time (30 minutes) and the
duty controller is running, an additional fan will be started. The PV will then be re-calculated
based on the average of the number of temperature sensors associated with the running
fans.
Note: The ambient temperature averaging calculation will use substitute values when
temperature probes fail.
The average temperature will be calculated using all vent fan temperature sensors regardless
of whether the temperature sensors are displaying a real or substituted value.
If the PV is greater than a configurable temperature (typically 2˚C) below the standard
operating temperature setpoint for a configurable time (default 30 minutes) one of the
running fans will be stopped.
Whenever a fan has been started or stopped, the timer is reset such that multiple fans are
not started or stopped simultaneously as a function of temperature.
Automatic selection of duty and standby fans is based on run hours, as per the duty/standby
controller typical.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 187 of 363
Page 187 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.22.4.3 Start/Stop Ventilation Fans Duty Controller
The ventilation fan duty controller will be started on receipt of any of the following
conditions:
A Start Request from the Duty Controller.
A Start Request from the Station Line-up Sequencer.
A Rising edge of Combined Pump Room HC Gas Detector signal AT 184_TH (3.6%
LEL), for Ventilation Control and when in automatic.
The ventilation fan duty controller will be stopped on receipt of any of the following
conditions:
A Stop Request from the Duty Controller.
A Stop Request from the Station Isolation Sequencer.
When the Ventuilation Fans device group becomes Not Available.
The Duty Controller remains running, until a device fault occurs which causes it to stop
running, or it is stopped by the operator. Placing the group in manual mode while the
sequence is running will leave the Ventilation Fans in their current state.
6.22.5 Group Availability
6.22.5.1 Pumphouse Ventilation Fans Group Availability
The following conditions will render the Pumphouse Ventilation Fans Device Group “Not
Available”.
Table 6.22-1: Pumphouse Ventilation Fans Availability
Condition Logic
Less Than Two Fans Avail or Intlk If less than two fans are available or
Interlocked.
Less Than Two Fans Rdy for Duty If less than two fans are ready for duty (DuC).
6.22.6 Group Status
6.22.6.1 Pumphouse Ventilation Fans Group Status
6.22.6.1.1 Group Alarm Status Indications
The following Group Alarm Statuses are configured using display LEDs which are grey in the
inactive condition and red in the active condition, with an associated alarm. Refer to the
ACDB [6] for details, including the text to be used for the alarm messages.
Table 6.22-2: Pumphouse Ventilation Fans Group Alarm Status
Condition Logic
Less Than Two Fans Running
If less than two fans are running
and one or more mainline pump set is running.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 188 of 363
Page 188 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.22.6.1.2 Group Error Status Indications
Not Required.
6.22.6.1.3 Group Information Status Indications
Not Required.
6.22.7 Group Interlocks
6.22.7.1 Hardwired Interlocks
A hardwired start interlock (pulsed start signal) will be provided from the Fire and Gas
System to start all fans following detection of gas in the pumphouse. A hardwired stop signal
(pulsed signal) will be provided from the Fire and Gas system when the condition is reset in
the Fire and Gas System.
A hardwired stop interlock (pulsed stop signal) will be provided from the Fire and Gas System
to stop all fans following detection of fire (i.e. double knock, from Combined Fire Detector
signal UA 192).
6.22.7.2 PLC Interlocks
6.22.7.2.1 Q22 \ Q23 \ Q24 \ Q25 \ Q26 \ Q27: AT184_H Pump House Gas Detected
The hardwired interlocks will be duplicated in the PCS. [This interlock ensures that a control
error is not generated when the fans are controlled from the Fire and Gas System].
A start interlock will be provided from the PCS to start all fans following detection of gas at
20% LEL in the pumphouse (i.e. from Combined Pump Room HC Gas Detector signal AT
184_H).
6.22.7.2.2 Q22 \ Q23 \ Q24 \ Q25 \ Q26 \ Q27: BA184 Pumphouse Fire Detected
A stop interlock will be provided from the PCS to stop all fans following detection of fire (i.e.
double knock, from Combined Fire Detector signal UA 192), or when gas is no longer
detected within the pumphouse (i.e. from Combined Pump Room HC Gas Detector signal AT
184_H).
Note: BA 184 takes precedence over AT 184_H interlock.
6.22.8 Failure Modes
Not Required.
6.22.9 Inter-PLC Communications Interface
Not Required.
6.22.10 Graphic Representation
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 189 of 363
Page 189 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.23 Pressurisation Fans - RPP Stations
This section is associated with the control of the Pressurisation Fan Device Group and its
associated devices.
Pressurisation Systems of this type have been installed on certain stations associated with the
RPP Pipeline (where Control and Equipment Rooms have been installed within Hazardous
Areas).
6.23.1 Group Description
Pressurisation Fans are used to pressurise control rooms situated within hazardous areas for
the purposes of altering the classification of the control rooms to that of safe areas.
Two Pressurisation Air Fans are used (duty and standby), with a differential pressure switch
mounted in the control room and used to indicate whether the room is pressurised.
Pressurisation Air Fans, after running for a certain time-period (configured in the PLC) are
alternated to achieve equal run hours (duty and standby).
Pump sets may only be run with Pressurisation circulation active.
The control and monitoring functionality is achieved via the following devices:
Instruments
Room Differential Pressure PDS 15x
Pressurisation Fan Current IT 15x
Equipment
Pressurisation Fans 1, 2 Q0x, Q0y
6.23.2 Modes of Control
Control is from the SCADA system locally at the station, or remotely from the MCC or SCC.
6.23.3 Modes of Operation
All devices related to the Pressurisation Fan Group shall have the following three modes of
operation:
Local
Manual
Automatic
6.23.4 Group Functionality
6.23.4.1 Duty Controller
No sequences have been defined for the Pressurisation system but the two fans are
controlled according to the duty/standby controller typical. Automatic selection of duty and
standby status of fans is based on Run Hour differentials [Configurable in the PLC – Default
100 hours]. Note that each fan will run for a period of twice the set point, i.e. 200 hours.
If the group is ready, the duty controller is activated from a:
Start sequence Request from the SCADA
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 190 of 363
Page 190 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
An indication “control active” is indicated on the SCADA. The duty controller is now activated
and will start and stop the Pressurisation fans accordingly.
The duty controller is stopped from a:
Stop sequence Request from the SCADA
Manual mode
Group not available
6.23.4.2 Pressurisation Pressure
If the duty controller is active and the room differential pressure switch is not active after a
delay of 10 minutes (indicating a differential pressure within the Control/Equipment Room
<60Pa), the standby fan is also started, and the duty controller is switched off (duty control
not active). The operator needs to investigate the problem and restart the duty controller or
stop the standby fan in manual mode.
6.23.5 Group Availability
The following conditions render the DuC “Not Available”.
Condition Text Logic
Xxx Not Available Xxx Not Avail or Intlk Pressurisation Pump Not Available
Table 6.23-1: Pressurisation DuC Availability
6.23.6 Group Status
6.23.6.1 Group Alarm Status Indications
None defined.
6.23.6.2 Group Error Status Indications
None defined.
6.23.6.3 Group Information Status Indications
None defined.
6.23.7 Additional Device Alarms
None defined.
6.23.8 Group Interlocks
6.23.8.1 Hard-wired Interlocks
None defined.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 191 of 363
Page 191 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.23.8.2 PLC Interlocks
6.23.8.2.1 Q0x: Station Isolation
Should no fan be running, the station is isolated after a pre-configured time (Configurable in
the PLC- default 15 mins). All PLC outputs are disabled and will only be enabled once a fan
has been started in local and has run for a pre-configured time (Configurable in the PLC-
default 15 mins).
6.23.9 Graphic Representation
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 192 of 363
Page 192 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.24 Inhibitor & DRA Injection
This section is associated with the control of the Inhibitor & DRA (Drag Reducing Agent)
Injection Device Group and its associated devices.
Rust Inhibitor Systems have been installed on various stations associated with the RPP and
COP Pipelines.
DRA Injection Systems have been installed on various stations associated with the RPP
Pipeline.
6.24.1 Group Description
Inhibitor injection is used to deliver a predetermined amount of rust inhibitor into the
mainline upstream of the pump sets, for the purposes of prohibiting corrosion of the
pipelines. A variable stroke-dosing pump with a variable speed motor is used to inject
inhibitor into the mainline, dependent on the mechanical pump stroke setting and speed of
the variable speed drive. Injection rates may be set to vary between 4 ppm to 8 ppm.
Inhibitor injection into Avtur is not permitted.
Drag Reducing Agent injection is used to deliver a predetermined amount of drag reducing
agent into the mainline downstream of the mainline pump sets and control valves, for the
purposes of reducing drag and increasing flowrate. A variable stroke-dosing pump with a
variable speed motor is used to inject DRA into the mainline, dependent on the mechanical
pump stroke setting and speed of the variable speed drive. DRA injection into Avtur is not
permitted.
Separate variable stroke dosing pumps with variable speed motors are used to inject inhibitor
and DRA into the mainline.
The control and monitoring functionality is achieved via the following devices:
6.24.1.1 Inhibitor Injection Systems
Instruments
Inhibitor Tank Level LT 17x
Inhibitor Injection Pump Speed Output SC17x Inhibitor Injection Pump Speed Feedback ST17x
Equipment
Inhibitor Injection Pump X0x
6.24.1.2 DRA Injection Systems
Instruments
DRA Tank Level LT 17x
DRA Injection Pump Speed Output SC17x DRA Injection Pump Speed Feedback ST17x
Equipment
DRA Injection Pump X0x
6.24.2 Modes of Control
Control is from the SCADA system locally at the station, or remotely from the MCC or SCC.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 193 of 363
Page 193 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.24.3 Modes of Operation
All devices related to the Inhibitor/DRA Injection Group shall have the following three modes
of operation:
Local
Manual
Automatic
6.24.4 Group Functionality
6.24.4.1 Inhibitor/DRA Flow Control
If the group is in automatic, Inhibitor/DRA flow is calculated according to the injection rate
set point and mainline flow.
The following formula is used to calculate the required Dosing Pump Speed Set point for the
variable speed drive:
Dosing Pump Speed (revs) = Constant x Mainline Flow rate x Injection Rate
1 000 000
Each pump will have its own calculation with a separate Injection rate set point. Injection
rate set points will have upper and lower limits configured.
Inhibitor Injection rates may be set to vary between 4 ppm to 8 ppm, with limits of 5 to 8
ppm, included in the formula as a variable.
The Constant is defined as pump displacement expressed as the number of revolutions per
litre of product, and is calculated as follows:
Constant (revs/litre) = No. of Revs/stroke
Stroke Displacement (litres) x Mechanical Stroke Setting
No. of Revs/Stroke is defined in the Dosing Pump Manual
Stroke Displacement is defined in the Dosing Pump Manual
Mechanical Stroke Setting as set on the pump
The actual pump speed is indicated. In manual mode the operator has to set the speed set-
point to the required speed. The speed is not calculated.
6.24.4.2 Inhibitor/DRA Injection States
6.24.4.2.1 Inhibitor/DRA Injection Online
Inhibitor/DRA Injection is in an Online state if:
X0x is Running
6.24.4.2.2 Inhibitor/DRA Injection Offline
Inhibitor/DRA Injection is in an Offline state if:
X0x is Stopped
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 194 of 363
Page 194 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.24.4.3 Inhibitor/DRA Injection Sequences
6.24.4.3.1 Inhibitor/DRA Injection Online Sequence
The Inhibitor/DRA Injection Online Sequence is activated, if Ready, on receipt of:
an Online Request from the SCADA
If Ready, the Inhibitor/DRA Injection Pump will start if the HP flow rate (FTxxx) is greater
than 500l/min (configurable) and will stop when the flow-rate drops below 400 l/min
(configurable).
The following conditions while the sequence is running will result in the sequence stopping,
complete with all associated alarming and event logging:
an Offline Request from the SCADA
Inhibitor/DRA Level low-trip
Associated HP Route closed
The following conditions while the sequence is running will result in the sequence aborting,
complete with all associated alarming and event logging:
Inhibitor/DRA Injection pump Not Available (X0x) OR
Placing the Group in Manual mode
See flow diagram for details:
7.2.11.1: Inhibitor/DRA Online Sequence
6.24.5 Group Availability
6.24.5.1 Inhibitor/DRA Injection Availability
The following conditions render the Inhibitor/DRA Injection Device Group “Not Available”.
Table 6.24-1: Inhibitor/DRA Injection Availability
6.24.6 Group Status
6.24.6.1 Group Alarm Status Indications
The following Group Alarm Statuses are configured using display LEDs which are grey in the
inactive condition and red in the active condition, with an associated alarm. Refer to the
Alarm Configuration Database (3) for details including text to be used for the message.
Condition Text Logic
Inhibitor/DRA Active Inhibitor/DRA ActivePossible Hotspot
If inhibitor/DRA is running and an interface is detected an alarm “Inhibitor/DRA active” is triggered.
Condition Text Logic
X0x Not Available X0x Not Avail Refer to [3]
LT17x Low LT17x Low Inhibitor/DRA level at low-trip level
HP Route Closed HP Route Closed As determined by valve status
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 195 of 363
Page 195 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Table 6.24-2: Inhibitor/DRA Injection Group Alarm Status
6.24.6.2 Group Error Status Indications
None defined.
6.24.6.3 Group Information Status Indications
None defined.
6.24.7 Additional Device Alarms
None defined.
6.24.8 Group Interlocks
6.24.8.1 Hard-wired Interlocks
None defined.
6.24.8.2 PLC Interlocks
6.24.8.2.1 X0x: Inhibitor/DRA Tank Level Low
If a Inhibitor/DRA Tank low-trip level (LT 17x) is detected while the Inhibitor/DRA Injection
Pump (X0x) is running, the pump is interlocked off. This interlock and associated alarm is
blocked if the pump is not running.
6.24.9 Graphic Representation
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 196 of 363
Page 196 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.25 General
This section is associated with the control and monitoring of the General Device Group.
The General Device Group consists of status and tripping signals related to various systems
installed on each station, including:
PLC and ET200 24 VDC Power supplies (monitoring only)
HVAC System (monitoring only)
Fire System (monitoring only)
Siren (control only)
6.25.1 Group Description
The control and monitoring functionality is achieved via the following devices (typically):
6.25.1.1 PLC and ET200 Power Supplies
LV01 ET Panel Power Supply Fail G10_FA PLC01 Panel Power Supply Fail G51_FA
RR01 ET Panel Power Supply Fail G52_FA Metering Panel Power Supply Fail G60_FA
Comms Panel 01 Power Supply Fail G80_FA
6.25.1.2 HVAC Systems
‘Building’ HVAC1 Fail HVACx_FA ‘Building’ HVAC1 Run HVACx_ON
Server Panel 1 Temperature TT 191
VSD Room Temperature TT 192 Metering Panel Temperature TT 193
6.25.1.3 Fire Systems
Fire Systems, consisting of a Fire Water (manifolds) and Gas Suppression (buildings) systems
will be controlled locally from the fire panels located in the Fire Pump-house and Control
Room, as well as remotely from the Situation Management System installed in the National
Operating Centre (NOC). Limited interface will be provided between the Fire System and the
Process Control System, and will be used for alarming purposes only.
Note that Fire System interface is site specific – the signals listed below should be used as a
guideline only. [Note that Fire Systems installed pre-2009 and all associated equipment have
been assigned an Instrument Group Identifier of 19. Fire Systems installed post- 2009 and all
associated equipment has been assigned an Instrument Group Identifier of 18].
Fire Detection - Plant UA 181A Plant Fire System Healthy UA 181B
Fire Detection - Building UA 182
Fire Water Tank Low Level (90%) 50-LS 181
Fire Foam Concentrate Tank Low Level (90%) LS 182 Tank Bund xx HC Liquid Detection LS 18xA
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 197 of 363
Page 197 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
The Fire Detection – Plant and Fire Detection Building signals are usually composite signals of
all flame detectors/sensors using double knock detection.
6.25.1.4 Others
Terminal Siren (Alarm) 50-UA 191
6.25.2 Modes of Control
The General Device Group be controlled from the PCS either locally at the Station or remotely
from the MCC.
6.25.3 Modes of Operation
All devices related to the General Device Group shall have the following two Modes of
Operation:
Local
Manual
6.25.4 Group Functionality
6.25.4.1 LP Station Statuses
Station status bits will be generated and sent to the Line-wide PLC on receipt of the following
conditions:
Condition Text Logic
LP Routing No Valid Flow-path PRDx
LP No Valid Flow-path PRDx Applies only whilst a delivery is in progress. Refer to Section 6.31.4.3
Prover No Valid Flow-path
Prover No Valid Flow-path Applies only whilst a delivery is in progress. Refer to Section 6.36.4.4
Strainer Sxx Blocked Strainer S01 Blocked Applies only whilst a delivery is in progress. Refer to Section 6.31.4.2.1
LP Manifold Over-pressure
LP Manifold Over-pressure Applies only whilst a delivery is in progress. Refer to Section 6.30.7.3
Tank Txx Level High Tank A01 Level High Applies to Accumulator and Intermix Tanks, only whilst a delivery is in progress to the tank.
Tank Txx Overfill Protection Activated
Tank A01 Overfill Protection Applies to Accumulator and Intermix Tanks. Refer to Section 6.35.8.2.1
Sump Txx High Level Intake Sump T31 Level High
Applies to all Sump Tanks.
Table 6.25-1: General - LP Station Statuses
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 198 of 363
Page 198 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.25.4.2 HP Station Statuses
Station status bits is generated and, together with those generated on the Dispatch Control
System, sent to the Line-wide PLC on receipt of the following conditions:
Condition Text Logic
Receiver No Valid Flow-path
Receiver No Valid Flow-path Refer to Section 6.2.4.3
Receiver Fault Receiver Fault Refer to Section 6.2.4.8.9
HP No Valid Flow-path HP No Valid Flow-path Refer to Section 6.12.4.5
P0x No Valid Flow-path P0x No Valid Flow-path As per Section 6.8.4.5
HP Line Overpressure Protection
HP Line Overpressure Protection
Refer to Section 6.16.7.2.1
Sump Txx High Level Sump Txx Level High
Strainer Sxx Blocked Strainer Sxx Blocked Applies only when route is online. Refer to Section 6.13.4.2.4
Fire Detected - Plant Fire Detected - Plant Refer to Section 6.25.1.3
Fire Detected - Building Fire Detected - Building Refer to Section 6.25.1.3
Station Emergency Stop Station Emergency Stop Refer to Section 6.26.7.1.1
Table 6.25-2: General - HP Station Statuses
6.25.5 Group Availability
Not required
6.25.6 Group Status
6.25.6.1 Group Alarm Status Indications
None defined.
6.25.6.2 Group Error Status Indications
None defined.
6.25.6.3 Group Information Status Indications
None defined
6.25.7 Group Interlocks
6.25.7.1 Hard-wired Interlocks
None defined.
6.25.7.2 PLC Interlocks
None defined.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 199 of 363
Page 199 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.25.8 Failure Modes
None defined.
6.25.9 Graphic Representation
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 200 of 363
Page 200 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.26 Electrical Distribution
This section is associated with the control and monitoring of the Electrical Distribution Device
Group.
The Electrical Distribution Device Group consists of status and tripping signals related to the
electrical distribution on a station, including:
HV and MV Electrical Breakers (monitoring and control)
LV Electrical Breakers (monitoring only)
HV, MV and LV Power Fail statuses (monitoring only)
MV Generators (monitoring and control )
LV Generators (monitoring only)
UPS (monitoring only)
The Electrical Device Group includes the MV Gensets as well as the Diesel Offloading for, and
diesel supply to, the MV Gensets which are addressed in the following sections within this
document:
MV Gensets Device Group (section 6.27)
MV Generator Diesel Supply Device Group (section 6.28)
Diesel Offloading Device Group (section 6.29)
[MV Gensets are only installed on stations associated with the 24” MPP Pipeline.]
6.26.1 Group Description
The control and monitoring functionality is achieved via the following devices:
6.26.1.1 HV/MV Links
Typical electrical interface for HV/MV Links installed on stations is as follows:
MV01 L5x Closed MV01L5x CL
MV01 L5x Earthed MV01L5x EL
6.26.1.2 HV/MV Incomer Breakers
Typical electrical interface for HV/MV Electrical Breakers installed on stations associated with
the 24” MPP Pipeline is as follows:
MV01 F5x Closed MV01F5x CL
MV01 F5x Open MV01F5x OP MV01 F5x In Local MV01F5x SLO
MV01 F5x Electrical Non-Latched Trip MV01F5x ETP MV01 F5x Electrical Latched Trip MV01F5x ETR
MV01 F5x Power Fail MV01F5x UV
MV01 F5x Open Request MV01F5x O
Typical electrical interface for HV/MV Electrical Breakers installed on stations associated with
the RPP and COP Pipelines is as follows (Type 1):
MV01 F5x Closed MV01F5x1 CL
MV01 F5x Open MV01F5x OP
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 201 of 363
Page 201 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
MV01 F5x In Local MV01F5x SLO
MV01 F5x Trip Circuit Faulty MV01F5x TCF MV01 F5x Master Trip Relay MV01F5x MTR
MV01 F5x Open Request MV01F5x O
Typical electrical interface for HV/MV Electrical Breakers installed on stations associated with
the RPP and COP Pipelines is as follows (type 2):
MV01 F5x Closed MV01F5x1 CL MV01 F5x Open MV01F5x OP
MV01 F5x In Local MV01F5x SLO MV01 F5x Trip Circuit Faulty MV01F5x TCF
MV01 F5x Master Trip Relay MV01F5x MTR MV01 F5x Overcurrent Trip MV01F5x OCP
MV01 F5x Earth Fault Trip MV01F5x ELP
MV01 F5x Balanced Earth Fault Trip MV01F5x BEF MV01 F5x Electronic Protection Relay Fail MV01F5x ERP
MV01 F5x Breaker Racked Out MV01F5x BRS MV01 F5x Low Gas Alarm (SF6) MV01F5x LGP
MV01 F5x Open Request MV01F5x O
MV01 F5x Power Fail MV01F5x UV MV01 F5x Power Out of Spec MV01F5x NRS
MV01 F5x Open Request MV01F5x O
6.26.1.3 HV/MV Transformers
Typical electrical interface for HV/MV Transformers installed on stations is as follows:
MV01 F5x Buchholtz Trip MV01F5x BGF
MV01 F5x Oil Temperature High MV01F5x OTP MV01 F5x Tap Changer Out of Step MV01F5x OOS
MV01 F5x Electronic Protection Relay Fail MV01F5x ERP
6.26.1.4 50-LV01 Incomer
Typical electrical interface for LV Switchgear Panels installed on stations is as follows:
LV01 F3x Closed LV01F3x CL LV01 Power Fail LV01 UV
6.26.1.5 LV Generators
Typical electrical interface for LV Generators installed on stations is as follows:
LV Genset E06 Battery Charge Fail E06 BCF LV Genset E06 Mains On Load E06 EOF
LV Genset E06 Running E06 EON
LV Genset E06 Fuel Low E06 FLP LV Genset E06 In Local E06 SLO
LV Genset E06 Mechanical Trip E06 TVR
6.26.1.6 UPS Interface
Typical electrical interface for PCS UPS installations is via hardwired interface as follows:
Control System UPS01 Bypass LV31 BYP Control System UPS01 Fail LV31 FLT
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 202 of 363
Page 202 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Note: The LV31_FLT (low battery voltage alarm) is used to alarm the operator that
the UPS has an active fault condition. This signal is a composite of all fault conditions
on the UPS, and includes Warning, General Fault and Low Battery statuses. When
low battery has been detected within the UPS, a shutdown script is initiated on all
PCS Servers which ensures orderly shutdown.
Typical electrical interface for Electrical UPS installations (24” MPP Stations) is via hardwired
interface as follows:
Electrical UPSxx Bypass LV3xBYP
Electrical UPSxx Fail LV3xFLT
Typical electrical interface for Remote Room UPS installations (IVW and JMP Terminals) is via
hardwired interface as follows:
Remote Room UPSxx Bypass LV3x BYP
Remote Room UPSxx On Mains UPSxx FLT
Remote Room UPSxx Warning UPSxx WRN Remote Room UPSxx Static Bypass UPSxx BYP
Remote Room UPSxx Battery Low UPSxx BCF
6.26.1.7 Electrical Status
Battery Charger Fail BATTxx BCF
6.26.2 Modes of Control
The Electrical Device Group may be controlled from the PCS either locally at the Station or
remotely from the MCC.
6.26.3 Modes of Operation
All devices related to the Electrical Device Group shall have the following three Modes of
Operation:
Local
Manual
Automatic
6.26.4 Group Functionality
Not required.
6.26.5 Group Availability
Not required.
6.26.6 Group Status
6.26.6.1 Group Alarm Status Indications
The following Group Alarm Statuses are configured using display LEDs which are grey in the
inactive condition and red in the active condition, with an associated alarm. Refer to the
Alarm Configuration Database (3) for details including text to be used for the message.
Condition Text Logic
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 203 of 363
Page 203 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Condition Text Logic
Station Emergency Stop
Station Emergency Stop
[24“ MPP Pipeline stations]
Generated when all incomer breakers and MV Genset breakers show a latched trip status (ETR signal).
[RPP and COP Pipeline stations]
Generated when all incomer breakers show an open MVF5x_OP status.
MV Utility Power Restored
MV Utility Power Restored
Alarm is generated when MV Utility power is restored as detected by MVF5x_UV = 1. [Alarm is only configured for stations with MV Gensets installed.]
Table 6.26-1: Electrical Group Alarm Status
6.26.6.2 Group Error Status Indications
None defined.
6.26.6.3 Group Information Status Indications
None defined.
6.26.7 Group Interlocks
6.26.7.1 Hardwired Interlocks
6.26.7.1.1 Station Emergency Stop
Station Emergency Stop Push Buttons are installed at various locations throughout the site,
notably the guard hut, control centre and MV Building for the purposes of tripping the
Incomer and MV Generator MCB’s in the event of an emergency.
Break glass units are not required to be provided on Station sites supplied from 400VAC
Municipal Supplies, there being no requirement to isolate Incomer supply.
6.26.7.2 PLC Interlocks
None defined.
6.26.8 Graphic Representation
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 204 of 363
Page 204 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.27 MV Generator Sets
This section is associated with the control and monitoring of the MV Gensets Device Group.
The MV Gensets Device Group forms part of the Electrical Distribution Device Group, section
6.26
MV Gensets are installed on all stations associated with the 24” MPP Pipeline.
6.27.1 Group Description
MV backup generators will be installed to provide MV supply power to the site in the event of
a utility power outage. A facility will be provided for these MV generators to be started from
the MCC/SCC or local SCADA system. All electrical interlocking and protection ensuring the
safe starting of these generators remotely will be provided in the electrical protection
schemas and the operator will not be required to evaluate any of these to start/stop the MV
generators. When utility power supply is lost, auxillary power (400V AC) requirements will be
met by the respective site LV generator. However, when running, the MV generators will
meet all power requirements of the respective installed location, negating the need for the LV
and MV generators to run concurrently.
MV generators will each power one half of the MV panel board, and are each sized to handle
auxiliary power requirements as well as the starting and running of a single Mainline Pump, a
single booster pump and the starting of a second booster pump.
It should be noted that when the main utility feed is lost, the Mainline Pumps and booster
pumps in operation will shut down before the MV generators can be started in time to
reinstate power to the pumps to maintain the current pumping operation.
The MV generators are furnished with a self-diagnostic and monitoring system local to the
machine.
MV generators shall be capable of being started up and shut down remotely from the PLC,
without personnel being required to be in attendance on site.
The interface between the PLC and the respective MV Generators will be hard-wired signals
(via ETM).
Control and Monitoring functionality is achieved via the following interface signals:
Digital Inputs
MV Genset E0x Running E0xEON
MV Genset E0x in Local E0xSLO MV Genset E0x Available E0xRDY
MV Genset E0x Warning E0xWRN MV Genset E0x Mechanical Trip E0xTVR
MV Genset E0x Battery Charge Fail E0xBCF
Digital Outputs
MV Genset E0x Start Request E0xIRC MV Genset E0x Stop Request E0xIRT
6.27.2 Modes of Control
This device forms part of the Electrical Distribution device group and thus does not have its
own Mode of Control.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 205 of 363
Page 205 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.27.3 Modes of Operation
All devices related to the MV Gensets Device Group have the following modes of operation:
Local
Manual
In Local Mode the MV Generator is controlled from the local control panel at the generator.
6.27.4 Group Functionality
PLC control (starting/stopping) of the MV generator may only be performed in Manual mode
of operation. In Local mode of operation, the MV generator is controlled from the local
control panel at the generator.
Should the device be placed in Local Mode of Operation, the device status indicates a Local
status on the SCADA. Transfer of a device either from Local to Manual or vice versa is
bumpless i.e. the device shall not change state.
A start command may only be issued if the associated MV Genset has an ‘Available’
(E0x RDY) status and is not in local.
The associated Remote Stop (E0x IRT) command is available in manual of mode of operation
only.
6.27.4.1 Start-up of MV Generators
The initiation of the start-up of an MV generator is determined by the operator (i.e. not
automatic), although the sequence of starting a generator and bringing that generator on line
is automated following the operator initiation command.
When an MV generator is started, the start request output (E0x IRC) is pulsed high until the
respective running feedback (E0x EON) is received or a fault occurs. When an MV generator
is switched off, the stop request (E0x IRT) is pulsed high until the running feedback
(E0x EON) falls away.
6.27.4.2 Pump Selection – Insufficient Power Available
The number of mainline and booster pumps that can be run on emergency supply is limited
by the number and capacity of the MV Gensets installed.
The statuses of utility supply, MV Generators and associated breakers need to be taken into
account when determining the number of pumps that can be run and impacts on both pump
availability (via the Insufficient Power Available condition), and also inhibits pump start-up
(via the Insufficient Pwer Available interlock).
6.27.4.3 Shutdown of MV Genset
On restoration of utility power, the running MV Genset automatically shuts down and restores
power back to the utility in a bumpless manner via the electrical protection system.
The MV generators are also capable of being shut down locally (at site) by an Operator or
remotely by the MCC/SCC Controller via the SCADA system. In either case, no specialist
electrical qualification is required by the MCC/SCC Controller / Operator.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 206 of 363
Page 206 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.27.4.4 Unplanned Utility Power Outage
In cases of unplanned utility power outage, the mainline and booster pumps stop. The
operator may then select the MV Genset/s he wishes to run, based on the pump sets
required to be placed in operation.
The operator is only able to issue a start command to a MV Genset which has a status
‘Available' (E0x RDY). The start command is only active when the MV Genset is in remote
mode of operation. Operation of the MV Gensets and control of the respective MV Breakers is
automatically controlled within the electrical and MV Genset/s protection systems, and
requires no further operator input, other than issuing of the start/stop command.
When utility power is returned, a check is made by the Electrical Protection controller that
utility power is stable. If the utility power has returned and is stable, the MV Gensets
automatically and bumplessly change over to the utility supply. No operator action is required
to initiate this changeover.
6.27.4.5 Planned Utility Power Outage
In cases of planned Utility power outage, the operator has the ability to start selected MV
Gensets prior to the power outage occurring. In this case, the operator may select the MV
Genset/s he wishes to run, based on the Mainline Pump sets and booster pump sets required
to be maintained in operation.
The operator is only able to issue a start command to a MV Genset which has a status
‘Available' (E0x RDY). The start command is only active when the MV Genset is in remote
mode of operation.
Starting of the MV Genset/s results in the MV Genset/s automatically and bumplessly taking
over supply of power to the selected Mainline Pumps and booster pumps. Operation of the
MV Gensets and control of the respective MV Breakers is automatically controlled within the
electrical and MV Gensets’ protection systems, and requires no further operator input, other
than issuing of the start/stop command.
A configurable timer located in the MV Breakers’ Protection Systems automatically and
bumplessly changes over to Utility Supply, if the Utility supply does not fail within a
preconfigured time (default 60 minutes). No operator action is required to initiate this
changeover. A stop signal is sent to the MV Gensets, and they will shut down after a 5
minute cool down period.
6.27.4.6 Abnormal Operation
During normal operation of the MV Gensets, the bus-coupler MCB (refer to Overall Single Line
Diagram) is always left open – electrically isolating one side of the MV Switchboard from the
other.
In cases where the operator wishes to run pump sets that are not available due to supply
restrictions, operation can be made possible by closing the bus-coupler.
Closure of the bus-coupler can only be executed locally at the station, and is required to be
managed by qualified electrical personnel. Once closed, the operator is able to operate any
available MV Genset, and run any available pump set.
In cases where more pump sets are started than the MV Genset/s can supply, electrical
protection automatically load sheds pumpsets based on predefined set-points within the MV
Switchgear protection system. There is no consequential PLC action.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 207 of 363
Page 207 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.27.5 Group Availability
A Genset is available and a Start Request be issued via the PLC if the associated MV
Generator has an ‘Available' status and is in Remote mode of operation.
6.27.6 Group Status
6.27.6.1 Group Alarm Status Indications
None defined.
6.27.6.2 Group Error Status Indications
None defined.
6.27.6.3 Group Information Status Indications
None defined.
6.27.7 Group Interlocks
The following interlocks are defined for the MV Gensets Group:
6.27.7.1 Hardwired Interlocks
None defined.
6.27.7.2 PLC Interlocks
6.27.7.2.1 E0x: Mechanical Trip
Note: This trip is part of the typical.
The Mechanical Trip signal (E0x TVR) will trip the respective generator (E0x) off.
6.27.7.2.2 E0x: Bay Controller Stop
Note: This trip is part of the typical.
The bay controller stop request provides trip detection for when the generator was running
and was stopped by the bay or GenSet controllers. This is detected via a falling edge of the
run feedback (E0x EON).
6.27.8 Graphic Representation
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 208 of 363
Page 208 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.28 MV Generator Diesel Supply
This section is associated with the control and monitoring of the MV Generator Diesel Supply
Device Group.
The MV Generator Diesel Supply Device Group forms part of the Electrical Distribution Device
Group, section 6.26.
MV Generator Diesel Supplies are installed on all stations equipped with MV Gensets (i.e.
associated with the 24” MPP Pipeline).
6.28.1 Group Description
The Diesel Storage Tank provides diesel for the MV backup generators.
The Diesel Supply to the generators is responsible for diesel transfer from the Diesel Storage
Tank (T0x) to the individual Generator Day Tanks (T6x). Two Diesel Transfer Pumps (X0x
and X0y) are available for this task and are run in a duty/standby operation.
Control and monitoring functionality shall be implemented for the following devices:
Valves
Diesel Storage Tank T0x Outlet Valve XV TxE
Diesel Storage Tank T0x Outlet Valve XV TxF MV Genset E0x Day Tank Inlet Valve XV T6xA
MV Genset E0y Day Tank Inlet Valve XV T6yA
Instrumentation
Diesel Transfer Pump X0x/0y Flow FS 19x MV Genset E0x Day Tank T63 Level LT 19x
MV Genset E0y Day Tank T64 Level LT 19y MV Genset E0x Day Tank Leak Detect LSH 300A
MV Genset E0y Day Tank Leak Detect LSH 300B
Pumps
Diesel Transfer Pump X0x X0x Diesel Transfer Pump X0y X0y
6.28.2 Modes of Control
This device forms part of the Electrical Distribution device group and thus does not have its
own Mode of Control.
6.28.3 Modes of Operation
All devices related to the MV Generator Diesel Supply Device Group have the following modes
of operation:
Local
Manual
Automatic
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 209 of 363
Page 209 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.28.4 Group Functionality
The two diesel transfer pumps, one for operation and the other for standby, are used to
transfer diesel between the Diesel Storage Tank (T0x) and the respective MV backup
generators (day tanks). Each diesel transfer pump is sized to feed both day tanks
simultaneously at a higher delivery rate than the consumption rate of the two MV generators
combined.
A flow switch on the common diesel transfer pumps' discharge line is used to protect the
diesel transfer pumps against low flow and consequent over-heating.
In automatic mode, and with the Duty Controller running, the diesel transfer pumps
automatically control the filling and maintain the level of the day tanks based on high level
and low level set-points derived from the respective day tank level transmitters. A
configurable control level low (default 25%) inside one of the day tanks will:
Set the number of pumps required in the duty controller to 1.
Open the associated day tank inlet valve.
Start a diesel transfer pump and open the tank outlet valve.
Note: The pump and diesel tank outlet valve are operated in the following sequence: Open
the valve, and when opened, start the pump.
On reaching a configurable control level high (default 80%) inside the respective day tank:
Set the number of pumps required in the duty controller to 0.
The diesel transfer pump is stopped and the associated diesel tank outlet valve is
closed.
The day tank inlet valve will close.
The duty/standby controller will rotate the duty of the pumps.
The diesel transfer pump is stopped and diesel tank outlet valve is closed only if a transfer is
not online to the other MV GenSet day tank at the same time.
Cycling of supply pumps is disabled for this duty controller.
6.28.4.1 Start / Stop Diesel Supply Duty Controller
The Diesel Supply Duty Controller starts a transfer, if Ready, on receipt of:
A Start Request on the duty controller from the SCADA OR
A low signal from any of the day tanks level (LT 19x or LT 19y), provided the Duty
Controller is running.
When the duty controller is started for the first time by the operator, both tanks are filled
until the high level is reached (default 80%). When the level is reached in both tanks, the
duty controller set-point is set to 0.
When one day tank level reaches the low limit, the duty controller fills only the tank with the
low level. The other day tank is not filled.
6.28.4.1.1 Day Tank Filling Sequence
The tank filling sequence is completed in the following order:
The relevant day tank inlet valve (XV T6xA OR XV T6yA) is opened.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 210 of 363
Page 210 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
One supply leg (XV TxE AND X0x) OR (XV TxF AND X0y) is brought online by first
opening the diesel tank outlet valve and then starting the relevant pump.
When the day tank indicates a high level on both tanks, the diesel supply is stopped
(duty controller set-point set to 0).
The Duty Controller remains running until a device fault occurs, or until it is stopped
by the operator.
Placing the Group in Manual mode while the sequence is running will put the duty controller
into Stopped mode and leave devices in their current state.
The duty controller can be stopped by:
A Stop Request on the duty controller from the SCADA
When the Diesel Supply Group becomes Not Available
Note: The duty controller stops/closes all devices in the group on a stop command if in
Automatic (In Manual mode of operation, the devices remain in their current state). The duty
controller also transmits a one shot command to devices to ensure that they stop/close.
6.28.4.2 Duty Controller Response to Failure
The following failure modes exist in the duty controller when it is running.
6.28.4.2.1 Pump Trip
If one diesel transfer pump is running and trips or their respective valves are in
control error, the standby pump will start automatically, provided the group is in
Automatic mode.
If two pumps trip (or their respective valves are in control error), the duty controller
will go to stopped mode and retain its current state.
6.28.4.2.2 Diesel Tank Outlet Valve Failure
If the diesel tank outlet valve fails to open during Pump Start, the duty controller
switches to the other pump.
If the diesel tank outlet valve is in wirebreak, the duty controller switches, and relies
on the pump interlocks to stop the pump as needed.
6.28.4.2.3 Day Tank Inlet Valve
If one day tank inlet valve fails to open, the duty controller takes no action and
continues to run.
If both day tank inlet valves fail to open, the duty controller goes to a stopped state
due to Availability.
If any valve fails to close, the duty controller carries on running as the tank is
protected by level interlocks.
6.28.4.2.4 Level Transmitter Hardware Fault While Transferring to a Tank
A Level Transmitter hardware fault causes the duty controller to go to a stopped state when
the day tank valve opens. This is protected by setting the hardware fault substitute value to
88%.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 211 of 363
Page 211 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.28.4.2.5 Level Transmitter Hardware Fault While Not Transferring
A Level Transmitter hardware fault removes Availability and stops the pumps running through
the interlock from the substitute value of 88%.
6.28.4.3 Diesel Supply Flags
6.28.4.3.1 Tank Inlet Valve Not Available OR Tank Level High
The "Tank Inlet Valve Not Available OR Tank High Level" availability indicates as follows:
Tank High Trip Level (LT 19x) OR
Tank Level (LT 19x) Fault OR
Inlet Valve (XV T6xA) Not Available
AND
Tank High Trip Level (LT 19y) OR
Tank Level (LT 19y) Fault OR
Inlet Valve (XV T6yA) Not Available
6.28.4.3.2 Pump and Valve Not Available
T0x Outlet Valve (XV TxE) OR
Transfer Pump (X0x) Not Available
AND
T0x Outlet Valve (XV TxF) OR
Transfer Pump (X0y) Not Available
6.28.5 Group Availability
6.28.5.1 Diesel Supply Availability
The following conditions render the Diesel Supply group “Not Available”:
Condition Text Logic
Tank Inlet Valve Not Available or Tank High Level
Day Tk Vlv Not Avail or Lvl High Refer to Section 6.28.4.3.1
Pump and Valve Not Available Pump and Vlv Not Avail or Intlk Refer to 6.28.4.3.2
Table 6.28-1: Diesel Supply Availability
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 212 of 363
Page 212 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.28.6 Group Status
6.28.6.1 MV Generator Diesel Supply Group Status
6.28.6.1.1 Group Alarm Status Indication
None defined.
6.28.6.1.2 Group Error Status Indication
None defined.
6.28.6.1.3 Group Information Status Indication
None defined.
6.28.7 Group Interlocks
The following interlocks have been defined for the Diesel Supply Group:
6.28.7.1 Hardwired Interlocks
None defined.
6.28.7.2 PLC Interlocks
6.28.7.2.1 X0x / X0y: Diesel Storage Tank Level Low Trip
If a low level trip (LT 19x) is reached, the Diesel Transfer pumps (X0x and X0y) are
interlocked off. This interlock’s associated alarm will be suppressed if the route is not online
and pump not running.
6.28.7.2.2 X0x / X0y: Diesel Transfer Pump No Flow
If a low flow (FS 19x) is detected for a configurable time (2 seconds) while a Diesel Transfer
pump is running, both Diesel Transfer pumps (X0x and X0y) are interlocked off. This interlock
and associated alarm will be blocked if the pump is not running.
6.28.7.2.3 X0x / X0y: MV Generator E0x Day Tank Level High Trip
If a high level trip (LT 19x) is reached, both pumps (X0x and X0y) are interlocked off.
6.28.7.2.4 X0x / X0y: MV Generator E0y Day Tank Level High Trip
If a high level trip (LT 19y) is reached, both pumps (X0x and X0y) are interlocked off.
6.28.7.2.5 XV T6xA: MV Generator E0x Day Tank Level High Trip
If a high level trip (LT 19x) is reached, the Day Tank Inlet valve (XV T6xA) is interlocked
closed.
6.28.7.2.6 XV T6yA: MV Generator E0y Day Tank Level High Trip
If a high level trip (LT 19y) is reached, the Day Tank Inlet valve (XV T6yA) is interlocked
closed.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 213 of 363
Page 213 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.28.7.2.7 XV T6xA: MV Generator E0x Day Tank Leak Detect Trip
If a high level (LSH 300A) is reached, the Day Tank Inlet valve (XV T6xA) is interlocked
closed.
6.28.7.2.8 XV T6yA: MV Generator E0y Day Tank Leak Detect Trip
If a high level (LSH 300B) is reached, the Day Tank Inlet valve (XV T6yA) is interlocked
closed.
6.28.7.2.9 X0x: No Valid Flow-path Trip
A Flow-path exists if the following conditions are met:
X0x Running AND
(XV TxE AND (XV T6xA OR XV T6yA))
Note that the "Open" state is required from each device.
6.28.7.2.10 X08: No Valid Flow-path Trip
A Valid Flow-path exists if the following conditions are met:
X0y Running AND
(XV TxF AND (XV T6xA OR XV T6yA))
Note that the "Open" state is required from each device.
6.28.8 Failure Modes
None defined.
6.28.9 Graphic Representation
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 214 of 363
Page 214 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.29 MV Generator Diesel Offloading
This section is associated with the control and monitoring of the MV Generator Diesel
Offloading Device Group.
The MV Generator Diesel Offloading Device Group forms part of the Electrical Distribution
Device Group, section 6.26.
MV Generator Diesel Offloading is installed on all stations equipped with MV Gensets (i.e.
associated with the 24” MPP Pipeline).
6.29.1 Group Description
The Diesel offloading facilities are used to transfer diesel from a road tanker to a dedicated
Diesel Storage Tank T0x. The Diesel Storage tank provides the diesel for the MV backup
generators. No custody transfer or volume measurement is provided.
The Tank Inlet valve (XV TxA) has been identified as a safety shutoff valve in terms of API
1004 and will be kept closed by means of an Automatic Close command until a start request
from the batch controller is received.
Control and monitoring functionality shall be implemented for the following devices:
Valves and Pumps
Diesel Storage Tank T0x Inlet Valve XV TxA
Diesel Offloading Pump X0x X0x
Instrumentation
Diesel Storage Tank T0x Level LT 19x Diesel Offloading Pump X0x Flow FS 71x
Diesel Offloading Earth Monitor FQY 71xB Diesel Offloading Pump X0x In Field Local X0x_FLO
Diesel Offloading Pump X0x Field Start Request X0x_FRC
6.29.2 Modes of Control
This device forms part of the Electrical Distribution device group and thus does not have its
own Mode of Control.
All devices related to the Diesel Offloading shall only be controllable locally in the field at the
terminal.
6.29.3 Modes of Operation
All devices related to the MV Generator Diesel Offloading Device Group have the following
modes of operation:
Local
Manual
The transfer pump X0x and Safety Shut-off valve (XVTxA) are always in automatic mode.
They are controlled by sequences triggered from the LOP. No manual control from the
control system is permitted.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 215 of 363
Page 215 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.29.4 Group Functionality
6.29.4.1 Diesel Offloading Pump
A ground switch (FQY 71xB) is used to earth the road tanker prior to offloading. The ground
switch is interlocked with the Diesel Off-loading pump (X0x) and Diesel Storage Tank T0x
Inlet valve (XV TxA) via the PLC. This caters for the scenario where the road tanker pump is
used to transfer product.
A Diesel Offloading pump (X0x) is used to transfer diesel from the road tanker to the Diesel
Storage Tank T0x in cases where the road tanker does not have its own offloading pump. If
the Road Tanker Pump selector switch (X0x_FLO) = 0, the road tanker’s own pump is used.
A bypass around the Diesel Offloading pump (X0x) is used where the road tanker is equipped
with its own offloading pump.
Field Switches enable the operator to select between Diesel Offloading Pump (X0x) and the
road tanker pump, as well as to issue a start command to the PLC. Transfer is stopped via
the E-STOP located in the field.
6.29.4.2 Diesel Offloading Start Request
On receipt of a Field Start Request (X0x_FRC = 1) and with the Diesel Offloading Pump
selected (X0x_FLO = 1), the PLC will open the Diesel Tank Inlet valve XV TxA if available.
When the valve is Open the Transfer pump X0x is started. Should the pump E-Stop
(X0x_RES) be activated, the Transfer pump will be stopped and the Diesel Tank inlet valve is
closed.
On receipt of a Field Start Request (X0x_FRC = 1) and with the Road Tanker Pump selected
(X0x_FLO = 0), the PLC will open the Diesel Tank Inlet valve XV TxA. Should the E-Stop be
activated, the Diesel Tank inlet valve (XV TxA) is closed, and therefore the pump will stop.
The start request signal is displayed on the SCADA graphic
The PLC prevents the Diesel Offloading Pump (X0x) from starting and the Diesel Storage
Tank T0x inlet valve (XV TxA) from opening via the Offloading Grant Availability, if the
following conditions are met:
Tank level high LT 19x
Ground switch not connected FQY 71xB
A flow switch on the diesel offloading pump discharge is used to protect the pump against
low flow by stopping the pump.
6.29.5 Group Availability
6.29.5.1 Offloading Grant
The following conditions render the Device Group “Not Available” and automatic sequences
will be inhibited:
Condition Text Logic
No FQY71xB Earth Offload Earth Monitor Not Conn
The No FQY71xB Earth availability status indicates that Diesel Offloading Earth monitor signal indicates an unhealthy state
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 216 of 363
Page 216 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
X0x Not Available X0x Selected and Not Avail
X0x Not Available AND Selected for operation. If NOT selected for operation, this is always True.
XVTxA Not Available XVTxA Not Avail Refer to [3]
LT19x Tank Level High Tank T0x Level High The Diesel Storage Tank T0x Level is above the configured high level alarm set-point
Table 6.29-1: MV Generator Diesel Offloading Availability
6.29.6 Group Status
6.29.6.1 Group Alarm Status Indications
None defined.
6.29.6.2 Group Error Status Indications
None defined.
6.29.6.3 Group Information Status Indications
None defined.
6.29.7 Group Interlocks
The following interlocks are defined for the Diesel Offloading Group:
6.29.7.1 Hardwired Interlocks
None defined.
6.29.7.2 PLC Interlocks
6.29.7.2.1 XV TxA: Diesel Storage Tank Level High Trip
If a Level High Trip (LT 19x) is detected, the Diesel Storage Tank T0x Inlet valve (XV TxA) is
interlocked closed.
6.29.7.2.2 X0x: Diesel Storage Tank Level High Trip
If a Level High Trip (LT 19x) is detected, the Diesel Offloading Pump (X0x) is interlocked off.
6.29.7.2.3 X0x: Diesel Offloading No Flow Trip
If a low flow (FS 71x) is detected for a configurable time (2 seconds), the Diesel Offloading
Pump (X0x) is interlocked off. This interlock and associated alarm is blocked if the Pump is
not running.
6.29.7.2.4 XV TxA: Diesel Offloading Earth Switch Not Connected
If the Earth switch (FQY 71xB) is not connected, the Diesel Storage Tank T0x Inlet valve
(XV TxA) is interlocked closed.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 217 of 363
Page 217 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.29.7.2.5 X0x: Diesel Offloading Earth Switch Not Connected
If the Earth switch (FQY 71xB) is not connected, the Diesel Offloading Pump (X0x) is
interlocked off.
6.29.8 Graphic Representation
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 218 of 363
Page 218 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.30 LP Routing – General
This section is associated with the control and monitoring of the LP Routing – General Device
Group.
The LP Routing – General Device Group contains devices and instrumentation that are
common to all LP manifolds.
Product-specific LP Routing is addressed as separate device groups, in Section 6.31.
LP Routing flow control is addressed as a separate device group, in Section 6.33.
6.30.1 Group Description
The device group enables the control and monitoring of devices and instrumentation common
to LP Manifolds installed at all intake and delivery stations.
Control and monitoring functionality is achieved via the following devices, which are all
common to the LP Product Routing Groups:
Valves
LP Header Valve XV HxA/B
Instrumentation
LP Manifold Over-Pressure Protect PS 801 (RPP/COP Installations)
LP Manifold Over-Pressure Protect PT 801 (24” MPP Installations)
LP PRV Flow Detection FS 80x
LP Routing Switching Panel DH 80
6.30.1.1 LP Strainers
Dual LP Strainers form a separate device group enabling local operation of strainers outside
of the LP Routing device group. Refer to Section 6.13 for details.
Single Strainers form part of the LP Routing device group.
6.30.2 Modes of Control
LP Routing – General device group may be controlled from the PCS either locally at the
Station or remotely from the MCC.
This device group has the same Mode of Control as all LP Routing – Product device groups
i.e. they are handed over as one.
6.30.3 Modes of Operation
All devices related to the Prover shall have the following three Modes of Operation:
Local
Manual
Automatic
The LP Routing Switching Panel DH 80 shall only be able to be accessed locally from within
the Density Hut.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 219 of 363
Page 219 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.30.4 Group Functionality
6.30.4.1 Common Header Valves
Where Header valves have been installed that are common to all products and must
therefore be controlled by all product groups from the respective product routing screens,
these valves shall remain in manual mode of control unless required by a sequence.
Sequences (notably the stop intake/delivery sequence) will interlock the relevant header
valve for the duration of the control request.
6.30.4.2 No Valid Flow-path Status
A LP Routing No Valid Flow-path status is determined by any of the valves on the route being
in a Not Open OR Wirebreak state. This status is used for mainline pump interlocking
purposes.
6.30.4.3 Product Identification: SCADA Line Colouring
Product Identification and the associated SCADA Line coloring for common LP manifolds
handling multi-products will be determined by valve status and interface detection. Line
coloring will not differentiate between different grades of the same product where the
product is determined by interface detection.
Product Identification and the associated SCADA Line coloring for dedicated product
manifolds will be fixed (dedicated) and will differentiate between different grades of product
where possible.
6.30.4.4 Density Hut DH80
LP switching facilities within the Density Hut is no longer supported by the PCS (switching
between LP primary and transition routes is supported using Routing Matrix functionality).
6.30.5 Group Availability
The statuses of the valves and strainers within this group will be used to implement route
availabilities as defined in the LP Routing Sections.
6.30.6 Group Status
6.30.6.1 Group Alarm Status Indications
The following Group Alarm Statuses are configured using display LEDs which are grey in the
inactive condition and red in the active condition, with an associated alarm. Refer to the
Alarm Configuration Database (3) for details including text to be used for the message.
Condition Text Logic
LP Manifold Over-Pressure Protect
LP Manifold Over-Pressure Protect
Refer to Section 6.30.6.1.1
Strainer Sxx Blocked Strainer Sxx Blocked Refer to Section 6.30.6.1.2
Table 6.30-1: LP Routing Group Alarm Status
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 220 of 363
Page 220 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.30.6.1.1 LP Manifold Over-Pressure Protect
If over-pressure in the LP Manifold is detected (PS 80x or PT 80x), an alarm shall be issued.
This alarm is reset once the pressure falls below the high-trip set-point.
6.30.6.1.2 Strainer Blocked (Single Strainers)
If the duty strainer indicates a high differential pressure, an alarm shall be issued. This alarm
is reset once both the strainer valves are closed.
6.30.6.2 Group Error Status Indication
None defined.
6.30.6.3 Group Information Status Indication
None defined.
6.30.7 Group Interlocks
6.30.7.1 Hardwired Interlocks
None defined.
6.30.7.2 PLC Interlocks
The following interlocks are part of this device group:
6.30.7.3 XV HxA: Line Over-Pressure Protection
On high-trip pressure within the LP Manifold as detected by PT 80x, interlock close XV HxA.
[Note: Where pressure switches are installed for detection of Line Over-Pressure, these are
used for alarming purposes only.]
6.30.8 Graphic Representation
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 221 of 363
Page 221 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.31 LP Routing - Product
This section is associated with the control of LP Routing – Product device groups and their
associated devices.
Dedicated product LP manifolds are installed on all intake and delivery stations and are used
to take product in from client tanks on intake stations, and to deliver product to client tanks
on delivery stations. In most instances, dual meter manifolds have been installed on
dedicated product manifolds to facilitate open switching of the same product between clients.
Single meter manifolds have been installed on intermix manifolds.
All product transfers to and from clients are custody metered to API Manual of Petroleum
Measurement Standards, and in accordance with RSA Trade and Legal Metrology Act
requirements. Custody Metering Systems are installed on all intake and delivery stations, and
utilize dedicated flow computers interfaced to turbine flow meters for volumetric
measurement of product transfers. Volumes are compensated for pressure, temperature and
density.
6.31.1 Group Description
LP Product (Metering) manifolds installed on TPL sites comprise of de-aerators, strainers,
turbine meters, flow conditioners where required, proving systems, consignee/nor valves and
metering instrumentation (temperature, pressure and density measurements). On intake
sites, product passes from the consignor valve to the meter and then to the prover; whilst on
delivery sites, product passes through the prover followed by the meter and lastly the
consignee valve.
Backpressure is maintained on the turbine flow meters by means of pressure-sustaining
valves where necessary. Meters are calibrated regularly using permanent on-site large
volume pipe prover facilities, comprising of bi-directional provers with flow direction
controlled by means of four-way valves.
LP Routes are able to be controlled both manually and automatically from the PCS. In
automatic, routing sequences are controlled from a LP Routing Matrix, and comprise of Open
Route, Start Intake/Delivery, and Stop Intake/Delivery sequences.
Batch limit alarms, standard volumes, flow rates, temperature and pressure values will
however be interfaced from the CMS to the PCS for monitoring purposes.
The PCS shall only support open and closed switching operations (CMS does not support fly-
switching).
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 222 of 363
Page 222 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
XVH3A
CLIENT 2
CLIENT 1XVM1E ZVM1AFT811
XVM2E ZVM2AFT812 XVCC2
XVCM2
XVH1A XVCC1
XVCM1
XVH5A
CVH0J XVH0A XVY1KHP
MANIFOLD
PROVER
Figure 6.31-1: Typical LP Product Routing Manifold Layout (Intake Station)
Figure 6.31-2: Typical LP Product Routing Manifold Layout (Delivery Station)
Control and monitoring functionality is typically achieved via the following devices:
6.31.1.1 Field Signals hard-wired to the PLC
Valves
Common Header Valve XV H0A
Manifold x Header Valve XV HxA
Strainer Sxx Inlet Valve XV SxA Strainer Sxx Outlet Valve ZV SxE
Manifold x Meter Inlet Valve XV MxA Manifold x Meter Outlet Valve ZV MxE
Manifold x Distribution Valve XV Dxx Consignor/Consignee Valve XV Cxx
Tank Txx Inlet Valve XVTxA
Instrumentation
Manifold x Sample Flow FS 8xx
Consignor/Consignee Feeder Line Pressure PT 8xx Strainer Sxx Diff Pressure PDT 8xx
XVH3B
CLIENT 2
CLIENT 1
XVCM1
XVCC1
XVT2A
XVM1AZVM1E FT811
XVM2AZVM2E FT812XVDM2
XVDC2
XVT2C
ZVS1E ZVS1A XVH1B
A01
XVDM1
XVDC1
XVT2BT2T2
XVH5B
CVH0J XVH0A
XVH1C CVA1J
XVH5A
XVH3A
XVH1AHP
MANIFOLD
XVT2EZVA1A
S01
X01XVG1E CVG1J
T1T1XVT1EZVX1A
T2T2
BLEND
ACC TANK
TRANSFER
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 223 of 363
Page 223 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
* Devices form part of another group / PLC
6.31.1.2 Field Signals hardwired to CMS Flow Computer (FC)
[These signals are not interfaced to the PCS, but are listed here for information]
Instrumentation
Manifold x Metering Flow FT 8xx
Manifold x Metering Pressure PT 8xx
Manifold x Metering Temperature TE 8xx Manifold x Metering Density DT 8xx (Not Used)
6.31.1.3 Signals hardwired between the Flow Computer (FC) and PLC
FC to PLC
Manifold x Metering Flow - Uncompensated FT 8xx_S1 Manifold x Metering Flow - Compensated FT 8xx_S2
FC-PLC Communication failure UA 8xx
PRD1 Batch Limit 1 MxxBL1 PRD1 Batch Limit 2 MxxBL2
PLC to FC
PRD1 Raw Pulse Enable Mxx MxxRPE
Logical Consignor/Consignee Valve status XV CxxA
6.31.1.4 Modbus Signals between the Flow Computer (FC) and PLC
FC to PLC
Manifold x Metering Pressure PT 8xx
Manifold x Metering Temperature TT 8xx
6.31.2 Modes of Control
LP Routing – Product device groups may be controlled from the PCS either locally at the
Station or remotely from the MCC.
These device groups have the same Mode of Control as LP Routing – General device group
i.e. they are handed over as one.
6.31.3 Modes of Operation
All devices related to the LP Routing – Product device groups shall have the following three
Modes of Operation:
Local
Manual
Automatic
6.31.4 Group Functionality
6.31.4.1 Metering / Flow Computer Interface (Hardwired)
[The following hardwired interface relates to Emerson Spectratech S600 Flow Computers]
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 224 of 363
Page 224 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.31.4.1.1 Compensated Flow
Flow compensation of Metering Flow is done in the CMS Flow computer, and is hardwired to
the PLC as FT 8xx_S2. The compensated flow is used for flow control.
6.31.4.1.2 Uncompensated Flow
An uncompensated flow signal is also available in the CMS Flow computer, and is hardwired
to the PLC as FT 8xx_S1.
6.31.4.1.3 Supervisory communication failure (FC-PLC)
This digital input is send to the control system for alarming purposes and indicates when
communications between the FC and PLC is lost. Loss of communications will have an impact
on the standard volume, metering pressure and temperature displays on the PCS.
6.31.4.1.4 Batch limit 1 and 2
These digital inputs are sent to the control system for alarming purposes and are used to
alarm the operator when the calculated time remaining for completion of a product transfer is
less than the respective batch limits configured i.e. nearing completion.
6.31.4.1.5 Raw pulse enable
The PLC sends a signal (digital output) to the specific metering flow computer depending on
the following conditions:
LP route online for that meter
Prover online for that product
Prover content correct for that Product to be proved.
Prover available (refer to Section 7.2.13.1)
The purpose of this signal is to tell the relevant stream computer to enable its raw pulse bus
output, to enable proving for that stream. Only one raw pulse enable per prover, can be high
at any one time.
6.31.4.1.6 Logical Consignor/Consignee Status
Logical valves (PLC digital outputs) are hardwired to the respective Flow Computers and act
as consignee valves by giving feedback when a route is changed from closed to not closed
status. In order to ensure that metering is initiated when a consignee valve is opened in the
field, PLC Interlocking ensures that an associated logical valve is opened when the consignee
valve moves off its closed limit.
The PLC sends a signal (digital output) to the specific metering flow computer indicating from
which consignor a delivery is online. There are a maximum of twenty consignor valves per
flow computer. Logic “1” indicates a logical consignee valve is closed.
Midnight-switching is implemented as an End-Of-Day Report as detailed in the Custody
Metering System URS [13].
6.31.4.2 Single Strainer Flags
Where dual strainers have been installed, refer to Section 6.13.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 225 of 363
Page 225 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
These flags are raised by the process control software as configured on the Strainer block.
The flags are used to generate Group Status Indications, Group Availability Indications and
for Group Event and Group Alarm logging. The triggering of each flag is described here in
detail.
Single strainers are usually installed per meter manifold.
6.31.4.2.1 Strainer Sxx Blocked
Set strainer Sxx blocked if:
PDT 8xx high for 5 seconds
Reset strainer Sxx blocked if:
PDT 8xx Not high AND
XV SxA is Closed AND
ZV SxE is Closed
The Strainer Blocked flag is indicated on the SCADA per strainer.
Alarm and trip set points on PDT 8xx shall be configured so as to give the operator enough
time to take corrective action on receipt of the alarm.
6.31.4.3 No Valid Flow-path Status
A LP Routing No Valid Flow-path status is determined by any of the valves on the route being
in a Not Open OR Wirebreak state. This status is used for mainline pump interlocking
purposes.
6.31.4.4 CMS – PCS Interface
Primary and Transition Route concepts (including route numbers) are no longer supported in
the PCS.
Automatic switching based on Batch limits (BL2) will no longer be provided; alarms generated
on batch limits will still be issued.
Control of open route, start intake/delivery, stop intake/delivery will be provided in a Routing
matrix form in the PCS environment. Volumes will be entered directly into the CMS and will
be downloaded to the flow computer for triggering of configurable batch limit alarms.
Flow set-points will be entered directly into the Control valve faceplate in the PCS
environment.
The following metering information will be displayed on the PCS System: standard volumes,
flow rate, batch limit alarms, temperature and pressure.
6.31.4.5 LP Routing Matrix
Control of Open Route, Start Intake/Delivery and Stop Intake/Delivery sequences will be
controlled in a LP Routing Matrix. For Routing Matrix details refer to Section 4.9.
Routing availability will be indicated on the LP Routing Matrix by means of colour. Start
Intake/Delivery Sequences are only available to be run when the associated route has been
successfully opened. Stop Intake/Delivery Sequences are always available to be run,
regardless of the associated sequence availability.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 226 of 363
Page 226 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Switches may either be open or closed switches, depending on the order in which the
operator chooses to run the various sequences. The requirement for closed switching may be
encoded using sequence availability based on route status.
The practice of fly-switching within the same flow computer will no longer be permitted at
any of TPL custody metering stations or supported by the Custody Transfer Metering Flow
Computers. To facilitate this requirement, Start Intake/Delivery sequences to the same
destination through the same meter may never be run simultaneously (this is encoded using
sequence availability based on route status).
6.31.4.6 LP Open Route Sequence
An Open Route Sequence is initiated from:
an Open Route Request from the SCADA
If Ready, the route is opened by simultaneously opening/closing all appropriate valves.
The purpose of the Open route sequence is to prepare the LP Manifold for an intake/delivery.
The Open Route Sequence will be available if the associated valves are available.
See LP Routing Tables for details:
Table 6.31-1: LP Routing Tables (Intake Manifold)
Table 6.31-2: LP Routing Tables (Delivery Manifold)
Open Route indication will be given once all valves associated with the route that are
required to be open are open, all valves associated with the route that are required to be
closed are closed, and flow paths exist through the relevant strainer/s and prover.
See LP Open Route flow diagrams for details:
7.2.12.3: Typical LP Open Route Sequence (Intake Manifold)
7.2.12.8: Typical LP Open Route Sequence (Delivery Manifold)
Any faults during the Open Route sequence will result in the sequence continuing, complete
with all associated alarming and event logging. Placing the Group in Manual mode while the
sequence is running results in the sequence aborting.
6.31.4.6.1 Intake Stations
This sequence is based on dual meter manifolds to a single HP destination and is station
dependent.
Note: Step (i) is not executed if a delivery of the same product is already in progress
(selected product header valve is open).
i) First: Close product meter outlet valve on the second meter manifold
(same product)
Close all product consignor valves and associated logical consignor
statuses (same product) ii) Then:
Close selected meter outlet valve
Close selected product consignor valve and associated logical
consignor status (to ensure a new delivery is started)
iii) Finally:
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 227 of 363
Page 227 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Open selected product consignor valve and associated logical
consignor status
Open destination (common) header valve
6.31.4.6.2 Delivery Stations
Route from HP to Consignee:
This sequence is based on dual meter manifolds and is station dependent.
Note: Step (i) is not executed if a delivery is already in progress to any destination (any
product header valve is open).
i) First:
Close common header valve
Then:
Close selected product header valve/s and interlock closed other
product header valves
Interlock closed selected product blend valve
Enable Strainer software (where dual strainers have been installed)
Note: Step (ii) is not executed if a delivery of the same product is already in progress
(selected product header valve is open).
ii) Then: Close product meter inlet valve, distribution valves on the second
meter manifold (same product)
Close all other product consignee valves and associated logical
consignee statuses (same product)
iii) Then: Close selected product meter inlet valve and other distribution valves
on the selected meter manifold
Close selected product consignee valve and associated logical
consignee status (to ensure a new delivery is started) iv) Finally:
Open selected product distribution valve
Open selected product consignee valve and associated logical
consignee status Open common header valve
Close selected tank outlet valves, open other valves on the route to
the tank (for deliveries into a Tank)
Route from Accumulator Tank to Consignee:
This sequence is based on dual meter manifolds and is station dependent. This route is
only available when all routes from HP are closed i.e. a closed switch.
i) First: Close selected product header valve/s and interlock closed other
product header valves
Interlock closed selected product blend valve
Enable Strainer software (where dual strainers have been installed)
ii) Then: Close product meter inlet valve, distribution valves on the second
meter manifold (same product)
Close selected product meter inlet valve, distribution valves on the
selected meter manifold
Close all product consignee valves and associated logical consignor
statuses (same product) iii) Finally:
Open selected product distribution valve
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 228 of 363
Page 228 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Open selected product consignor valve and associated logical
consignor status
Close selected tank inlet valve, open other valves on the route from
the tank (for deliveries from a Tank)
6.31.4.7 Start Intake/Delivery Sequence
A Start Intake/Delivery Sequence is initiated from:
A Start Intake/Delivery Request from the SCADA
If Ready, the route is opened by simultaneously opening/closing all appropriate valves.
The Start Intake/Delivery Sequence will in certain instances close other intake/delivery routes
that are open once the selected intake/delivery is Online, as part of the sequence (e.g. The
primary route on cross-product switches and switches from intermix should close as soon as
an associated route is online, station dependent).
The Start Intake/Delivery Sequence will be available only if the associated route is open, and
associated valves are available.
See LP Routing Tables for details:
Table 6.31-3: LP Routing Tables (Intake Manifold)
Table 6.31-4: LP Routing Tables (Delivery Manifold)
Start Intake Route indication will be given once all valves associated with the route that are
required to be open are open, all valves associated with the route that are required to be
closed are closed, and flow paths exist through the relevant strainer/s and prover.
See LP Start Intake/Delivery flow diagrams for details:
7.2.12.4: Typical LP Start Intake Sequence (Intake Manifold)
7.2.12.9: Typical LP Start Delivery Sequence (Delivery Manifold)
All faults occurring whilst opening or closing a route during a Start Intake/Delivery Sequence
shall result in the following action being taken, complete with all associated alarming and
event logging procedures:
Close Switch Open Switch
Close
Primary
Open
Transition
Open
Transition
Close
Primary
Single Manifold Continue Continue Abort Continue
Dual Manifold Continue Continue Abort Continue
6.31.4.7.1 Intake Stations
This sequence is based on dual meter manifolds to a single HP destination and is station
dependent.
i) First:
Open selected product header valve
ii) Then: Open selected product meter outlet valve
The intake is now online.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 229 of 363
Page 229 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
All faults during this stage of the Start Intake sequence will result in the
sequence aborting complete with all associated alarming and event logging
procedures.
iii) Finally, close all other open routes, including cross product routes (station dependent):
Close product meter outlet valve on the second meter manifold
(same product) Close all other selected product consignor valves and associated
logical consignor statuses (same product)
Interlock closed other product manifold header valves (different
products)
Any faults during this stage of the Start Intake Route sequence will result in the
sequence continuing, complete with all associated alarming and event logging.
Placing the Group in Manual mode while the sequence is running results in the
sequence aborting.
6.31.4.7.2 Delivery Stations
Route from HP to Consignee:
This sequence is based on dual meter manifolds and is station dependent.
i) First: Open selected product metering inlet valve
Close selected product header sacrificial ball valve (to protect EPV
Header, where installed)
ii) Then: Open selected product header EPV valve
iii) Then:
Open common header valve
Open selected product header sacrificial ball valve (where installed)
The delivery is now online.
All faults during this stage of the Start Delivery sequence will result in the
sequence aborting complete with all associated alarming and event logging
procedures.
iv) Finally, close all other open routes, including cross product routes (station
dependent):
Close product meter inlet valve, distribution valves on the second
meter manifold (same product) Close other distribution valves on the selected meter manifold.
Close all other selected product consignor valves and associated
logical consignor statuses (same product)
Interlock closed other product manifold header valves (different
products)
Any faults during this stage of the Start Delivery sequence will result in the
sequence continuing, complete with all associated alarming and event logging.
Placing the Group in Manual mode while the sequence is running results in the
sequence aborting.
Route from Accumulator Tank to Consignee:
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 230 of 363
Page 230 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
This sequence is based on dual meter manifolds and is station dependent. This route is
only available when all routes from HP are closed i.e. a closed switch.
i) First: Open selected product metering inlet valve
ii) Then:
Open selected product header valve
iii) Finally: Start Accumulator Pump
The delivery is now online.
All faults during this stage of the Start Delivery sequence will result in the
sequence aborting complete with all associated alarming and event logging
procedures.
6.31.4.8 Stop Intake/Delivery Command
A Stop Intake/Delivery Sequence is initiated from:
A Stop Intake/Delivery Request from the SCADA
If Ready, the route is closed by simultaneously closing all associated valves.
The Stop Intake/Delivery Sequence will close all intake/delivery routes associated with a
particular product. Other different product routes that are open will need to be closed using
the respective product Stop Intake/Delivery sequences.
Note that availability is not a prerequisite for running a Stop Intake/Delivery sequence.
See LP Stop Intake/Delivery flow diagrams for details:
7.2.12.5: Typical LP Stop Intake Sequence (Intake Manifold)
7.2.12.10: Typical LP Stop Delivery Sequence (Delivery Manifold)
Any faults during the Stop Intake/Delivery sequence will result in the sequence continuing,
complete with all associated alarming and event logging. Placing the Group in Manual mode
while the sequence is running results in the sequence aborting.
6.31.4.8.1 Intake Stations
This sequence is based on dual meter manifolds to a single HP destination and is station
dependent.
Note: Step (i) is not executed if a delivery of a different product is already in progress
(different product header valve is open).
i) First:
Close destination (common) header valve ii) Then:
Close selected product header valve
iii) Finally close all valves on both same product manifolds (dual meter manifolds):
Close selected product meter outlet valve
Close product meter outlet valve on the second meter manifold
(same product) Close all product consignor valves and associated logical consignor
statuses (same product)
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 231 of 363
Page 231 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.31.4.8.2 Delivery Stations
Route from HP to Consignee:
This sequence is based on dual meter manifolds and is station dependent.
Note: Step (i) is not executed if another delivery is already in progress to any other
destination (any other product header valve is open).
i) First:
Close common flow control valve (set to auto and close)
Then:
Close common header valve
ii) Then:
Close selected product header valve/s
iii) Finally close all valves on both same product manifolds (dual meter manifolds):
Close both same product meter inlet valves Close all product distribution valves common to the meter manifolds
(same product)
Close all consignee valves associated with the same product
Close selected tank inlet valve and other valves on the route to the
tank (for routes into Tanks)
Interlock closed selected product blend valve
Route from Accumulator Tank:
This sequence is based on dual meter manifolds and is station dependent.
i) First: Stop Accumulator Pump
Then:
Close accumulator flow control valve (set to auto and close)
Close product header valve from tank
ii) Finally close all valves on both same product manifolds (dual meter manifolds): Close both same product meter inlet valves
Close all product distribution valves common to the meter manifolds
(same product)
Close all consignee valves associated with the same product
Close selected tank outlet valve and other valves on the route from
the tank (for routes from Tanks)
6.31.5 Route Availability
Availability for the LP Routing (Product) group is done on a per route basis and is indicated
on the LP Routing matrix for the respective routing sequences. When available the box will
display a green background and when not available it displays a yellow background.
Automatic control via the PLC will not be inhibited if the route is not available for Open Route
and Stop Intake/Delivery sequences only.
Upon clicking on the individual route, an additional faceplate will be invoked indicating the
availability of the devices relevant to this route.
6.31.6 Group Status
6.31.6.1 Group Alarm Status Indications
None defined.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 232 of 363
Page 232 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.31.6.2 Group Error Status Indications
The following Group Error Statuses are configured using display LEDs which are grey in the
inactive condition and red in the active condition, with an associated event. Refer to the
Alarm Configuration Database (3) for details, including text to be used for the event
message.
Condition Text Logic
LP No Valid Flow-path Mxx LP No Valid Flow-path Mxx Refer to Section 6.31.4.3
Table 6.31-5: LP Routing - Group Error Status
6.31.6.3 Group Information Status Indications
None defined.
6.31.7 Group Interlocks
6.31.7.1 Hard-wired Interlocks
6.31.7.1.1 Tank Overfill Protection Interlocks
An independent SIL-rated tank Overfill Protection System has been installed on each tank.
Refer to Section 6.35.8.1.1 for details.
6.31.7.2 PLC Interlocks
6.31.7.2.1 Logical Valve – Consignee/nor Valve Interlock
If the consignee/nor valve is open and no route has been selected, then the first (default)
logical valve is forced open.
If the consignee/nor valve is open and a route has been selected, then the associated logical
valve is forced open. In dual meter manifolds, this forces the operator to open the logical
consignee/nor on the second manifold before closing the original consignee/nor on the first
manifold when switching.
If the consignee/nor valve is closed, then the associated logical valve is closed. The logical
valve may be opened or closed by the operator thereafter.
In automatic, the logical consignee/nor is opened from the sequences in automatic before
the product delivery valve is opened.
6.31.7.2.2 XV TxxA/B/C/D: Tank Txx Overfill Protection
Associated tank inlet valves (and header valves for blow-off tanks) will be interlocked closed
when a SIF trip is active (Refer to Section 6.35.8.2.1).
6.31.7.2.3 XV HxxA/B/C/D: Header valve Interlock
Associated Header valve/s will be interlocked closed when another header to the same
destination meter is not closed, OR if the station is only able to receive multi-product from
one source.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 233 of 363
Page 233 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.31.8 Failure Modes
None defined.
6.31.9 Graphic Representation
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 234 of 363
Page 234 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.33 Flow Control – LP Application
This section is not a device group on its own, but these devices and associated control forms
part of the LP Routing – General or Product device groups (depending on the installation).
6.33.1 Group Description
The Flow Control Valve installed on the LP manifold (either on a common section or on
dedicated product manifolds) is used for closed loop control, to control Station Suction
Pressure ICP (Set point configurable by the operator via SCADA) or Manifold Flow (Set point
configurable by the operator via SCADA). The Operator can select to control either flow
(default) or suction pressure.
Control and monitoring functionality is achieved via the following devices:
Valves
LP Flow Control Valve CV HxJ
Instrumentation
LP Manifold Compensated Flow FT 8xx_S2
* Devices form part of another group
6.33.2 Modes of Control
LP Flow Control may be controlled from the PCS either locally at the Station or remotely from
the MCC.
This device forms part of the LP Routing – General or Product device groups, and thus does
not have its own Mode of Control.
6.33.3 Modes of Operation
The Control Valve has its own Mode of operation, independent of the Group:
Local
Manual
Automatic
Default mode of operation is Auto.
This control valve has a mode of operation that is independent of the LP routing group to
which it is associated.
6.33.4 Group Functionality
6.33.4.1 Non-Modulating Actuators
Not applicable to this device group.
6.33.4.2 Modulating Actuators
The control valve position is determined by a 4-20mA analogue output signal.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 235 of 363
Page 235 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
xxx
PT
xxxCV
xxxCV
FT
xxx
xxxPT
PT
xxxFIC
xxxPT
xxxPIC
xxxOVR
xxxOVR xxx
PICxxx
OVR
ICP
Route
dependant
SDP
Not UsedFLOW
xxxMAN
SP SPOR
SP
SP
CONTROL VALVE
SPOR
SPOR
0%
100%
SPOR
ICP
Va
lve
Ove
rrid
e
Po
stio
n
0%
100%
Flow/SDP
Va
lve
Ove
rrid
e
Po
stio
n
SPOR
OVERRIDE FUNCTIONS
LinearisationLinearisation
FT xxx_S
>
Figure 6.33-1: Flow Control – LP Application
Control valves are part of the respective LP Device Group and do not have their own graphic.
Hence the PV’s and control loop are not visible to the operator.
The Control Valve typical has two PID loops configured, each with a hard coded override. In
this application, the configured PID loops are as follows:
Flow PID
ICP PID
The operator can choose to control on any of two pre-configured PV’s (pre-configured in the
PLC depending on the application):
Flow (Default)
ICP
Manual (manual mode only)
When a control parameter is chosen, the other parameters are in override control. The set-
points for override control revert back to the override set-points (not operator settable). Note
that the operator set-points are not overwritten and are reverted to should the operator
change back to the original control parameter. The PID loops are not active in manual.
Override Curve
A hard ramp override curve exists for each PID loop. This is enabled when the PID is too
slow to catch transients. This is especially true if the PID loop is tuned for slow response to
reduce wear on the valve. In this application, flow and ICP override functions are enabled.
6.33.5 Group Availability
Not required.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 236 of 363
Page 236 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.33.6 Group Status
6.33.6.1 Group Alarm Status Indications
None defined.
6.33.6.2 Group Error Status Indications
None defined.
6.33.6.3 Group Information Status Indications
None defined.
6.33.7 Additional Device Alarms
None defined.
6.33.8 Group Interlocks
6.33.8.1 Hard-wired Interlocks
None defined
6.33.8.2 PLC Interlocks
6.33.8.2.1 CV HxJ: Tank High Trip
The control valve is interlocked closed (i.e. set-point set to 100% and as a result the valve
will ramp closed) when a LP Route is Not Closed and the associated Tank level (LQT/LT 75x)
has a High Trip value.
6.33.8.2.2 CV HxJ: All LP Routes Closed
The control valve is interlocked closed (i.e. set-point set to 100% and as a result the valve
will ramp closed) when all associated LP Routes are Closed (and not in Wirebreak).
6.33.8.2.3 CV HxJ: LP Routing Sequence
The control valve is interlocked closed (i.e. set-point set to 100% and as a result the valve
will ramp closed) by the Stop Delivery Sequence until the Route is Offline.
6.33.9 Failure Modes
On instrument failure, the instrument goes into last good value, complete with alarming.
Operator action will be required to prevent control loop wind-up.
6.33.10 Graphic Representation
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 237 of 363
Page 237 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.34 Tank Farms
This section is associated with the control and monitoring of Tank Farms where installed on
stations and terminals.
This section is not a device group on its own, but these devices and associated control form
part of the associated LP Routing - Product device groups.
6.34.1 Group Description
This section details control and operating facilities related to tank farms that are owned and
operated by Transnet Pipelines. In these cases, pipeline operations and distribution
operations are divided on the following basis:
1. Pipeline Operations:
Pipeline Deliveries into and out of tanks (accumulator and intermix tanks)
Quality Assurance of product within tanks
Inter-tank Transfer and Circulation (where required)
Tank Farm Management
2. Distribution Operations:
Road and Rail Tanker Distribution
In cases where Transnet Pipelines delivers or intakes product from tankage owned and
operated by other parties (companies), these transactions will be performed ‘across the
fence’. In other words, line-up into the relevant tanks will remain the responsibility of the
client, as will all other tank farm management functions.
6.34.1.1 Automation Concepts
Custody Metering facilities are provided at all intake and delivery stations to meter product
volumes delivered into both accumulator and intermix tanks in accordance with API Custody
Metering standards. Prover facilities are provided to accurately establish meter factors to be
used in the metering of product to API Standards (products only, not intermix).
Tank Gauging Systems are installed on all Accumulator Tanks on Terminals (IVW, JMP and
TLR).
Where the requirement is identified, tanks are equipped with Overfill Protection Systems in
accordance with API 2350 and Buncefield Final Report recommendations [16].
Process interlocks will be installed on tank inlet and outlet valve/s to prevent delivering into
and out of a tank simultaneously. Tank handover will be proceduralised.
Tank dipping (capturing and reporting) will be supported by SAP/MES. Product quality
capturing and reporting will not be supported on the PCS, but will be supported by SAP/MES.
Where inter-tank transfer facilities are installed on sites, inter-tank tank transfer will be
facilitated by means of a routing matrix.
Control and monitoring functionality is achieved via the following devices:
Instruments
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 238 of 363
Page 238 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Tank Txx Level LT 75x (Tank Guaging not installed) OR
LQT 75x (Tank Guaging installed)
Where Tank Gauging Systems are installed, an uncompensated analogue level will
be wired from the TGS Head to the PLC for the purpose of indicating level within
the tank. In addition, compensated volumes and other information will be
interfaced from the TGS into the PCS for monitoring purposes (Refer to Section
6.34.4.5).
6.34.2 Modes of Control
Tanks form part of the LP Routing - Product device groups and thus do not have their own
Mode of Control.
6.34.3 Modes of Operation
All devices related to Tanks have the following modes of operation as derived from the LP
Product Routing device groups:
Local
Manual
Automatic
6.34.4 Group Functionality
6.34.4.1 Tank Level Control and Over-Fill Protection
Tank Level Control and Over-fill Protection conforms to the following protection philosophy
(in accordance with API 2350 and Buncefield Final Report recommendations):
1. A high level alarm is issued when the level within a tank that has an open route into it
exceeds a high-alarm level. This set-point is set at the normal operating level, and is set
at a level that is two minutes of full flow below the High-trip level set-point. Full flow is
determined as the highest possible flowrate from any individual source.
[At the IVW and JMP Terminals, the time between AH and AT is set more conservatively
at five minutes.]
2. A LP Control Valve interlock will provide the first level of protection against over-fill. This
interlock will interlock the control valve closed on the route that is open into the tank,
based on a tank high-trip level set-point. This set-point is set at a level that is two
minutes of full flow below the Tank Over-fill Protection (SIL) level set-point. Full flow is
determined as the highest possible flowrate from any individual source.
[At the IVW and JMP Terminals, the time between AT and SIL is set more conservatively
at five minutes.]
3. For tanks with Tank Overfill Protection Systems (SIF) installed:
A Tank Over-fill Protection SIF (independent of the PCS) will provide the second level of
protection, and will interlock all tank inlet valves (and associated header valves for blow-
off tanks) closed simultaneously, based on a SIL protection set-point to be set high to act
as last resort. This set-point is set at a level that is two minutes of full flow below the
tank overflow level. Full flow is determined as the highest possible flowrate from any
individual source.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 239 of 363
Page 239 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
[At the IVW and JMP Terminals, the time between SIL and tank overflow is set more
conservatively at five minutes.]
4. For tanks without Tank Overfill Protection Systems (SIF) installed:
A high level switch will provide the second level of protection, and will interlock all tank
inlet valves (and associated header valves for blow-off tanks) closed simultaneously,
based on high level detection in the tank. The level switch is set at a level that is two
minutes of full flow below the tank overflow level. Full flow is determined as the highest
possible flowrate from any individual source.
6.34.4.2 Tank States
Tank States will not be implemented on tanks. Process interlocks will however remain on the
tank inlet and outlet valves, depending on whether tanks are receiving or distributing product
(Refer to Section 6.34.8.2.1).
Product Quality Control and Tank Handover between operations will be proceduralised.
6.34.4.3 Tank Product Management
Tank Dip capturing and reporting will be supported within SAP/MES.
Product Quality capturing and reporting will be supported within SAP/MES.
6.34.4.4 Inter-Tank Transfer
On sites where tank farms comprising of multiple tanks exist, inter-tank transfer facilities
comprising of transfer pumps, flow meters and actuated routing valves may exist. These
facilities enable the transfer of products between various tanks, for the purposes of product
quality control (between tanks) and circulation (to the same tank).
Inter-tank transfer may be controlled in local, manual or automatic Modes of Operation. A
Inter-tank Transfer Routing matrix and associated transfer sequences will be implemented on
the PCS to facilitate automated control of inter-tank transfer at the varuious stations, where
required.
6.34.4.5 Tank-Gauging System (TGS) Interface
The data interface between TankMaster (SAAB) System (OPC Server) and the Intake OS
Server (OPC Client) will be implemented via OPC communication using the Terminal Bus.
Tank strapping is to be performed in both the MES Metering and Tank Master Software.
The following data is transmitted to PCS via OPC tags.
6.34.4.5.1 OPC Tag Descriptors
Product Information
Status
Symbol PCS7 Tag Unit
Level Current Value TK-xxx.LL.CV ILevel m
LL Status Healthy = False
TK-xxx.LL.ME ILevelQCBad
Average Temperature TK-xxx.AT.CV IAvgTmp °C
AT Status Healthy =
False
TK-xxx-
AT.ME
IAvgTmpQCBad
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 240 of 363
Page 240 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Product Information Status
Symbol PCS7 Tag Unit
Reference Density - is the density
of the product at the Standard Reference Temperature 20°C. It
can either be manually entered, or automatically calculated from the
Average Temperature and the
Observed Density.
TK-
xxx.DREF.CV
IRefDens kg/L
DREF Status Healthy = False
TK-xxx-DREF.ME
IRefDensQCBad
Volume Correction Factor - is used
to convert the volume at the current temperature to the
corresponding volume at the Standard Reference Temperature
20 °C. The VCF is automatically
calculated according to API Standard 2540 if the Reference
Density and the Average Temperature of the product are
known.
TK-
xxx.VCF.CV
IVCF
VCF Status Healthy = False
TK-xxx.VCF.ME
IVCFQCBad
Free Water Level - can be manually
entered or measured by a Water Interface Sensor.
TK-
xxx.FWL.CV
IFWL m
FWL Status Healthy =
False
TK-
xxx.FWL.ME
IFWLQCBad
Free Water Volume - calculated on
the basis of the Free Water Level and the Tank Strapping Table
(TST).
TK-
xxx.FWV.CV
IFWV L
FWV Status Healthy = False
TK-xxx.FWV.ME
IFWVQCBad
Total Observed Volume - is
calculated from strapping tables. It is the total volume at the Observed
Temperature of the product.
TK-
xxx.TOV.CV
ITOV L
TOV Status Healthy = False
TK-xxx.TOV.ME
ITOVQCBad
Gross Standard Volume. TK-
xxx.GSV.CV
IGSV L
GSV Status Healthy = False
TK-xxx.GSV.ME
IGSVQCBad
Gross Observed Volume TK-
xxx.GOV.CV
IGOV L
GOV Status Healthy = False
TK-xxx.GOV.ME
IGOVQCBad
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 241 of 363
Page 241 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Product Information Status
Symbol PCS7 Tag Unit
Flow rate Flow rate can
be positive or negative
TK-xxx.FR.CV IFlowrate L/min
FR Status Healthy =
False
TK-xxx.FR.ME IFlowrateQCBad
Available Room – Volume left to completion
TK-xxx.AVRM.CV
IAvailRoom L
AVRM Status Healthy = False
TK-xxx.AVRM.ME
IAvailRoomQCBad
Pumpable volume TK-xxx.PV.CV IPmpVol L
PV Status Healthy =
False
TK-xxx.PV.ME IPmpVolQCBad
Table 6.34-1: Tank Farm TGS OPC Tag Descriptors
6.34.4.5.2 OPC Global Alarm Acknowledge
Alarm Acknowledge
External Alarm Acknowledge
On acknowledgement of any of the alarms on a tank, the EXT_ALARM_ACK.CV tag is set which then sets all unacknowledged alarms in the Tank Gauging system to the acknowledged state.
EXT_ALARM_ACK.CV
Table 6.34-2: Tank Farm TGS OPC Global Alarm Acknowledge
6.34.4.5.3 OPC Interface Watchdog
Value Item ID Description Quality Status
1 xx.ALIVE_PULSE.CV
Tank Master System Running
30 sec pulse Active_Pulse
2 xx.ALIVE.CV Server Running Counter No count on Failure
Table 6.34-3: Tank Farm TGS OPC Watchdog
6.34.4.5.4 OPC Qualities
The Used OPC qualities are as following:
OPC quality
Meaning, usage Short Names
OPC_QUALITY_GOOD_NONE_SPECIFIC
Quality of tags are good. Good
OPC_QUALITY_GOOD_NO
Any other OPC Quality is considered as Bad
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 242 of 363
Page 242 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
NE_SPECIFIC
bad.
Table 6.34-4: Tank Farm TGS OPC Qualities
In addition to the data detailed above, the following additional information will be displayed
to the operator on the PCS System:
Tank State (as derived from Tank State Machine)
Tank level = LQT xxx, hardwired from TGS head
Gross Observed Volume = current volume in the tank, including dissolved sediment
and water
Gross Standard Volume = Gross Observed Volume corrected for pressure and
temperature
Flow rate into/out of tank = calculated from LQT xxx rate of change (positive =
filling, negative = withdrawing)
Available Room = volume available to the normal fill level
Available Product = Gross Standard Volume minus the working bottoms (normal
empty/low level)
Time to Completion = Time remaining to complete an intake/dispatch from the tank
(calculated from metering)
Note: Tank Strapping tables reside within the TGS and MES-Metering systems.
6.34.5 Group Availability
Not required
6.34.6 Group Status
6.34.6.1 Group Alarm Status Indication
The following Group Alarm Statuses are configured using display LEDs which are grey in the
inactive condition and red in the active condition, with an associated alarm. Refer to the
Alarm Configuration Database (3) for details, including the text to be used for the alarm
messages.
Condition Text Logic
Tank Txx Level Deviation
Tank Txx Level Deviation
Comparison between LT/LQT 75x and LY 75xA_AI (SIL).
Table 6.34-5: Tank Farm Group Alarm Status Indication
Note: Deviations greater than a pre-defined percentage (default 1%) will be alarmed as
‘Tank Level A0x Deviation’. This deviation is calculated on the basis of a 5 min first order
filter. When the two signals fall within a configurable percentage (default 0.5%) of each
other, this status is automatically reset.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 243 of 363
Page 243 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.34.6.2 Group Error Status Indication
None defined.
6.34.6.3 Group Information Status Indication
None defined.
6.34.7 Additional Device Alarms
Alarm Priority Message Class Info Text
Tank Txx Level Change Detected
10 Tolerance
Tank A11 Level Change Detected
10 Tolerance
Tank A12 Level Change Detected
10 Tolerance
Table 6.34-6: Tank Farm Additional Device Alarm
When the TGS indicates the tank is active i.e. flow into or out of the tank (flowrate >
threshold), and no tank inlet or outlet valves are not closed, an alarm "Tank Axx Level
Change Detected " is raised.
6.34.8 Group Interlocks
6.34.8.1 Hard-wired Interlocks
None defined.
6.34.8.2 PLC Interlocks
6.34.8.2.1 XVTxxA/B/C/D/E/F/G/H: Tank Valve Interlocks
All Tank Inlet valves (XV TxxA/B/C/D) are interlocked closed when any of the Tank Outlet
valves indicate a Not Closed status. The interlock is removed when all Tank Outlet valves
indicate a Closed status.
All Tank Outlet valves (XV TxxE/F/G/H) are interlocked closed when any of the Tank Inlet
valves indicate a Not Closed status. The interlock is removed when all Tank Inlet valves
indicate a Closed status.
6.34.8.2.2 XVTxxA/B/C/D: Tank High-Trip Level Interlocks
For all tanks fitted with high level switches (in place of SIF TOP Protection):
All Tank Inlet valves (XV TxxA/B/C/D) are interlocked closed when a route is open to the tank
and a high-trip level is detected by the level switch.
6.34.8.2.3 XVTxxE/F/G/H: Tank Low -Trip Level Interlocks
All Tank outlet valves (XV TxxE/F/G/H) are interlocked closed when a route is open from the
tank and a low-trip level is detected by the level transmitter.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 244 of 363
Page 244 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.34.9 Graphic Representation
Tank level (50-LQT xxxA as a percentage), Gross Volume, Tank State and Quality status is
displayed on the tank graphic directly.
Tank data detailed in Section 6.34.4.5 above is displayed on a tank faceplate accessed from
the associated tank graphic.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 245 of 363
Page 245 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.35 Safety Instrumented System (Tank Overfill Protection)
This section is associated with the control and monitoring of the Safety Instrumented System
(SIS) (Tank Overfill Protection) Device Group.
SIS TOP Protection is installed on all storage tanks within TPL facilities, where this
requirement has been identified by HAZOP and LOPA Studies.
6.35.1 Group Description
An independent SIL-rated safety system is installed to perform the following functionality,
applicable to the following tanks:
Tank Over-fill Protection SIL will provide the second level of protection, and will interlock all
tank inlet valves closed simultaneously, based on a SIL protection set-point to be set high to
act as last resort. This set-point is set at a level that is either two or five minutes of full flow
below the Tank Overflow level (Refer to section 6.34.4.1).
On detection of a high trip tank level as detected by an independent SIL-rated level
transmitter, all associated tank inlet valves are interlocked closed simultaneously via the
emergency trip input to the associated valve actuators. This system is not configured for fail-
safe operation on an instrument failure.
Instrumentation (per tank)
Instruments connected to SIL Relay:
Accumulator Tank Level (SIL) LT xxxA
Signals interfaced to PLC: Accumulator Tank Level (SIF) LY xxxA_SIF
Accumulator Tank Level (SIL) LY xxxA_AI
Tank Inlet Valve Monitor Relay Fail XV xxxA_FA
PLC and ET200 Power Supplies
PLCxx Panel Power Supply Fail G5x.K11_FA
* Devices form part of another group
6.35.2 Modes of Control
SIS TOP may be controlled from the PCS either locally at the Station or remotely from the
MCC.
6.35.3 Modes of Operation
This group cannot be controlled and hence there is no Mode of Operation defined.
6.35.4 Group Functionality
6.35.4.1 SIS Diagnostic Failure
Should the signal G5x.K11_FA indicate a single 24V power supply failure, the SIS diagnostic
failure flag is triggered and an associated alarm is raised. This flag is reset when the
G5x.K11_FA signal returns to a healthy state.
Note: This is common to all SIS device groups and is repeated on each associated SIS device
group for consistency. This flag indicates that one of the redundant power supply modules
has failed and the system is operating in a non-redundant mode.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 246 of 363
Page 246 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.35.4.2 Tank Overfill Protection (TOP)
The trip as issued by the SIL Relay will trip the associated tank inlet valves via the actuator
emergency trip input. The trip function is executed to completion within 120s from a physical
overfill (high-trip condition) to all valves confirmed closed.
The function is hardwired and interfaced to the control system for monitoring via the signal
LY xxxA_SIF. On receipt of a SIF trip (LY xxxA_SIF), the PLC will interlock the associated
Tank Inlet valves closed to prevent a control error
This function is also latched in the PLC. While latched, the SIF trip indication on the overview
is shown (dotted line on graphic). A SIF reset button on the SIS page becomes available
under the latched trip condition and, upon selection, resets the latched trip flag in the PLC,
provided that the high trip level trip condition no longer exists. This button is shared with the
MTBF trip function.
The SIF reset button is coloured red under the following conditions:
SIF Trip function latched within the PLC
SIF Failed to trip is active
6.35.4.3 TOP Proof Test Interval (Mitigation of Undetected Dangerous Failures)
The period between successful SIF trips is monitored and timed by the PLC. If the period
exceeds a PLC configurable time, a Proof Test Interval exceeded flag is set in the PLC. The
default time period is 180 days.
A successful proof test requires the following signals to be activated in the following order:
Per Accumulator Tank
LY xxxA_AI Trip High Set-point
LY xxxA_SIF
All associated inlet valves closed feedback
Note: At least one valve must be Open before performing the proof test for a successful
proof test.
A proof test is credited as successful if all conditions are received within 120 seconds of the
trigger as measured by LY xxxA_AI event in the PLC. A successful proof test will reset the
"Time since last proof" countdown timer.
The required proof test interval and the elapsed time since the last proof test will be visible
on the SCADA.
The elapsed time since the last proof test will be reset when a successful proof test has been
executed. Note that a trip event resulting in the above signals being activated within the
configured time (120 seconds) will also be considered a proof test, and will hence reset this
timer.
An event is raised when the SIF transmitter value LYxxx_AI exceeds the predefined SIF Trip
value. This event will be used for trip evaluation during proof test procedures. The text to be
displayed is "LYxxx_AI TOP SIF Trip Value Exceeded".
Note: The validity of this monitoring timer cannot be guaranteed. It relies on proper
procedures in place to validate the execution of the proof test.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 247 of 363
Page 247 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.35.4.4 TOP SIF Diagnostic (Detected Dangerous Failure - DDF)
The following signals form part of DDF Diagnostics:
LY xxxA_AI fault (PLC config time delayed, default 5 min), hardware fault, sensor
fault and under range. This shall trigger a diagnostic flag after the timer has expired.
(Repeated every 5 hours)
XV xxx_FA active (Actuator SIL Monitor relay) – may be multiple. If more than one
valve, the signals are AND'ed such that any valve failure will trigger a DDF. If this
condition is true for more than a configurable time (default 4 min), the diagnostic
flag is set. The flag shall only be reset after a configurable time (default 4 min) in the
healthy state (separate timer).
SIF Function Failed to Trip - (instantaneous setting of the diagnostic flag) - SIF
Function Failed to Trip is reset when the trip relay (LY xxxA_SIF) is healthy.
The above three functions are alarmed independently as detailed in alarm strategies below.
The SIF diagnostic failure flag set includes a time filter to ensure that glitches do not set and
reset the flag spuriously. This timer is set to a default of 5 minutes on instrument
failure/recovery only.
The following functions are to occur on detection of a SIF diagnostic failure:
Start a MTTR Timer
Generate a SIF Diagnostic Failure alarm (Medium Priority)
LY xxxA_AI shall not be allowed to be put into simulation from the SCADA.
The operator should inform maintenance of the failure immediately and rectification action
should start.
6.35.4.4.1 SIF Function Failed to Trip
Calculation of TOP SIF Function Failed to Trip alarm is as follows:
The sensing element value should have initiated a trip
(LY xxxA_AI trip set-point exceeded) AND
The associated valves did not close within 120 seconds
OR
The trip relay (LY xxxA_SIF) tripped AND
The associated valves did not close within 120 seconds
Note: It is possible that some comparison signals will have to be calculated over more than
one scan to allow for signal propagation within the SIS and associated equipment. SIF
Function Failed to Trip is reset on a successful Proof Test (LY xxxA_SIF).
6.35.4.5 Operation under Tank Overfill Protection SIF Diagnostic Failure
After the MTTR timer has started, the station is operating with the following functions active:
LQT xxx is configured to close the valves at the same set-point as the LY xxxA_SIF
function would have acted.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 248 of 363
Page 248 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
If LQT xxx is in a fault state/simulation when entering MTTR, the valves shall close as
indicated in point 1 above.
Should the comparison of LQT xxx and LY xxx_AI have been in alarm (level
deviation) on entering a MTTR condition, the valves shall close as indicated in point 1
above. The comparison alarm should be averaged over 5 minutes to prevent spurious
activation of the function. The comparison only occurs if both sensors are healthy,
i.e. alarm and trip is suppressed under sensor failure conditions.
The SIF Diagnostic Alarm is repeated every 5 hours after the start of MTTR timer.
An Imminent Shutdown Alarm in 1 hour is activated 1 hour before expiry of the
MTTR.
An Imminent Shutdown Alarm in ½ hour is activated ½ hour before expiry of the
MTTR.
If the MTTR timer expires, the tank inlet valves are interlocked closed.
The SIF-credited MTTR value is available (and editable) on the SIS graphic. It is
editable by maintenance staff only. The value is adjustable between 0 hours and a
maximum of 72 hours.
6.35.5 Group Availability
Not required
6.35.6 Group Status
6.35.6.1 Group Alarm Status Indications
The following Group Alarm Statuses are configured using display LEDs which are grey in the
inactive condition and red in the active condition, with an associated alarm. Refer to the
Alarm Configuration Database (3) for details including text to be used for the message.
Condition Text Logic
SIF Diagnostic Failure
Tank xxx SIF Diagnostic Failure
Refer to Section 6.35.4.4
Tank xxx SIF Failure Time Exceeds MTTR
Tank xxx SIF MTTR Exceeded Trip
Refer to Section 6.35.4.5
Tank xxx SIF Function Spurious Trip
Tank xxx SIF Spurious Trip
The LYxxxA_SIF is active and the LQTxxx level remains below the Alarm High set-point (after a configurable delay of 2 secs).
Tank xxx SIF Proof Test Interval Exceeded
Tank xxx SIF Proof Test Exceeded
Refer to Section 6.35.4.3
Tank xxx SIF Function Failed to Trip
Tank xxx SIF Failed to Trip
Refer to Section 6.35.4.4
LT xxx Fault and in MTTR Trip
LQTxxxA Fault & in MTTR Trip
Refer to Section 6.35.4.5
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 249 of 363
Page 249 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Condition Text Logic
Tank xxx SIF MTTR Imminent Shutdown - 1 hour
Tank xxx SIF MTTR Imm Shut 1h
Refer to Section 6.35.4.5
Tank xxx SIF MTTR Imminent Shutdown - 1/2 hour
Tank xxx SIF MTTR Imm Shut 1/2h
Refer to Section 6.35.4.5
Tank xxx Level Deviation and in MTTR Trip
Tank xxx Lvl Dev & in MTTR Trip
Refer to Section 6.35.4.5
yyy SIS Diagnostic Failure
yyy SIS Diagnostic Failure
Refer to Section 6.35.4.1
Table 6.35-1: SIS Group Alarm Status
xxx is the relevant tank for that product, yyy is the relevant product.
Note: It is possible that some comparison signals will have to be calculated over more than
one scan cycle to allow for signal propagation within the SIS and associated equipment.
6.35.6.2 Group Error Status Indications
None defined.
6.35.6.3 Group Information Status Indications
None defined.
6.35.7 Additional Device Alarms
None defined.
6.35.8 Group Interlocks
6.35.8.1 Hardwired Interlocks
6.35.8.1.1 Tank Overfill Protection
If a tank high trip level is detected, the associated tank inlet valves are tripped closed by an
independent SIL 1-rated Overfill Protection System.
6.35.8.2 PLC Interlocks
6.35.8.2.1 XV xxx: Tank Overfill Protection
Associated tank inlet valve will be interlocked closed when a SIF trip is active.
Tank Overfill Protection Trip (LYxxxA_SIF), OR
SIF Failure Time Exceeds MTTR, OR
LQTxxx Fault and in MTTR Trip, OR
Level Deviation High and in MTTR Trip
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 250 of 363
Page 250 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.35.9 Failure Modes
None defined.
6.35.10 Graphic Representation
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 251 of 363
Page 251 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.36 Prover
This section is associated with the control of the Prover Device Group and its associated
devices.
Provers are installed on all Intake and Delivery Stations with custody metering installed.
6.36.1 Group Description
Prover loop facilities at delivery and intake stations are utilized to accurately establish meter
factors to be used in the custody metering of product, to API Manual of Petroleum
Measurement Standards. Bi-directional provers are installed at Transnet Pipelines sites.
The Proving Cycle (and control of the prover 4-way valve) will be controlled and monitored
from the Custody Metering System via interface to the Prover Flow Computer/s. Visualization
and status information relating to the prover 4-way valve and proving functions will not be
provided on the PCS.
Facilities to fill and empty the Prover prior to and after proving are provided and consist of
transfer tanks, transfer pumps and associated inlet and outlet piping. Filling and draining of
Provers may be either manually or automatically controlled on multi-product Provers or
locally controlled on single product Provers. Automation of these operations require
automatic control of all associated transfer, drain and vent valves and transfer pumps, as well
as the continuous level measurement of the transfer tanks.
The following sequences are provided on the PCS:
Prover On Line Sequence
Prover Off Line Sequence
Prover Fill & Drain Sequences
Prover Sequences are accessed from a Prover Matrix. Prover availability is based on devices
required for individual sequences.
This control and monitoring functionality is achieved via the following devices:
6.36.1.1 Field to PLC Interface
Control of the Prover Device Group by the PLC is achieved via interface to the following
equipment:
Valves
Manifold x Prover Inlet Valve XV YxA
Manifold x Prover Outlet Valve XV YxE Manifold x Prover Bypass Valve XV YxK
Prover Y0x 4-way Valve XV YxR
Prover Y0x Vent Valve XV YxV
Prover Y0x Transfer Valve XV FxA
Prover Y0x Transfer Valve XV FxB Prover Y0x Transfer Pump 4-way Valve XV FxR
Transfer Tank Outlet Valve XV FxE
Instrumentation
Prover Y0x Transfer Pump Xxx Flow FS xx1
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 252 of 363
Page 252 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Prover Y0x Sphere Detector ZI xx1
Prover Y0x Sphere Detector ZI xx6
Prover Y0x High Level LSH xx1
Prover Y0x Low Level LSL xx2 Prover Y0x High Level LSH xx3
Prover Y0x Low Level LSL xx4
Transfer Tank Level LT xx1
Pumps
Prover Y0x Transfer Pump Xxx
6.36.1.2 Sphere Indication
Home and away sphere detectors are mounted on a Prover and interfaced to the PLC to
indicate the position of the sphere on the SCADA, as follows:
Home - Set if ZI xx1 is detected, reset if ZI xx6 is detected
End - Set if ZI xx6 is detected, reset if ZI xx1 is detected
Volume detectors (ZI xx2, ZI xx3, ZI xx4, ZI xx5) are also indicated on the PCS graphics.
6.36.2 Modes of Control
The Prover may be controlled from the PCS either locally at the Station or remotely from the
MCC.
6.36.3 Modes of Operation
All devices related to the Prover shall have the following three Modes of Operation:
Local
Manual
Automatic
6.36.4 Group Functionality
6.36.4.1 Metering System Interface
No signals shall be interfaced between the Prover Flow Computer and the PCS.
6.36.4.2 4-Way Valve Control (S600 Flow Computer)
Initiation and control of the Proving Cycle (and control of the prover 4-way valve) shall be
done from the Metering System or directly from the Flow Computer. The 4-way valve will be
reflected as a static icon on the PCS.
6.36.4.3 Prover States
6.36.4.3.1 Prover Online
The Prover is in an Online state if:
XV YxA Opened AND
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 253 of 363
Page 253 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
XV YxE Opened AND
XV YxK Closed
6.36.4.3.2 Prover Offline
The Prover is in an Offline state if:
XV YxA Closed AND
XV YxE Closed AND
XV YxK Opened
6.36.4.4 Prover No Valid Flow-path Status
A Valid Flow-path for the Prover exists if the following conditions are met:
(XV YxA Open OR Wirebreak AND
XV YxE Open OR Wirebreak) OR
XV Y1K Open OR Wirebreak
6.36.4.5 Prover Flags
These flags are raised by the process control software as configured on the Prover block. The
flags are used to generate Group Status Indications, Group Availability Indications and for
Group Event and Group Alarm logging. The triggering of each flag is described here in detail.
6.36.4.6 Possible Hotspot
A Possible Hotspot is indicated if the Prover is moved from the offline state and the Prover
product differs from that of the product route that is online. Prover online and offline status is
determined by device status.
This alarm is cleared when the Prover goes Online.
6.36.4.7 Product Mismatch
This alarm is triggered if a LP manifold route moves from closed to not closed status and
differs from the product currently in the prover.
The alarm is cleared after 30 seconds.
6.36.4.8 Level Indication
The prover has two low level switches and two high level switches. Both the low and high
level switch indicates if the level is made i.e. high level. [Note that some provers depending
on the physical construction may have only one high level switch.]
The following logical conditions are determined by the level switches:
Empty - All level switches are off
Not Empty - At least one of the low level switches.
Full - All level switches are On
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 254 of 363
Page 254 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Fault - A fault indicates if there is a conflict between the high and the low levels i.e. if
none of the conditions above is true. If a switch is in hardware fault or signal out of
range, the switch automatically defaults to the override value of 7.77mA (low level).
The logic condition for "Not full" is not required.
LSHxx4 LSHxx3 LSLxx2 LSLxx1
0 0 0 0 Empty
0 0 0 1 Not Empty
0 0 1 0 Not Empty
0 0 1 1 Not Empty
0 1 0 0 Fault
0 1 0 1 Fault
0 1 1 0 Fault
0 1 1 1 Not Empty
1 0 0 0 Fault
1 0 0 1 Fault
1 0 1 0 Fault
1 0 1 1 Not Empty
1 1 0 0 Fault
1 1 0 1 Fault
1 1 1 0 Fault
1 1 1 1 Full
Table 6.36-1: Prover Diesel Level Indication
6.36.4.9 Prover Primed
The Prover is primed for a particular product when:
Prover Y0x Transfer Valves XVFxA AND XV FxB are closed AND
Prover Y0x Vent Valves XVYxV are closed AND
Prover is full (Refer to Section 6.36.4.8)
6.36.4.10 Prove Enable is SET (RPE)
The Prover is enabled for a particular product when:
Prover Y0x Transfer Valves XVFxA AND XV FxB are closed AND
Prover Y0x Vent Valves XVYxV are closed AND
Prover is full (Refer to Section 6.36.4.8)
Prover content matches the LP product online.
6.36.4.11 Prover Sequences
6.36.4.11.1 Prover Sequence Matrix
Control of Prover Online, Offline, Drain and Fill Sequences will be controlled from a Prover
Sequence Matrix. For Sequence Matrix details refer to Section 4.9.
6.36.4.11.2 Prover Online Control Sequence
The Prover Online Sequence is activated on receipt of:
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 255 of 363
Page 255 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
an Online request from the SCADA
If Ready, the Prover Inlet and Outlet valves are opened and on successful completion the
Bypass valve is closed.
The following conditions while the sequence is running will result in the sequence aborting,
complete with all associated alarming and event logging:
Any actuated valve Not Available (XV YxA, XV YxE, XV YxK)
Prover Drain valves not closed
Prover Level not full
Placing the Group in Manual mode
See flow diagram for details:
7.2.13.2: Prover Y01 Online Sequence
6.36.4.11.3 Prover Off-line Control Sequence
The Prover Offline Sequence is activated, on receipt of:
an Offline Request from the SCADA
If Ready, the Prover Bypass valve is opened and on successful completion, the Inlet and
Outlet valves are closed.
The following conditions while the sequence is running will result in the sequence aborting,
complete with all associated alarming and event logging:
Any actuated valve Not Available (XV YxA, XV YxE, XV YxK)
Placing the Group in Manual mode
See flow diagram for details:
7.2.13.3: Prover Y01 Offline Sequence
6.36.4.11.4 Prover Drain sequences
The Prover Drain Sequence is activated on receipt of:
a Drain request from the SCADA
If Ready, the transfer valves for the other products are closed and once closed, the
associated transfer and vent valves are opened and the transfer routing valve is forwarded.
On completion the Prover transfer pump is started.
When all low level switches on the Prover indicate that the Prover is empty or if the Prover
Transfer pump has tripped on no flow, a timer is started. After a configurable time has
elapsed, a further check is made to determine whether all low level switches on the Prover
indicate that the Prover is empty. If not, the cycle commencing with starting the transfer
pump is rerun.
If the Prover is empty, the Prover transfer valves are closed. Once closed, the transfer
routing is reversed, Prover vent valves are closed and the transfer pump stopped. Note that
product will overflow to the sump in the event that the Prover transfer Tank is full.
While the Drain sequence is running, the no flow trips are counted. If the pump tripped on a
no flow for more than 3 times, the sequence will close the prover transfer valves. Once
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 256 of 363
Page 256 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
closed, the transfer routing is reversed, Prover vent valves are closed and the transfer pump
is stopped.
Any faults encountered during the running of the Drain sequence will result in the sequence
aborting during the open route portion and continuing to completion during the close route
portion, complete with all associated alarming and event logging.
Placing the Group in Manual mode while the sequence is running will result in the sequence
aborting.
See flow diagram for details:
7.2.13.5: Prover Y01 Drain Sequence
6.36.4.11.5 Prover Fill Sequences
The Prover Fill Sequence is activated on receipt of:
a Fill request from the SCADA
If Ready, the transfer valves for the other products are closed and once closed, the
associated transfer and vent valves are opened and the transfer routing valve is reversed. On
completion the Prover transfer pump is started.
When the associated transfer tank indicates a low level or if the transfer pump has tripped on
no flow, the Prover vent valves are closed. Once closed, the Prover transfer valves are closed
and thereafter, the transfer routing valve is forwarded and the transfer pump stopped.
Note that product will overflow to the sump in the event that the Prover is full.
Any faults encountered during the running of the Fill sequence will result in the sequence
aborting during the open route portion and continuing to completion during the close route
portion, complete with all associated alarming and event logging.
Placing the Group in Manual mode while the sequence is running will result in the sequence
aborting.
See flow diagram for details:
7.2.13.4: Prover Y01 Fill Sequence
6.36.4.12 Product Identification - Prover
Product selection shall be indicated to the operator by means of line fill colours. The Prover
contents can be altered manually from the Prover Screen with overrides.
Where it is not possible to automatically determine the product in the prover (e.g. where
there is only one transfer tank), the operator has to manually set the correct product from
the Prover Screen with overrides.
Product Identification is done in the following manner:
Set Product:
Product in transfer tank if flow path from transfer tank (Transfer valves open and
vent valve open) and
Transfer Four-way valve is reverse and
Transfer pump is running and
Prover is not empty
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 257 of 363
Page 257 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
OR
LP route for that product is online and
Prover is not empty
OR
Product override and
Prover is not empty
Reset product:
Prover is empty or
Other product override Other products are not isolated or
Other product override
Product unknown:
Product unknown is indicated if no specific product bit is set but the prover is not empty.
When the Prover is empty, as indicated by both the high and low level switches not being
activated, and the low level switch is then activated whilst the Prover is off line and product
type cannot be determined by a flow path from the transfer tank; product in the Prover will
be indicated as unknown.
6.36.4.13 Product Identification - Transfer Tanks
Transfer tank product selection shall be indicated to the operator by means of fill colours.
The transfer tank contents can be altered manually from the Prover Screen with overrides.
When transferring the Prover contents to the Transfer tank, the Transfer Tank contents will
be the same as the transferred Prover contents.
Product Identification is done in the following manner:
Set Product:
Product in prover if flow path from prover (Transfer valves open and vent valve
open) and
Transfer Four-way valve is forward and
Transfer pump is running and
Transfer tank is not empty
OR
Product override and
Transfer tank is not empty
Reset product:
Transfer tank is empty or
Other product override
Product unknown:
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 258 of 363
Page 258 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Product unknown is indicated if no specific product bit is set but the transfer tank is not
empty.
6.36.5 Group Availability
The button will indicate the availability is either of the 2 sequences is available.
Online/Offline - Indicate available if either the Online or the Offline sequence is available.
Fill/Drain - Indicate available if either the Fill or the Drain sequence is available.
6.36.5.1 Prover Online Sequence Availability
Prover Online Sequences are configured on a meter manifold/product basis.
The following conditions render the Device Group “Not Available”.
Table 6.36-2: Prover Online Availability
6.36.5.2 Prover Offline Sequence Availability
Prover Offline Sequences are configured on a meter manifold/product basis.
The following conditions render the Device Group “Not Available”.
Table 6.36-3: Prover Offline Availability
6.36.5.3 Prover Fill Sequence Availability
Prover Fill Sequences are configured on a product basis.
Condition Text Logic
XV YxA Not Available XVYxA Not Avail Refer to [3]
XV YxE Not Available XVYxE Not Avail Refer to [3]
XV YxK Not Available XVYxK Not Avail Refer to [3]
XV YxA Not Available/Closed
XVYxA Not Avail OR Closed
For valves associated with other meter manifolds connected to the Prover.
XV YxE Not Available/Closed
XVYxE Not Avail OR Closed
For valves associated with other meter manifolds connected to the Prover.
XV YxV Not Closed XVYxV Not Closed Any Prover Vent valve not closed.
XV FxA Not Closed XVFxA Not Closed Any Prover Drain valve not closed
(associated with all products)
XV FxB Not Closed XVFxB Not Closed Any Prover Drain valve not closed
(associated with all products)
Prover Not Full Prover Not Full Refer to Section 6.36.4.8
Prover Content Not PRDx Prover Content Not PRDx
Prover content does not match the manifold contents.
Condition Text Logic
XV YxA Not Available XVYxA Not Avail Refer to [3]
XV YxE Not Available XVYxE Not Avail Refer to [3]
XV YxK Not Available XVYxK Not Avail Refer to [3]
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 259 of 363
Page 259 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
The following conditions render the Device Group “Not Available”.
Table 6.36-4: Prover Fill Availability
6.36.5.4 Prover Drain Sequence Availability
Prover Drain Sequences are configured on a product basis.
The following conditions render the Device Group “Not Available”.
Condition Text Logic
XV YxA Not Closed XVYxA Not Closed All Prover Inlet valves not closed
(associated with all products)
XV YxE Not Closed XVYxE Not Closed All Prover Outlet valves not closed
(associated with all products)
XV YxV Not Available XVYxV Not Avail Any Prover Vent valve not available.
XV FxA Not Available XVFxA Not Avail Refer to [3]
XV FxB Not Available XVFxB Not Avail Refer to [3]
XV FxR Not Available XVFxR Not Avail Refer to [3]
XV FxE Not Available XVFxE Not Avail Refer to [3]
Xxx Not Available Xxx Not Avail Refer to [3]
Prover Level Low Prover Level Low LSLxx2 AND LSLxx4 Not High Level
Prover Content Not PRDx Prover Content Not PRDx
Refer to Section 0
PRDx Transfer Tank Full PRDx Transfer Tank Full
Refer to Section 6.36.4.13
Condition Text Logic
XVYxA Not Closed XVYxA Not Closed All Prover Inlet valves not closed
(associated with all products)
XVYxE Not Closed XVYxE Not Closed All Prover Outlet valves not closed
(associated with all products)
XVYxV Not Available XVYxV Not Avail Any Prover Vent valve not available.
XVFxA Not Available XVFxA Not Avail Refer to [3]
XVFxB Not Available XVFxB Not Avail Refer to [3]
XVFxR Not Available XVFxR Not Avail Refer to [3]
XVFxE Not Available XVFxE Not Avail Refer to [3]
Xxx Not Available Xxx Not Avail Refer to [3]
Prover Level High Prover Level High Not LSHxx1 AND LSHxx3 High Level
Prover Content Not Empty
Prover Content Not Empty
Refer to Section 6.36.4.12
PRDx Transfer Tank Empty
PRDx Transfer Tank Empty
Refer to Section 0
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 260 of 363
Page 260 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Table 6.36-5: Prover Drain Availability
6.36.6 Group Status
6.36.6.1 Group Alarm Status Indications
The following Group Alarm Statuses are configured using display LEDs which are grey in the
inactive condition and red in the active condition, with an associated alarm. Refer to the
Alarm Configuration Database (3) for details including text to be used for the message.
Condition Text Logic
Possible Hotspot Possible Hotspot Refer to Section 6.36.4.6
Level Switches Fault Level Switches Fault
Refer to Section 6.36.4.8
Product Mismatch Product Mismatch Refer to Section 6.36.4.7
Table 6.36-6: Prover Group Alarm Status
6.36.6.2 Group Error Status Indications
The following Group Error Statuses are configured using display LEDs which are grey in the
inactive condition and red in the active condition, with an associated event. Refer to the
Alarm Configuration Database (3) for details, including text to be used for the event
message.
Condition Text Logic
Prover No Valid Flow-path
PRDx
Prover No Valid Flow-path PRDx
Refer to Section 6.36.4.4
Table 6.36-7: Prover Group Error Status
6.36.6.3 Group Information Status Indications
The following Group Information Statuses are configured using display LEDs which are grey
in the inactive condition and green in the active condition, with an associated event. Refer to
the Alarm Configuration Database (3) for details including text to be used for the message.
Condition Text Logic
Level Full Level Full Refer to Section 6.36.4.8
Level Not Empty Level Not Empty Refer to Section 6.36.4.8
Level Empty Level Empty Refer to Section 6.36.4.8
ZI861 Active ZI861 Active Refer to [3]
ZI862 Active ZI862 Active Refer to [3]
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 261 of 363
Page 261 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Condition Text Logic
ZI863 Active ZI863 Active Refer to [3]
ZI864 Active ZI864 Active Refer to [3]
ZI865 Active ZI865 Active Refer to [3]
ZI866 Active ZI866 Active Refer to [3]
Table 6.36-8: Prover Group Information Status
6.36.7 Additional Device Alarms
None defined.
6.36.8 Interlocking Strategies
6.36.8.1 Hard-wired Interlocks
None defined.
6.36.8.2 PLC Interlocks
6.36.8.3 Xxx: Prover Transfer Pump No Flow
If a low flow (FS xx1) is detected for a configurable time (default 5s) after the pump is
started, the Prover Transfer Pump (Xxx) will be interlocked off. This interlock and associated
alarm is blocked if the Pump is not running.
6.36.9 Graphic Representation
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 262 of 363
Page 262 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.37 Intermix Blend Control This section is associated with the control and monitoring of the Intermix Blend Device
Group.
Intermix Blend facilities are installed on all delivery stations within TPL facilities.
6.37.1 Group Description
Intermixture blending facilities at the pump stations comprise dedicated intermix tanks,
metering and pumping facilities. Accurate control of blending into product being delivered is
required in order to ensure that product is not delivered out of specification. The flow control
loop Auto / Manual can be selected independently of the Intermix Blending group. The
volume injected is measured by means of a counter module that counts the pulses per unit
volume coming from the flow meter.
Pressure and temperature compensation of Intermix blend volumes is not required and thus
pressure and temperature compensation need not be installed.
Control and Monitoring functionality shall be achieved via interface to the following devices:
Valves
Blend Inlet valve XV GxE
Blend Recirculation valve XV GxR Blend Routing valves XV Gxx
INT Tank Txx Outlet valve XV TxE
Blend Control Valve CV GxJ
Pumps
Blend Pump Xxx Xxx
Instrumentation
Blend Flow FT 84x Blend Pressure PT 84x (where applicable)
Blend Pump Xxx Flow FS 84x
Blend Pump Xxx Current IT 84x
6.37.2 Modes of Control
The Intermix Blend device group may be controlled from the PCS either locally at the Station
or remotely from the MCC.
6.37.3 Modes of Operation
All devices related to the Intermix Blend Control and Transfer shall have the following three
modes of operation:
Local
Manual
Automatic
6.37.4 Group Functionality
6.37.4.1 Blending Functionality
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 263 of 363
Page 263 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Blending may only be initiated to an online LP route. Blending shall continue during
transitions across consignees of like product and the blending system will proportion the
transition volumes. Blend pulses will be ignored whilst blend outlet valves are closed, to cater
for blend recirculation and inter tank transfer through the blend meter.
A PLC high-speed counter card counts the turbine flow meter pulses used for volume
calculations. When blending is initiated (blend valve is not closed) a counter is started which
in turn count pulses from the flow meter. (1 pulse * variable factor = 1 litre of intermix).
Blend volumes, batch volumes, etc are all reset and the counter starts from zero for a new
delivery, when both the consignee and blend outlet valves are opened for the first time.
Blending will remain active for the duration of a delivery i.e. the blend valve may be closed
and opened without the volumes being reset and with the blend totals continuing to add up.
Blend meter factor cannot be changed whilst blending is in progress.
6.37.4.2 Blend Flow Control Flow rate will be controlled via the Blend Control valve (CV GxJ) if (XV GxE) is open for
blending. The Flow Control Loop shall have separate auto/manual modes of operation.
The operator, prior to initiating blending, is required to enter the contaminant value. This
value is used along with compensated blend and delivery flow rates (as measured by the
respective flow meters) to control the Blending rate automatically, provided the Blend Flow
Control Loop has been placed in Automatic. Contaminant values for the various products may
be altered in the online reports.
Desired Blend Flow Rate Set-point is calculated from the formula:
Desired Blend Flow Rate Set-point = (Blend Percentage/Contaminant percentage) x Delivery
Flow Rate
where
Blend Percentage is limited to a maximum of 0.25% into Diesel and 0.5% into Petrol.
If neither product is identified, the default is set to 0.25%.
Contaminant Percentage entered is derived from Lab results e.g. If blending into
Petrol is required, and the associated Intermix Tank sample indicates a 30% Diesel
component and 70% Petrol component, then the Contaminant Percentage is 30%.
6.37.4.3 Blend Compensation Compensation of the blend flow rate is performed using a product specific meter factor.
Meter factors are automatically selected according to the status of the Blend Outlet valve.
Meter Factors are configurable under password access rights.
Liters blended = pulses * 1/K factor.
6.37.4.4 Blending - Operator Interface The following information is displayed on the SCADA:
Blend flow rate
Blend percentage
Blend volume total
Blend meter factor
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 264 of 363
Page 264 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.37.4.5 Recirculation Where re-circulation facilities are installed on a site, re-circulation will be executed as part of
the online sequence. Blend piping product will always be flushed into a designated Intermix
Tank.
The volume of Intermix which needs to be circulated includes the piping from tank to the
Blend re-circulation valve (XV GxR), and the volume of the pumps X0x/y piping. The re-
circulation will start pumps X0x or X0y to flush the piping for a this calculated line volume.
6.37.4.6 Blend Reports Blend Reports will not be supported within the PCS, but will be supported at an MES/MIS
level. The following information will be made available from the PCS for reporting purposes:
Blend Total during previous hour HBlhour
Blend Rate expressed as a percentage of delivery Flowrate BlRate
Blend Total EBlBatch
Average Blend Percentage EBlActPc
6.37.4.7 Blend Volume Calculation A LP Start Delivery route must be online before blending is allowed. If a route is not online
the blend counters will be disabled.
As soon as the blend valve returns a not closed signal the blend counter is reset and started
ready to count the pulses received from the blend flow meter. Additionally the three registers
for Current blend volume, previous delivery and next delivery are also reset.
The current counter value (C) is the actual count from the counter module. This counter
is reset on a ‘start transition (more specifically, when second consignee status shows not
closed)’ or ‘start blend (more specifically, when blend valve shows not closed)’.
The current blend volume register (X) contains the volume blended dedicated to the
original (first) consignee only. The value from counter C is transferred to register X as soon
as a second consignee starts to open. Counter C is reset when this occurs.
The previous delivery register (P) contains the amount of Intermix, which was blended
during a possible transition at the beginning of the current delivery.
The next delivery register (N) will contain the amount of intermix, which was blended
during a possible transition at the end of the current delivery.
When the blending is started for the first time i.e. new blend cycle, the previous delivery
register (P) is 0 (zero). Therefore: Previous = 0.
The current blend volume is derived from the pulses counted until a transition has started
(i.e. the second consignee shows not closed status) or if the blending valve is closed.
During the delivery, the blending may be stopped and restarted without the volumes being
reset and end of hour totals continuing to add up.
If a transition is started, the blend volume counter (C) is stopped as soon as the transition
consignee indicates a not closed feedback. The value from counter C is transferred to the
current blend volume register (X). Thereafter counter C is reset and started, counting the
next delivery volume i.e. when both routes are open during the actual transition.
Once the new route is online i.e. one of the consignees closed again, the blend volume
counter (C) is stopped and the value transferred to the next delivery volume register (N). All
the volumes and percentages are now calculated.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 265 of 363
Page 265 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
The formula for calculating the blended volume is:
Delivery blended volume = P / 2 + Current volume + N / 2
EXAMPLE:
Assuming we are online to consignee Caltex with Petrol and start blending. When the
delivered volume is reached we will initiate a transition to consignee Shell without stopping to
blend.
On commencement of blending (Blend valve not closed and delivery in progress), the
registers are all reset and the Previous blend volume (in this case 0) is transferred from
counter C to P? The counter is counting pulses from the flow meter.
Assuming we initiate the transition at the point when the blended volume is 1000 litres.
When the transition consignee (Shell) is not closed the current count (C) 1000, is transferred
to the current blend volume register (X) and the counter C reset and started. The blend
volume during the transition is now totalled in counter C.
Because we are online to two consignees the blended volume must be divided between the
consignees.
When the original consignee is closed the counter value is transferred from counter C to the
next delivery volume register (N) and the counter C reset and restarted ready to count the
current blend volume for the new primary route.
Assume the next delivery-blended volume was 100.
Previous blend volume register (P) = 0
Current delivery blended volume register (C) = 1000
Next delivery blend volume register (N) = 100
At this point all volumes and percentages can be calculated.
From the formula we have: Total blended volume for delivery = 0/2 + 1000 + 100/2.
Therefore the blended volume is 1050.
After the calculation the next delivery blended volume register (N) is transferred to the
previous delivery blended volume register (P), ready to be used for the next calculation.
All blend data for the delivery is entered to the FIFO block for easy retrieval of the MDS.
If we now initiate a transition to Mobil the current counter value (C) will be transferred to the
current delivery volume register (X) e.g. 1900.
The counter (C) is reset and restarted to count the transition volume while both consignees
are open. As soon as the primary consignee is closed the counter value (C) is transferred to
the next delivery volume register (N) and the counter reset and restarted, ready to count the
current blend volume for the transition route.
Assume the next delivery-blended volume was 160.
Previous blend volume register (P) = 100
Current delivery blended volume register (C) = 1900
Next delivery blend volume register (N) = 160
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 266 of 363
Page 266 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
At this point all volumes and percentages can be calculated.
From the formula we have: Total blended volume for delivery = 100/2 + 1900 + 160/2.
Therefore the blended volume is 2030.
After the calculation the next delivery blended volume register (N) is transferred to the
previous delivery blended volume register (P), ready to be used for the next calculation.
All blend data for the delivery is entered to the FIFO block for easy retrieval of the MDS.
The blend volume for a delivery to one consignee consists of half the volume blended in the
previous transition P, the actual volume blended during the delivery X, and half the volume of
the transition to the next consignee N.
Petrol delivery to Mobil Petrol delivery to Shell Petrol delivery to Caltex
1500 160 1900 100 1000
Docket 102 Docket 101 Docket 100
80 80 50 50
Where:
P = Previous blend volume register
C = Current delivery blended volume register
N = Next delivery blend volume register
Flowchart for Calculating Blending Data
Stop delivery &
End blend
Transition
next/previous
Transition
next/previous
Start blend Start
delivery
Blended total = P/2+C+N/2
= 160/2+1500+0/2
= 180+1500+0
= 1680
Blended total = P/2+C+N/2
= 100/2+1900+160/2
= 50+1900+80
= 2030
Blended total = P/2+C+N/2
= 0/2+1000+100/2
= 0+1000+50
= 1050
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 267 of 363
Page 267 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Primary online?
Both in manual and
auto mode of
operation
No
Yes
No
Yes
Yes
Blend valve
Not closed and
blend not active
?
Transition
initiated ?
Transfer C to X,
Reset blend active
Transition
complete ?
Calculate Blended
volume for delivery
= P/2 + X + N/2
Stop delivery
Initiated ?
Reset P, N, X
and C
Start C, set blending active
END
Transfer C to X
Reset C and restart
Transfer C to N
Reset C and restart
Yes
No
Yes
No
Blend calculations
Previous delivery blended volume = P
Next delivery blended volume = N
Current delivery blended volume = X
Current counter value = C
No
Shift all FIFO contents
down and transfer
calculations to FIFO
Transfer N to P
6.37.4.8 Blend Sequences
6.37.4.8.1 Blend Sequence Matrix
Control of Blend Online and Offline Sequences will be controlled from a Blend Sequence
Matrix. For Blend Matrix details refer to Section 4.9.
6.37.4.8.2 Blend Online Sequence
A Blend Online Sequence is initiated by:
A Blend Online Request from the SCADA.
A check is undertaken to ascertain if the Blend Group is "Ready". Blending is placed on line
by simultaneously opening/closing all appropriate valves. Once the route is on line, the Blend
Pump is started, thus completing the sequence.
Where Recirculation facilities have been provided, recirculation will always be performed as
part of the Online Sequence, prior to opening of the relevant Blend outlet valve. Recirculation
will always be performed back to the Intermix Tank designated for Flow Relief.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 268 of 363
Page 268 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Availability will be indicated on a selected route basis, with non-availability being indicated by
the greying out of the Sequence Online button on the SCADA. Availability is determined by
the status of all devices associated with a particular route within the Blending Device Group.
Any faults encountered during the running of the open route sequence will result in the
sequence aborting, complete with all associated Alarming and Event Logging procedures.
The blend flow rate will be controlled by flow control valve CV G1J, if in automatic.
6.37.4.8.3 Blend Offline Sequence
A Blend Offline Sequence is initiated by:
An Offline request from the SCADA
A Stop Delivery Command
Start Delivery sequence for cross product transition
An Intermix Tank low level trip based on route online from that tank
Blend Strainer Blocked status active
All Consignee valves associated with a product being blended into are closed or
selected LP Route not online for that product. (Note that Accumulator and Intermix
tank valves are excluded from this definition – blending into routes open to either
accumulator or intermix tanks is not permitted). Thus blending will be permitted
during same product switches but not during cross product switches.
The Blending Stop Blend Sequence is performed irrespective of route device availability.
Any device failure during the offline sequence will result in the sequence continuing to
completion. Device errors during running off line shall be used to continue the Sequence,
complete with all associated Alarming and Event Logging procedures.
6.37.5 Group Availability
6.37.5.1 Blend Route Availability Availability will be determined on a per route basis and will be displayed on the Matrix
Sequence buttons. Availability is determined by the status of all devices associated with a
selected route within the Blending Device Group.
Route availability is determined as follows:
Selected tank outlet valves available (actuated) and open (ZV)
Other tank outlet valves (XV TxF) available or closed.
Selected blend pump available
Selected blend pump strainer available – ZV’s open and no high PDT
Selected blend valve available
Other blend valves associated with other product blend pumps available or closed
Required Intermix crossover valves available
Other Intermix crossover valves available or closed
LP routing online for selected intermix route
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 269 of 363
Page 269 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
No low level (LT 85x LL2) based on selected tank
Any route online that requires the crossover valves
Tanker loading from the same tank
No intermix delivery online to the same intermix tank
The offline sequence button is not linked to availability.
6.37.6 Group Status Indications
The following status indications are available to keep the Operator informed of the status of
the Intermix Blend Control and Transfer Group:
6.37.6.1 Group Alarm Status Indications None defined.
6.37.6.2 Group Error Indications None defined.
6.37.6.3 Group Information Indications None defined.
6.37.7 Group Interlocks
6.37.7.1 Hard Wired Interlocks None defined.
6.37.7.2 PLC Interlocks
6.37.7.3 Xxx: Blend Pump No Flow The Blend Pump (Xxx) will be tripped if the flow switch (FS 84x) indicates no flow after a
configured time has elapsed. The interlock and alarm is blocked if the pump is not running
Text to be displayed is “Blend Pump No Flow”
6.37.7.4 Xxx: Blend Pump No Flow-path The Blend Pump (Xxx) will be interlocked off if there is no valid flow-path. i.e. valves on route
are not open AND not wirebreak.
Text to be displayed is “No Valid Flow-path”
6.37.8 Failure Modes
None defined.
6.37.9 Graphic Representation
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 270 of 363
Page 270 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.38 System Diagnostics
This section is associated with the monitoring of the System Diagnostics Device Group.
The purpose of the system is to support 1st line diagnostics and periodic surveillance locally
to a site by providing system statuses in support of detailed diagnostics using the tools
provided by the PCS engineering system.
6.38.1 Group Description
System monitoring will include the following systems and sub-systems:
PCS7 OS Servers (Hardware and PCS7)
PCS7 OS Clients (Hardware)
PCS7 Engineering stations (Hardware)
PLC CPUs (S7-400 and S7-300 as implemented on MBV’s)
Scalance Ethernet network switches for:
Terminal Bus
System Busses
CAS Bus
PCS7 CAS Servers (Hardware)
PCS7 OpenPCS7 Servers (Hardware)
PCS7 WEB Servers (Hardware)
Domain controllers (Hardware)
MES Metering servers (Hardware and Metering software)
MES Metering clients (Hardware)
Tank gauging system (Hardware and heartbeat)
Machine monitoring system (Bently Nevada and System 1 heartbeats)
Any SIMATIC IPC hardware other than those systems already listed
HMI Trainer Servers
The following will be excluded from the system monitoring:
Remote I/O (ET, ETF, ETL, ETM, ETR)
Profibus switchgear and VSDs
Field bus networks
Ethernet networks for:
H1 Bus
PLMS Bus
PCS7 OS Sync Bus
Equipment within DMZs
Firewalls
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 271 of 363
Page 271 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
UPSs
Electrical SCADA System (Hardware and software)
Printers
Flow Computers
PLMS (Hardware and software)
6.38.2 Modes of Control
The Diagnostics screen is viewable from MCC and Station. Only maintenance personal have
the user access rights to modify values. Alarm locality is not required as alarms are only
viewable in the diagnostics channel.
6.38.3 Modes of Operation
There is no mode of operation for this group.
6.38.4 Group Functionality
6.38.4.1 General
The monitoring system shall be part of the process control system
The monitoring system shall be graphically made available on the PCS operator stations
The monitoring system shall be autonomous per site, and not rely on any WAN
communications or off-site located equipment, services or functions to perform the
monitoring function
The system monitoring graphic shall be a symbolic representation of the station hardware
architecture displaying the statuses of the following:
PLCs
OS servers (Additional to the PC hardware status below)
PC Hardware
Network switches
System heartbeats
Where the status display LED is a rollup of statuses, a detailed status display shall be
available, i.e. a second level of statuses.
The monitoring system typicals should be developed such that they are independent of
equipment type, make and model - e.g. by limiting the equipment-specific configuration to
the interface portion only.
6.38.4.2 PLC Statuses
The following status LEDs shall be monitored and rolled up into a single health status
indication per PLC:
Table 6.38-1: PLC Status Monitoring
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 272 of 363
Page 272 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
PLC LED LED status for a
healthy rolled up
status
PLC Run status LED On
PLC Stop status LED Off
PLC Internal Fault LED Off
PLC External fault status LED Off
PLC Redundancy fault status LED Off
PLC Bus fault LED(s) Off
PLC Interface module fault LED(s) Off
PLC Master LED Not rolled up
The above status LEDs shall be available on a faceplate, accessed from the rolled up health
status indication on the system monitoring graphic. Detailed information is available for each
rollup LED.
Additional to the above, the faceplate to include the following:
Device name
Device description
Device address
6.38.4.3 OS Server Statuses
The following OS server statuses shall be monitored and rolled up into a single health status
indication per OS server pair:
Table 6.38-2: OS Server Status Monitoring
Status Status for a healthy
rolled up status
Server A runtime status Runtime active
Server B runtime status Runtime active
Server A to PLC communication
(detail for each PLC in 2nd level
display,Including redundancy)
Comms healthy
Server B to PLC communication
(detail for each PLC in 2nd level
display, Including redundancy)
Comms healthy
Current Master Not rolled up
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 273 of 363
Page 273 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
The above statuses shall be available on a faceplate, accessed from the rolled up health
status indication on the system monitoring graphic. Detailed information is available for each
rollup LED.
Additional to the above, the faceplate to include the following:
Device name
Device description
Device address
6.38.4.4 Network Switch Status
The following network switch statuses shall be monitored and rolled up into a single health
status indication per switch:
Table 6.38-3: Network Switch Status Monitoring
Status Status for a healthy
rolled up status
Switch communication Comms healthy
Switch fault status No Fault
The above statuses shall be available on a faceplate, accessed from the rolled up health
status indication on the system monitoring graphic. Detailed information is available for each
rollup LED.
Additional to the above, the faceplate to include the following:
Device name
Device description
Device address
6.38.4.5 PC Hardware Status
The following network PC statuses shall be monitored and rolled up into a single health
status indication per PC:
Table 6.38-4: PC Hardware Status Monitoring
Status State for a healthy
rolled up state
PC communication Comms healthy
Hard drive capacity healthy Healthy
Operating system health Healthy
CMOS Battery status Healthy
Hard drive controller status Healthy
Processor temperature status Healthy
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 274 of 363
Page 274 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Status State for a healthy
rolled up state
Internal temperature status Healthy
Memory status (TBC if available) Healthy
The above statuses shall be available on a faceplate, accessed from the rolled up health
status indication on the system monitoring graphic. Detailed information is available for each
rollup LED.
Additional to the above, the faceplate to include the following:
Device name
Device description
Device address
6.38.4.6 Tank Gauging System Status
The following statuses shall be monitored and rolled up into a single health status indication
per TGS:
Table 6.38-5: TGS Status Monitoring
Status State for a healthy
rolled up state
OPC communication Comms healthy
Gross Volume Status Healthy
The above statuses shall be available on a faceplate, accessed from the rolled up health
status indication on the system monitoring graphic. Detailed information is available for each
rollup LED.
Additional to the above, the faceplate to include the following:
Device name
Device description
Device address
6.38.4.7 Machine Monitoring System Status
The following statuses shall be monitored and rolled up into a single health status indication
per TGS:
Table 6.38-6: MMS Status Monitoring
Status State for a healthy
rolled up state
Bently Nevada / System 1
communication
Comms healthy
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 275 of 363
Page 275 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
The above statuses shall be available on a faceplate, accessed from the rolled up health
status indication on the system monitoring graphic. Detailed information is available for each
rollup LED.
Additional to the above, the faceplate to include the following:
Device name
Device description
Device address
6.38.4.8 Inter PLC Communications Status
The following statuses shall be monitored and rolled up into a single health status indication
per TGS:
Table 6.38-7: Inter PLC Communications Status Monitoring
Status State for a healthy
rolled up state
Communication (Including
redundancy)
Comms healthy
A inter PLC communication link is regarded as a send/receive pair between PLCs. I.e if there
is more than one link per PLC pair, both needs to be monitored and indicated. Indication of
this should be done via a source/destination matrix.
The detailed statuses shall be available on a faceplate, accessed from the rolled up health
status indication on the system monitoring graphic. Detailed information is available for each
rollup LED.
Additional to the above, the faceplate to include the following:
Device name
Device description
Device address
6.38.5 Device Group Availability
None defined.
6.38.6 Group Status
None defined.
6.38.7 Group Events
Alarms/Events shall be generated for all of the above statuses.
Alarms and events shall conform to the standard alarming framework as developed for PCS7
v8 custom typicals.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 276 of 363
Page 276 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.38.8 Group Alarms
None defined.
6.38.9 Interlocking Strategies
None defined.
6.38.10 Graphic Representation
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 277 of 363
Page 277 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.39 Station Sequences
6.39.1 Introduction
Station Sequences have been developed to automate various operational activities at a
station wide level. Station Sequences are only developed on sites where automation makes
sense, and usually includes the following:
Placing the station into a Lined-Up state
Placing the station into an Online state
Placing the station into an Offline state
Placing the station into an Isolated state
Flushing entire manifolds
These sequences exercise control across multiple device groups, including HP Routing and
Mainline Pump Sets. In most cases, station sequences are only available if the associated
device groups are available, in automatic mode and all affected sub-groups are in the same
mode of control.
Station sequences are designed to line-up a station, place station online, offline and isolate a
station. These sequences are mainly intended for use within the MCC for the start-up and
shutdown of the complete pipeline under Line Wide Control (LWC), but can be used on the
station itself when starting up from a shut-down or wanting to shut down in an emergency
situation.
The Station Line-up, Online and Isolation Sequence buttons are only enabled if the
associated device groups are available, in automatic mode and all affected sub-groups are in
the correct Mode of Control (Refer to Availability tables 6.39.5). The Station Offline
Sequence button will be enabled regardless of device group availability.
In addition to the Station Sequences listed above, Station Flush sequences can be initiated
from the HP Overview page.
6.39.1.1 Line Wide Control
LWC is currently only implemented on the 24” MPP Pipeline and effects control at the
respective stations by issuing the following sequence commands to the local control systems
installed on the respective pump stations on the Trunkline:
Station Line-up
Station Online
Station Offline
Station Isolation
The Line Wide Control PLC will only issue commands to the station’s local control system but
the logic to execute the commands e.g. starting a Mainline Pump will reside in the local
station control system.
In addition to Line Wide control, Station Line-up, Online, Offline and Isolation sequences can
also be initiated by the Station operator.
The statuses that enable and disable these sequences will be made available to the LWC for
determination of the statuses of all pump stations in the Trunkline.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 278 of 363
Page 278 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Note: The Line Wide Startup and Shutdown sequences are detailed in the Linewide Control
Engineering Design Specification for the 24” MPP Pipeline.
6.39.2 Modes of Control
There are no Modes of Control for the Station Sequences – the mode follows that of the HP
Routing Screen.
6.39.3 Modes of Operation
LWC (Line Wide Control) from the MCC / SCC only (24” MPP Pipeline only)
SWC (Station Wide Control) from the MCC / SCC / Station
6.39.4 Group Functionality
6.39.4.1 Station Line-up Sequence
[As implemented on 24” MPP Pipeline Pumping Stations TNI, HTP, MBT, as an example]
The Station Line-up sequence is activated on receipt of any of the following:
a Station Line-up request from the SCADA (MCC/SCC or Station)
a Station Line-up request from the Line Wide Control PLC
This sequence will start the following sequences:
HP Routing Online sequence
Lube Oil Online sequence
Pumpset P0x Line-up sequence
Main Pumphouse Ventilation Duty Controller
Segmentation Online sequence
Any sub-sequence failure during the Station Line-up Sequence will result in the sequence
continuing to completion, complete with all associated alarming and event logging
procedures. Placing the HP Routing Device Group in manual mode while the sequence is
running will result in the sequence aborting.
See flow diagram for details:
7.2.15.1: Station Line-Up Sequence (TNI)
6.39.4.2 Station Set Lined up
The Station is in a Lined up state if:
HP Routing is online AND
at least one Lube oil system is online (Lube oil pump running) AND
at least one Mainline pump is lined-up (Pump breaker closed and
Pump Discharge valve closed) AND
Segmentation is Online AND
Main Pumphouse Ventilation DuC is running
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 279 of 363
Page 279 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
6.39.4.3 Station Online Sequence
[As implemented on 24” MPP Pipeline Pumping Stations TNI, HTP, MBT, as an example]
The Station Online sequence is activated on receipt of any of the following:
a Station Online request from the SCADA (MCC/SCC or Station)
a Station Online request from the Line Wide Control PLC
This sequence will start the following:
Start Station Duty controller
Any sub-sequence failure during the Station Online Sequence will result in the sequence
aborting, complete with all associated alarming and event logging procedures. Placing the HP
Routing Device Group in manual mode while the sequence is running will result in the
sequence aborting.
See flow diagram for details:
7.2.15.2: Station Online Sequence (TNI)
6.39.4.4 Station Online
The Station is in an Online state if:
Mainline pump P01 is Online OR
Mainline pump P02 is Online OR
Mainline pump P03 is Online
6.39.4.5 Station Offline Sequence
[As implemented on 24” MPP Pipeline Pumping Stations TNI, HTP, MBT, as an example]
The Station Offline sequence is activated on receipt of any of the following:
a Station Offline request from the SCADA (MCC/SCC or Station)
a Station Offline request from the Line Wide Control PLC
This sequence will start the following sequences:
Segmentation Offline sequence
Any sub-sequence failure during the Station Offline Sequence will result in the sequence
continuing to completion, complete with all associated alarming and event logging
procedures. Placing the HP Routing Device Group in manual mode while the sequence is
running will result in the sequence aborting.
See flow diagram for details:
7.2.15.3: Station Offline Sequence (24” MPP)
6.39.4.6 Station Offline
The Station is in an Offline state if:
Segmentation is Offline AND
Mainline pump P01 is Offline AND
Mainline pump P02 is Offline AND
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 280 of 363
Page 280 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Mainline pump P03 is Offline
6.39.4.7 Station Isolation Sequence
[As implemented on 24” MPP Pipeline Pumping Stations TNI, HTP, MBT, as an example]
The Station Isolation sequence is activated on receipt of any of the following:
a Station Isolation request from the SCADA (MCC/SCC or Station)
a Station Isolation request from the Line Wide Control PLC
This sequence will start the following sequences:
HP Routing offline
Lube Oil offline
Open Pump breakers
Stop Main Pumphouse Ventilation Fan DuC
Any sub-sequence failure during the Station Isolation Sequence will result in the sequence
continuing to completion, complete with all associated alarming and event logging
procedures. Placing the HP Routing Device Group in manual mode while the sequence is
running will result in the sequence aborting.
See flow diagram for details:
7.2.15.4: Station Isolation Sequence (24” MPP)
6.39.4.8 Station Isolated
The Station is in an Isolated state if:
HP Routing is offline AND
All Lube Oil systems are Offline AND
Mainline pump 50-P01 breaker not closed AND
Mainline pump 50-P02 breaker not closed AND
Mainline pump 50-P03 breaker not closed AND
All Main Pumphouse Ventilation Fans are stopped
6.39.4.9 Station Flush Sequence
[As implemented on 24” MPP Pipeline Pumping Stations TNI, HTP, MBT, as an example]
The Station Flush is activated on receipt of:
a start request from the SCADA (MCC/SCC or Station)
This sequence will start the following sequences:
Receiver Online
Launcher Online
Mainline Pump P01-P03 Flush
Strainer Flush
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 281 of 363
Page 281 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Any sub-sequence failure during the Station Flush Sequence will result in the sequence
continuing to completion, although with the individual flush sequence being aborted,
complete with all associated alarming and event logging procedures. Placing the HP Routing
Device group in manual mode while the sequence is running will result in the sequence
aborting.
See flow diagram for details:
7.2.15.5: Station Flush Sequence (TNI)
6.39.4.10 Mainline Pump Flush Sequence
[As implemented on 24” MPP Pipeline Pumping Stations TNI, HTP, MBT, as an example]
The Pump Set P01-P03 Flush Sequence is activated, if ready, on:
Receipt of a Station Flush Request from the HP Routing Overview Screen.
The Station Duty/Speed controller is placed into ‘Flush Active’ state during flushing, which
inhibits the Duty/Speed Controller from controlling the mainline pumps.
Pump sets are only flushed if the flowrate through the dispatch manifold, as measured by the
sum of the mainline pump flowmeters (FT0x1), is greater than a configurable amount
(default 9000 L/min).
A minimum flowrate of 12000 L/min is achieved by running three pumps at minimum speed
of 1600 rpm (4000 L/min per pump). This is used to flush all the Mainline Pumps.
The Station Duty/Speed controller will always flush the maximum number of “available for
flushing” pump sets, but is limited by flow rate (FT 121) as per the following conditions:
Flow rate > 12000 L/min, limited to maximum of three (3) pump sets.
Flow rate <= 12000 L/min and >= 9000 L/min, only flush a maximum of two (2)
pump sets.
Flow rate < 9000 L/min, only the current pump is flushed.
Note: On pump stations HTP and MTB, when the mainline pumps are bypassed (XV N1K
open, station flow detected (FT 121 > 9000 L/min) and no mainline pump running),
automatic flushing of the mainline pumps will not take place.
A check is undertaken to ensure that the Pump Set Device Group is ready and not online and
not in Mixed Mode of Control (as compared with HP Routing MoC). If these conditions are not
met, the sequence will not be initiated. Otherwise, it is placed online provided that the
flowrate through the manifold is higher than the combined minimum flowrate required by all
the pumps. The duty controller will assume a ‘Flush Active’ condition during flushing. Refer to
the Station Duty and Speed Control Device Group (section 6.15 for details).
If the station manifold flowrate is below the combined minimum flow required by the pumps,
the control system determines the maximum number of pump sets that can be flushed
simultaneously. The maximum number of pumps will be placed online and run until the
interface has passed through these pumps. The Station Duty and Speed Controller latches a
‘Not Flushed’ condition which prevents it from starting the pump set.
Any sub-sequence failure during the Flush Sequence will result in the sequence continuing to
completion, although with the individual faulty pump set flush sequence being aborted,
complete with all associated alarming and event logging procedures. Placing the HP Routing
Device Group in manual mode while the sequence is running will result in the sequence
aborting.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 282 of 363
Page 282 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
See flow diagram for details:
7.2.15.5: Mainline Pump P01-P03 Flush Sequence
6.39.5 Group Availability
6.39.5.1 Station Line-Up Sequence Availability
[As implemented on 24” MPP Pipeline Pumping Stations TNI, HTP, MBT, as an example]
The following conditions will render the Station Line-Up Sequence “Not Available”.
Table 6.39-1: Station Line-Up Sequence Availability
Condition Logic
Lube Oil Not Rdy or Mixed MoC
All Lube Oil Sequences are Not
Available or the Group is Not in Automatic or Mixed Mode of Control.
No Pump Rdy or Mixed MoC
(P0x Not Available AND XV PxE Not
Available) OR Pump Group Not in Automatic OR in Mixed Mode of
Control.
HP Online Seq Not Ready Sequence is Not Available or Group
Not in Automatic.
Segment Online Seq Not Ready Sequence is Not Available or Group Not in Automatic.
Vent Fans DuC Not Rdy or Mixed
MoC
Group is Not Available or Not in
Automatic or Mixed Mode of Control.
6.39.5.2 Station Online Sequence Availability
[As implemented on 24” MPP Pipeline Pumping Stations TNI, HTP, MBT, as an example]
The following conditions will render the Station Online Sequence “Not Available”.
Table 6.39-2: Station Online Sequence Availability
Condition Logic
DuC Not Avail or Mixed MoC DuC Not Available or Mixed Mode of
Control.
Station Not Lined-Up Refer to Section 6.39.4.2.
6.39.6 Station Offline Sequence Availability
[As implemented on 24” MPP Pipeline Pumping Stations TNI, HTP, MBT, as an example]
The following conditions will render the Station Offline Sequence “Not Available”.
Table 6.39-3: Station Offline Sequence Availability
Condition Logic
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 283 of 363
Page 283 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Condition Logic
Segment Offline Not Ready Sequence is Not Available or Group
Not in Automatic.
6.39.7 Station Isolation Sequence Availability
[As implemented on 24” MPP Pipeline Pumping Stations TNI, HTP, MBT, as an example]
The following conditions will render the Station Isolation Sequence “Not Available”.
Table 6.39-4: Station Isolation Sequence Availability
Condition Logic
HP Offline Seq Not Ready Sequence is Not Available or Group
Not in Automatic.
Lube Oil Manual or Mixed MoC Group is Not in Automatic or Mixed Mode of Control.
6.39.8 Station Flush Sequence Availability
[As implemented on 24” MPP Pipeline Pumping Stations TNI, HTP, MBT, as an example]
The Station Flush will be available if at least one sub-sequence is ready and in the same
Mode of Control as the General Device Group. Sequences that are not Ready or not in the
correct Mode of Control, will not be run. The following conditions will render the Station Flush
Sequence “Not Available”.
Table 6.39-5: Station Flush Sequence Availability
Condition Logic
Launcher Not Rdy or Mixed MoC Group is Not Available or Not in
Automatic or Mixed Mode of Control.
Receiver Not Rdy or Mixed MoC Group is Not Available or Not in
Automatic or Mixed Mode of Control.
Strainer S01 and S02 Not Ready Strainer software not Available.
Pump Flush Seq Not Avail Group is Not Available or Not in
Automatic or Mixed Mode of Control.
6.39.9 Pump Set P01-P03 Flush Sequence Availability
[As implemented on 24” MPP Pipeline Pumping Stations TNI, HTP, MBT, as an example]
The Pump Set Flush will be available if at least one pump flush sub-sequence is ready and in
the same Mode of Control as the General Device Group. Sequences that are not Ready or not
in the correct Mode of Control, will not be run. The following conditions will render the Pump
Set P01-P03 Flush Sequence “Not Available”.
Table 6.39-6: P01-P03 Flush Sequence Availability
Condition Logic
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 284 of 363
Page 284 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Condition Logic
P01 Not Rdy or Mixed MoC Group is Not Available or Not in
Automatic or Mixed Mode of Control.
P02 Not Rdy or Mixed MoC Group is Not Available or Not in Automatic or Mixed Mode of Control.
P03 Not Rdy or Mixed MoC Group is Not Available or Not in Automatic or Mixed Mode of Control.
6.39.10 Group Status
6.39.10.1 Group Alarm Status Indications
None defined.
6.39.10.2 Group Error Status Indications
None defined.
6.39.10.3 Group Information Status Indications
None defined.
6.39.11 Interlocking Strategies
6.39.11.1 Hard Wired Interlocks
None defined.
6.39.11.2 PLC Interlocks
None defined.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 285 of 363
Page 285 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
7 APPENDICES
7.1 Appendix A: Flow Compensation
7.1.1 Description
All flows used for control and metering will be compensated. Flow compensation is done in
the PLC using the specified pressure and temperature transmitters. These instruments may
be wired into other PLCs and if so, the values will be obtained via comms.
Flow and volumetric compensation is to be done in accordance with the following criteria:
As a standard, where a flow meter provides dual flow outputs (i.e. pulsed and
Analogue), the pulsed output (volumetric flow) will be used for metering.
As a standard, where no metering is performed, the flow tag (FT) will utilise the 4-20
mA Analogue signal, and KT the pulsed (digital) signal, regardless of whether KT is
used or not.
Software - Uncompensated flow tag is to be FT xxxx_G
Software - Compensated flow tag is to be FT xxxx_S (after compensation)
Software - Compensation is to be done using only PT and TT, with a default density
per product being determined as below
Alarm - On a wirebreak or over-range of a PT or TT, an additional alarm on the
compensated FT is created with priority 10 - "Flow Compensation Calculation Error"
The faceplate developed for Flow Compensation should show uncompensated and
compensated flow values, and in a second tab pressure, temperature and density values
(password protected – Technician level).
The faceplate developed for Volumetric Compensation is to have similar functionality to
custody metering, i.e. PT and TT field values and 3x DT options:
Field values
Keypad values
Product based on route
Compensation is to be done in accordance with API MPMS Chapter 11 1980.
Density values (configurable) are to be used in the following order of preference:
Where a density reading is available, this actual value should be used in the
compensation algorithm. Where the product is known, the following values will
be used in the compensation algorithm:
Diesel: 0.858
ULP: 0.7243
Jet Fuel: 0.796
Other Multi-products: 0.7912
Where a sonic velocity reading is available, the values above are to be used.
Where density or sonic readings are unavailable, and the product is unknown,
the ‘Other Multi-products’ density value above should be used in the
compensation algorithm
Where FT signals need to be transferred/repeated across PLC/Control Systems, this
should be deterministic, i.e. either using Profibus comms or hardwired.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 286 of 363
Page 286 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
7.1.1.1 Alarm and Event Strategies
On a wire break or over-range of a pressure or temperature transmitter, an additional alarm
on the compensated flow transmitter is created with priority 10:
Flow Compensation Calculation Error
7.1.1.2 Failure Modes
As per the Analogue Typical with the following addition:
Flow Compensation Failure
7.1.2 Graphic Representation
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 287 of 363
Page 287 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
7.2 Appendix B: Sequence Flowcharts & Tables
The Sequence Flowcharts and Tables listed below are Typical Examples, and will need to be
modified on a per Station basis.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 288 of 363
Page 288 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
7.2.1 Receiver Device Group
7.2.1.1 Receiver Online Sequence
START
True
Open
XV R1A
XV R1E
1 -S
XV R1A Open
XV R1E Open
XV R1K Closed
END
Open Receiver Inlet &
Outlet Valve
Close Receiver
Bypass Valve
Close
XV R1K
2 -S
All faults during the process
result in the sequence
aborting, complete with all
associated alarming and
event logging.
Figure 7.2-1 – Receiver R01 Online Sequence
7.2.1.2 Receiver Offline Sequence
START
True
Open
XV R1K
1 -s
XV R1K Open
XV R1A Closed
XV R1E Closed
END
Open Receiver
Bypass Valve
Close Receiver Inlet &
Outlet Valve
Close
XV R1A
XV R1E
2 -s
All faults during the process
result in the sequence
aborting, complete with all
associated alarming and
event logging.
Figure 7.2-2: Receiver R01 Offline Sequence
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 289 of 363
Page 289 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
7.2.2 Launcher Device Group
7.2.2.1 Launcher Online Sequence
START
True
Open
XV L1A
XV L1E
1 -S
XV L1A Open
XV L1E Open
XV L1K Closed
END
Open Launcher Inlet &
Outlet Valve
Close Launcher
Bypass Valve
Close
XV L1K
2 -S
All faults during the process
result in the sequence
aborting, complete with all
associated alarming and
event logging.
Figure 7.2-3: Launcher L01 Online Sequence
7.2.2.2 Launcher Offline Sequence
START
True
Open
XV L1K
1 -s
XV L1K Open
XV L1A Closed
XV L1E Closed
END
Open Launcher
Bypass Valve
Close Launcher Inlet &
Outlet Valve
Close
XV L1A
XV L1E
2 -s
All faults during the process
result in the sequence
aborting, complete with all
associated alarming and
event logging.
Figure 7.2-4: Launcher L01 Offline Sequence
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 290 of 363
Page 290 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
7.2.3 MV Booster Pump Device Group
7.2.3.1 MV Booster Pump Online Sequence
END
Close Booster
Pump B01
Discharge
Valve
Close
XV B1E
4 -s
XV B1E close AND
No other Booster Pump Maximum demand inhibit AND
Booster Pump B01 staging enabled
Open Booster Pump
B01 Discharge Valve
Open
XV B1E
7 -s
XV B1E open
Start Booster
Pump B01
Start Pump B01
5 -s
Booster Pump B01 running
Wait 5 secWait
5 Sec
6 -s
Timer Expired
5s
MMS Trip Reset
2
MMS Healthy
Perform MMS Trip Reset
- s
START
Abort Sequence1 -s
No Valid FlowpathValid Flowpath
Abort Sequence3 -s
MMS Rack Fault
5s
All faults during the process
result in the sequence aborting,
complete with all associated
alarming and event logging.
B01 Offline = Abort, Idle or Complete
Figure 7.2-5: Booster Pump Set B01 Online sequence
7.2.3.2 MV Booster Pump Offline Sequence
START
StopPump B01
1 -s
Booster Pump B01 stopped OR not Avail
XV B1E close
OR not Avail
END
Stop B01
Close B1EClose
XV B1E
2 -s
B01 Online = Abort, Idle or CompleteB01 Online = Abort, Idle or Complete
All faults during the process
result in the sequence
continuing, complete with all
associated alarming and event
logging.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 291 of 363
Page 291 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Figure 7.2-6: Booster Pump Set B01 Offline sequence
7.2.4 MV Mainline Pump Set Device Group - DOL
7.2.4.1 MV Mainline Pump Online Sequence
END
Close Pump P01 Discharge
Valve, Open Bypass Valve
Close XV P1E
Open XV P1K
2 -s
XV P1E close AND XV P1K open AND
No other Mainline Pump Maximum demand inhibit
Open Pump B01
Discharge Valve
Open
XV P1E
5 -s
XV P1E open
Start Mainline
Pump P01
Start Pump P01
3 -s
Mainline Pump P01 running
Wait 5 secWait
5 Sec
4 -s
Timer Expired
5s
START
Abort Sequence1 -s
No Valid FlowpathValid Flowpath
All faults during the process
result in the sequence aborting,
complete with all associated
alarming and event logging.
P01 Offline & Flush = Abort, Idle or Complete
Figure 7.2-7: MV Mainline Pump Set P01 Online Sequence
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 292 of 363
Page 292 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
7.2.4.2 MV Mainline Pump Offline Sequence
START
StopPump P01
1 -s
Pump P01 stopped OR not Avail
XV B1E close
OR not Avail
END
Stop P01
Close P1EClose
XV P1E
3 -s
P01 Online & Flush = Abort, Idle or CompleteP01 Online & Flush = Abort, Idle or Complete
All faults during the process
result in the sequence
continuing, complete with all
associated alarming and event
logging.
Open XVP1K
2 -s
Pump P01 Bypass valve open OR not Avail
Open P1K
Figure 7.2-8: MV Mainline Pump Set P01 Set Offline Sequence
7.2.4.3 MV Mainline Pump Flush Sequence
START
Open XV P1E
1 -s
Pump P01 Discharge valve open
END
Open XVP1E
P01 Online & Offline = Abort, Idle or CompleteP01 Online & Offline = Abort, Idle or Complete
All faults during the process
result in the sequence aborting,
complete with all associated
alarming and event logging.
Close XVP1K
2 -s
Pump P01 Bypass valve closed
Close P1K
Figure 7.2-9: MV Mainline Pump Set P01 Flush Sequence
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 293 of 363
Page 293 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
7.2.5 MV Mainline Pump Set Device Group – VSD (24” MPP)
7.2.5.1 MV Mainline Pump Line-Up Sequence
START
XV P1E Closed AND
Pump Breaker Closed
END
Close P1E
Close P01 Breaker
Close XV P1E
Close P01
Breaker
1 - s
TrueTrue
All faults during the process
result in the sequence aborting,
complete with all associated
alarming and event logging.
Figure 7.2-10: MV Mainline Pump Set P01 Line-Up Sequence
7.2.5.2 MV Mainline Pump Online Sequence
MMS Trip Reset
MMS Healthy
XV P1E Open AND
Pump Breaker Closed
END
Perform MMS Trip Reset
Close P1E
Close P01 Breaker
Open XV P1E
Close P01
Breaker
4 - s
P01 Running
Start P01
Start P01
5 - s
All faults during the process
result in the sequence aborting,
complete with all associated
alarming and event logging.
START
Abort Sequence1 -s
No Valid FlowpathValid Flowpath
Abort Sequence3 -s
MMS Rack Fault
2 - s5s
Lineup/Offline/Flush
= Abort, Idle or
Complete
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 294 of 363
Page 294 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Figure 7.2-11: MV Mainline Pump Set P01 Online Sequence
7.2.5.3 MV Mainline Pump Offline Sequence
START
END
Stop P01Stop P01
2 - s
P01 stopped OR not Avail
Close P1EClose XV P1E
3 - s
XV P1E Closed
OR not Avail
Lineup/Online/Flush =
Abort, Idle or Complete
All faults during the process
result in the sequence
continuing, complete with all
associated alarming and event
logging.
Initiate Lube Oil System
Online SequenceStart Lube Oil
True
1 - s5s
Figure 7.2-12: MV Mainline Pump Set P01 Offline Sequence
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 295 of 363
Page 295 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
7.2.5.4 MV Mainline Pump Flush Sequence
All faults during the process
result in the sequence aborting,
complete with all associated
alarming and event logging.
END
P01 Stopped
Stop P01Stop P019
Close
XV P1E
10
XV P1E Closed
Close P1E
-s
-s
Initiate Lube Oil System
Online SequenceStart Lube Oil
8
True
MMS Trip Reset
3
MMS Healthy
XV P1E Open AND
Pump Breaker Closed
Perform MMS Trip Reset
Close P1E
Close P01 Breaker
Open XV P1E
Close P01
Breaker
5 - s
P01 Running
Start P01
Start P01
6 - s
START
Abort Sequence2 -s
No Valid FlowpathValid Flowpath
Abort Sequence4 -s
MMS Rack Fault
P01 Flushed State AND
No Interface Present
Wait for Flushed
StateFlushed
7 -s
- s5s
- s5s
Lineup/Online/Offline = Abort, Idle or Complete
True
Reset Flush
StateReset Flush
1 -s
Figure 7.2-13: MV Mainline Pump Set P01 Flush Sequence
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 296 of 363
Page 296 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
7.2.6 MV Mainline Pump Set Device Group – VSD (Crude)
7.2.6.1 MV Mainline Pump Line-Up Sequence
START
XV P1E Closed AND
Pump Breaker Closed
END
Close P1E
Close P01 Breaker
Close XV P1E
Close P01
Breaker
1 - s
TrueTrue
All faults during the process
result in the sequence aborting,
complete with all associated
alarming and event logging.
Figure 7.2-14: MV Mainline Pump Set P01 Line-Up Sequence
7.2.6.2 MV Mainline Pump Online Sequence
END
Close Pump P01 Discharge
Valve, Open Bypass Valve
Close XV P1E
Open XV P1K
2 -s
XV P1E close AND XV P1K open AND
No other Mainline Pump Maximum demand inhibit
Open Pump B01
Discharge Valve
Open
XV P1E
5 -s
XV P1E open
Start Mainline
Pump P01
Start Pump P01
3 -s
Mainline Pump P01 running
Wait 5 secWait
5 Sec
4 -s
Timer Expired
5s
START
Abort Sequence1 -s
No Valid FlowpathValid Flowpath
All faults during the process
result in the sequence aborting,
complete with all associated
alarming and event logging.
P01 Offline & Flush = Abort, Idle or Complete
Figure 7.2-15: MV Mainline Pump Set P01 Online Sequence
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 297 of 363
Page 297 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
7.2.6.3 MV Mainline Pump Offline Sequence
START
StopPump P01
1 -s
Pump P01 stopped OR not Avail
XV B1E close
OR not Avail
END
Stop P01
Close P1EClose
XV P1E
3 -s
P01 Online & Flush = Abort, Idle or CompleteP01 Online & Flush = Abort, Idle or Complete
All faults during the process
result in the sequence
continuing, complete with all
associated alarming and event
logging.
Open XVP1K
2 -s
Pump P01 Bypass valve open OR not Avail
Open P1K
Figure 7.2-16: MV Mainline Pump Set P01 Set Offline Sequence
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 298 of 363
Page 298 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
7.2.7 Lube Oil Device Group (24” MPP Stations)
7.2.7.1 Lube Oil Online Sequence
END
Lube Oil 1
Available
X21 Running
OR not Avail
Start X21
Lube Oil 1
Not Available
Start
X21
2 - s
Lube Oil 1
AvailableLube Oil 1
1 0s
Lube Oil 2
Available
X22 Running
OR not Avail
Start X22
Lube Oil 2
Not Available
Start
X22
4 - s
Lube Oil 2
AvailableLube Oil 2
3 0s
Lube Oil 3
Available
X23 Running
OR not Avail
Start X23
Lube Oil 3
Not Available
Start
X23
6 - s
Lube Oil 3
AvailableLube Oil 3
5 0s
START
Offline = Abort, Idle or
Complete
All faults during the process
result in the sequence
continuing, complete with all
associated alarming and event
logging.
Figure 7.2-17: Lube Oil Online Sequence
7.2.7.2 Lube Oil Offline Sequence
START
END
Stop X21
Stop X22
Stop X23
1
X21 Stopped OR not Avail AND
X22 Stopped OR not Avail AND
X23 Stopped OR not Avail
Stop X21, X22, X23
- s
Wait
60 sec Timer Expired
2 - s
Stop
P01, P02, P03
Fan Duty Standby
P01, P02, P03 Fan Duty
Standby Stopped
3 - s
Stop P01, P02, P03 Fan
Duty Standby
Start Delay Timer
Online = Abort, Idle or
Complete
60s
All faults during the process
result in the sequence
continuing, complete with all
associated alarming and event
logging.
Figure 7.2-18: Lube Oil Offline Sequence
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 299 of 363
Page 299 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 300 of 363
Page 300 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
7.2.8 HP Routing Device Group
7.2.8.1 HP Routing Isolation Online Sequence
START
Open
XV I1E
1
XV I1E Opened
END
Open I1E
-s
TNI Offline = Abort,
Idle or Complete
All faults during the process
result in the sequence aborting,
complete with all associated
alarming and event logging.
Figure 7.2-19: HP Routing Isolation Online Sequence (TNI)
7.2.8.2 HP Routing Isolation Offline Sequence
START
Close XV I1E
Close XV D1F
Close XV D2F
Close XV D3F
Close XV D4F
Close XV D8F
10
XV I1E Closed OR not Avail AND
XV D1F Closed OR not Avail AND
XV D2F Closed OR not Avail AND
XV D3F Closed OR not Avail AND
XV D4F Closed OR not Avail AND
XV D8F Closed OR not Avail
END
Close I1E,
D1F, D2F,D3F,D4F, D8F
0s
TNI Online = Abort,
Idle or Complete
All faults during the process
result in the sequence
continuing, complete with all
associated alarming and event
logging.
Close XV D1E
Close XV D2E
Close XV D3E
Close XV D4E
Close XV D8E
11
XV D1E Closed OR not Avail AND
XV D2E Closed OR not Avail AND
XV D3E Closed OR not Avail AND
XV D4E Closed OR not Avail AND
XV D8E Closed
Close D1E, D2E, D3E, D4E,
D8E
0s
Stop Duty controllerStop Duty control
1
Duty controller stopped
-s
Start P01 Offline
sequenceStart P01 Offline
2
P01 Offline OR not Avail
-s
Interlock P01Interlock P01
3
True
-s
P01 Automatic P01 Not Automatic
WaitWait
4 10s
Start P01 Offline
sequenceStart P02 Offline
4
P02 Offline OR not Avail
-s
Interlock P02Interlock P02
5
True
-s
P02 Automatic P02 Not Automatic
WaitWait
6 10s
Start P03 Offline
sequenceStart P03 Offline
7
P03 Offline OR not Avail
-s
Interlock P03Interlock P03
8
True
-s
P03 Automatic P03 Not Automatic
WaitWait
9 10s
Figure 7.2-20: HP Routing Isolation Offline Sequence (TNI)
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 301 of 363
Page 301 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
7.2.9 Sump & Intermix Transfer Device Group
7.2.9.1 Intermix Transfer Online Sequence
START
True
Open XV T1A
1 -S
XV T1A Open
X01 Running
END
Open T01 Route
Start X01Start X01
2 -S
All faults during the
process result in the
sequence aborting,
complete with all
associated alarming and
event logging.
Figure 7.2-21: Intermix Transfer Online Sequence
7.2.9.2 Intermix Transfer Offline Sequence
START
Stop X01
1 -S
X01 Stopped OR
Not Available
XV T1A Closed OR
Not Available
END
Stop X01
Close RouteClose XV T1A
2 -S
All faults during the
process result in the
sequence continuing,
complete with all
associated alarming and
event logging.
True
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 302 of 363
Page 302 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Figure 7.2-22: Intermix Transfer Offline Sequence
7.2.10 Sump Injection Device Group (Venturi)
7.2.10.1 Sump Injection Online Sequence
START
True
Open XV G1A
Open XV G1E
1 -S
XV G1A, XVG1E
Open
XV G1B Open
END
Open G1A
Open G1E
Open G1BOpen XV G1B
2 -S
All faults during the
process result in the
sequence aborting,
complete with all
associated alarming and
event logging.
Figure 7.2-23: Sump Injection Online Sequence
7.2.10.2 Sump Injection Offline Sequence
START
True
Close XV G1B
1 -S
XV G1B Closed OR
Not Available
XV G1A, XV G1E
Closed OR Not
Available
END
Close G1B
Close G1A,
Close G1E
Close XV G1A
Close XV G1E
2 -S
All faults during the
process result in the
sequence continuing,
complete with all
associated alarming and
event logging.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 303 of 363
Page 303 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
Figure 7.2-24: Sump Injection Offline Sequence
7.2.11 Inhibitor/DRA Injection Device Group
7.2.11.1 Inhibitor/DRA Online Sequence
END
Start Inhibitor Pump X01Start X01
1
-s
Inhibitor Pump X01 Running
Stop Inhibitor
Pump X01
Stop Pump X01
2 -s
X01 Stopped
START
Abort Sequence3 -s
X01 Not AvailableGroup in MANUAL MOO
FT121 < 500 l/min OR Offline Request issued OR LT171 Low Level Trip ORHP Route Closed
All faults during the process
result in the sequence aborting,
complete with all associated
alarming and event logging.
Manifold Flow FT121 > 500 l/min
Figure 7.2-25: Inhibitor/DRA Online Sequence
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 304 of 363
Page 304 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
7.2.12 LP Routing – Product Device Group
7.2.12.1 LP Routing Intake Manifold Layout (Example)
XVH3A
CLIENT 2
CLIENT 1XVM1E ZVM1AFT811
XVM2E ZVM2AFT812 XVCC2
XVCM2
XVH1A XVCC1
XVCM1
XVH5A
CVH0J XVH0A XVY1KHP
MANIFOLD
PROVER
Figure 7.2-26: LP Routing Intake Manifold Layout (Example)
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 305 of 363
Page 305 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
7.2.12.2 LP Routing – PRDx Intake Route Tables
INTAKE MAN_1 Common Source
ROUTING VALVES Strainer
XV CV XV XV XV ZV ZV XV ZV XV ZV XV XV XV XV Flow
H0A H0J H1A H3A H5A S1A S1E M1E M1A M2E M2A CC1 CC2 CM1 CM2 Path
Client 1 to Line x x x x x x x x
x x x x x x x x
Client 2 to Line x x x x x x x x
x x x x x x x x
INTAKE MAN_1 Common
ROUTE AVAILABILITY Strainer Consignee Valves
XV CV XV XV XV ZV ZV XV ZV XV ZV XV XV XV XV Flow
H0A H0J H1A H3A H5A S1A S1E M1E M1A M2E M2A CC1 CC2 CM1 CM2 Path
Client 1 to Line a a a a/c a/c o/w b o/w b a o/w b a/c a a/c Yes
a a a a/c a/c o/w b o/w b a/c a o/w b a a/c Yes
Client 2 to Line a a a a/c a/c o/w b o/w b a o/w b a/c a/c a Yes
a a a a/c a/c o/w b o/w b a/c a o/w b a/c a Yes
INTAKE MAN_1 Common
OPEN ROUTE INDICATION Strainer Consignee Valves
XV CV XV XV XV ZV ZV XV ZV XV ZV XV XV XV XV Flow
H0A H0J H1A H3A H5A S1A S1E M1E M1A M2E M2A CC1 CC2 CM1 CM2 Path
Client 1 to Line o/w b o/w b o/w b c o/w b o/w b Yes
o/w b o/w b o/w b c o/w b o/w b Yes
Client 2 to Line o/w b o/w b o/w b c o/w b o/w b Yes
o/w b o/w b o/w b c o/w b o/w b Yes
INTAKE MAN_1 Common
ONLINE INDICATION Strainer Consignee Valves
XV CV XV XV XV ZV ZV XV ZV XV ZV XV XV XV XV Flow
H0A H0J H1A H3A H5A S1A S1E M1E M1A M2E M2A CC1 CC2 CM1 CM2 Path
Client 1 to Line o/w b o/w b o/w b o/w b o/w b o/w b o/w b Yes
o/w b o/w b o/w b o/w b o/w b o/w b o/w b Yes
Client 2 to Line o/w b o/w b o/w b o/w b o/w b o/w b o/w b Yes
o/w b o/w b o/w b o/w b o/w b o/w b o/w b Yes
Prover
Route
Source Prover
Destination Prover
Consignors
Route
Source Prover
Route
Meter 1 Meter 2
Meter 1 Meter 2
Meter 1 Meter 2
Meter 1 Meter 2
Route
Source
Table 7.2-1: LP Routing - PRDx Intake Route Tables
Legend:
a = available a/c = available or closed o = open c = closed c/wb = closed or wirebreak o/wb = open or wirebreak h = high l = low (* denotes an OR condition)
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 306 of 363
Page 306 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
7.2.12.3 LP Routing – PRDx Open Route Sequence (Intake Manifold)
START
Close XVM1E
Close XVCC1
Close XVCC1A
2 -s
END
XVH1A Closed
M2E, CC!, CC2, CM1, CM2
Closed OR N/A AND
CC1A, CC2A, CM1A, CM2A
Closed
All faults during the process
result in the sequence
continuing, complete with all
associated alarming and event
logging.
Close XVM2E
Close XVCC1
Close XVCC1A
Close XVCC2
Close XVCC2A
Close XVCM1
Close XV CM1A
Close XV CM2
Close XVCM2A
1 -s
Close valves
associated with second
meter run (dual meter
manifolds) and all
consignor valves
M1E, CC1 Closed OR N/A AND
CC1A Closed
XVH1A Not Closed
Close selected product
meter outlet and
consignor valve
Open XVCC1
Open XVCC1A
Open XVH0A
3 -s
CC!, H0A Open OR NA AND
CC1A Open
Open selected product
consignor, common
header valves
Figure 7.2-27: LP Routing – PRDx Open Route Sequence (Intake)
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 307 of 363
Page 307 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
7.2.12.4 LP Routing – PRDx Start Intake Sequence (Intake Manifold)
START
Close XVM2E
Close XVCC2
Close XVCC2A
Close XVCM1
Close XVCM1A
Close XVCM2
Close XVCM2A
INT Close XVH3A
INT Close XVH5A
3 -s
M2E, CC2, CM1, CM2, H3A, H5A
Closed OR Not Avail AND
CC2A, CM1A, CM2A Closed
END
Open XVM1E
2 -s
All faults during the process
result in the sequence
continuing, complete with all
associated alarming and event
logging.
M1E Open
H1A Open
True
Open XVH1A
1
All faults during the process
result in the sequence aborting,
complete with all associated
alarming and event logging.
-s
Open selected Product
Header valve
Open selected Product
Meter Outlet valve
Close Previous
Route valves,
including cross
product header
valves
Figure 7.2-28: LP Routing – PRDx Start Intake Sequence
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 308 of 363
Page 308 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
7.2.12.5 LP Routing – PRDx Stop Intake Sequence (Intake Station)
START
Close XVM1E
Close XVM2E
Close XVCC1
Close XVCC1A
Close XVCC2
Close XVCC2A
Close XVCM1
Close XVCCMA
Close XVCM2
Close XVCM2A
3 -s
END
XVH3A Closed AND
XVH5A Closed
H0A Closed OR N/A
All faults during the process
result in the sequence
continuing, complete with all
associated alarming and event
logging.
Close XVH0A
1 -s
Close common header
valve
M1E, M2E, CC1, CC2,
CM1, CM2 Closed OR N/A
AND
CC1A, CC2A, CM1A, CM2A
Closed
XVH3A Not Closed OR
XVH5A Not Closed
Close same product
dual meter manifold
valves
Close XVH1A
2 -s
Close selected product
header valve
H1A Closed OR N/A
Figure 7.2-29: LP Routing – PRDx Stop Intake Sequence
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 309 of 363
Page 309 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
7.2.12.6 LP Routing Delivery Manifold Layout (Example)
XVH3B
CLIENT 2
CLIENT 1
XVCM1
XVCC1
XVT2A
XVM1AZVM1E FT811
XVM2AZVM2E FT812XVDM2
XVDC2
XVT2C
ZVS1E ZVS1A XVH1B
A01
XVDM1
XVDC1
XVT2BT2T2
XVH5B
CVH0J XVH0A
XVH1C CVA1J
XVH5A
XVH3A
XVH1AHP
MANIFOLD
XVT2EZVA1A
S01
X01XVG1E CVG1J
T1T1XVT1EZVX1A
T2T2
BLEND
ACC TANK
TRANSFER
Figure 7.2-30: LP Routing Delivery Manifold Layout (Example)
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 310 of 363
Page 310 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
7.2.12.7 LP Routing – PRDx Delivery Route Tables
DELIVERY MAN_1 Common
ROUTING VALVES Strainer Meter 1 Meter 2 Rack 1 Rack 2 Blend
XV CV XV XV XV XV XV XV XV ZV XV A CV ZV ZV XV ZV XV ZV XV XV XV XV XV XV XV XV XV XV Flow
H0A H0J H1A H1B H3A H3B H5A H5B T1E A1A H1C 01 A1J S1A S1E M1A M1E M2A M2E DC1 DM1 T2B DC2 DM2 T2C CC1 CM1 T2A G1E Path
Line to CC1 x x x x x x x x x x
x x x x x x x x x x
Line to CM1 x x x x x x x x x x
x x x x x x x x x x
Line to Tank T2 x x x x x x x x x x
x x x x x x x x x x
Tank T2 to CC1 x x x x x x x x x x
x x x x x x x x x x
Tank T2 to CM1 x x x x x x x x x x
x x x x x x x x x x
Tank T2 to T2 x x x x x x x x x x
x x x x x x x x x x
DELIVERY MAN_1 Common
ROUTE AVAILABILITY Strainer Meter 1 Meter 2 Rack 1 Rack 2 Consignee Valves Blend
XV CV XV XV XV XV XV XV XV ZV XV A CV ZV ZV XV ZV XV ZV XV XV XV XV XV XV XV XV XV XV Flow Tank
H0A H0J H1A H1B H3A H3B H5A H5B T1E A1A H1C 01 A1J S1A S1E M1A M1E M2A M2E DC1 DM1 T2B DC2 DM2 T2C CC1 CM1 T2A G1E Path Level
Line to CC1 a a a a a/c a/c a/c a/c a/c o/w b o/w b a o/w b a/c a a/c a/c a/c a a/c Yes
a a a a a/c a/c a/c a/c a/c o/w b o/w b a/c a o/w b a/c a a/c a/c a a/c Yes
Line to CM1 a a a a a/c a/c a/c a/c a/c o/w b o/w b a o/w b a/c a/c a a/c a/c a a/c Yes
a a a a a/c a/c a/c a/c a/c o/w b o/w b a/c a o/w b a/c a/c a a/c a a/c Yes
Line to Tank T2 a a a a a/c a/c a/c a/c a/c o/w b o/w b a o/w b a/c a/c a/c a a/c a a/c Yes Not AH
a a a a a/c a/c a/c a/c a/c o/w b o/w b a/c a o/w b a/c a/c a/c a a a/c Yes Not AH
Tank T2 to CC1 c c c c c c a o/w b a a a o/w b o/w b a o/w b a/c a a/c a/c a/c a a/c Yes
c c c c c c a o/w b a a a o/w b o/w b a/c a o/w b a/c a a/c a/c a a/c Yes
Tank T2 to CM1 c c c c c c a o/w b a a a o/w b o/w b a o/w b a/c a/c a a/c a/c a a/c Yes
c c c c c c a o/w b a a a o/w b o/w b a/c a o/w b a/c a/c a a/c a a/c Yes
Tank T2 to T2 c c c c c c a o/w b a a a o/w b o/w b a o/w b a/c a/c a/c a a/c a a/c Yes Not AH
c c c c c c a o/w b a a a o/w b o/w b a/c a o/w b a/c a/c a/c a a a/c Yes Not AH
DELIVERY MAN_1 Common Destination
OPEN ROUTE INDICATION Strainer Meter 1 Meter 2 Rack 1 Rack 2 Consignee Valves Blend
XV CV XV XV XV XV XV XV XV ZV XV A CV ZV ZV XV ZV XV ZV XV XV XV XV XV XV XV XV XV XV Flow
H0A H0J H1A H1B H3A H3B H5A H5B T1E A1A H1C 01 A1J S1A S1E M1A M1E M2A M2E DC1 DM1 T2B DC2 DM2 T2C CC1 CM1 T2A G1E Path
Line to CC1 o/w b o/w b o/w b c o/w b o/w b c c c c Yes
o/w b o/w b o/w b c o/w b c o/w b c c c Yes
Line to CM1 o/w b o/w b o/w b c o/w b o/w b c c c c Yes
o/w b o/w b o/w b c o/w b c o/w b c c c Yes
Line to Tank T2 o/w b o/w b o/w b c o/w b o/w b c c c c Yes
o/w b o/w b o/w b c o/w b c o/w b c c c Yes
Tank T2 to CC1 o/w b o/w b c o/w b o/w b c o/w b o/w b c c c c c Yes
o/w b o/w b c o/w b o/w b c o/w b c o/w b c c c c Yes
Tank T2 to CM1 o/w b o/w b c o/w b o/w b c o/w b o/w b c c c c c Yes
o/w b o/w b c o/w b o/w b c o/w b c o/w b c c c c Yes
Tank T2 to T2 o/w b o/w b c o/w b o/w b c o/w b o/w b c c c c c Yes
o/w b o/w b c o/w b o/w b c o/w b c o/w b c c c c Yes
DELIVERY MAN_1 Common Destination
ONLINE INDICATION Strainer Meter 1 Meter 2 Rack 1 Rack 2 Consignee Valves Blend
XV CV XV XV XV XV XV XV XV ZV XV A CV ZV ZV XV ZV XV ZV XV XV XV XV XV XV XV XV XV XV Flow
H0A H0J H1A H1B H3A H3B H5A H5B T1E A1A H1C 01 A1J S1A S1E M1A M1E M2A M2E DC1 DM1 T2B DC2 DM2 T2C CC1 CM1 T2A G1E Path
Line to CC1 o/w b o/w b o/w b c/w b o/w b o/w b o/w b o/w b o/w b o/w b Yes
o/w b o/w b o/w b c/w b o/w b o/w b o/w b o/w b o/w b o/w b Yes
Line to CM1 o/w b o/w b o/w b c/w b o/w b o/w b o/w b o/w b o/w b o/w b Yes
o/w b o/w b o/w b c/w b o/w b o/w b o/w b o/w b o/w b o/w b Yes
Line to Tank T2 o/w b o/w b o/w b c/w b o/w b o/w b o/w b o/w b o/w b o/w b Yes
o/w b o/w b o/w b c/w b o/w b o/w b o/w b o/w b o/w b o/w b Yes
Tank T2 to CC1 c/w b o/w b o/w b o/w b r o/w b o/w b o/w b o/w b o/w b o/w b Yes
c/w b o/w b o/w b o/w b r o/w b o/w b o/w b o/w b o/w b o/w b Yes
Tank T2 to CM1 c/w b o/w b o/w b o/w b r o/w b o/w b o/w b o/w b o/w b o/w b Yes
c/w b o/w b o/w b o/w b r o/w b o/w b o/w b o/w b o/w b o/w b Yes
Tank T2 to T2 c/w b o/w b o/w b o/w b r o/w b o/w b o/w b o/w b o/w b o/w b Yes
c/w b o/w b o/w b o/w b r o/w b o/w b o/w b o/w b o/w b o/w b Yes
Route
Prover
Route
Prover
Route
Route
Source
Source
TanksSource
Prover
Prover
Destination
Consignee Valves
Destination
Source
Table 7.2-2: LP Routing - PRDx Delivery Route Tables
Legend:
a = available a/c = available or closed o = open c = closed
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 311 of 363
Page 311 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
c/wb = closed or wirebreak o/wb = open or wirebreak h = high l = low (* denotes an OR condition)
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 312 of 363
Page 312 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
7.2.12.8 LP Routing – PRDx Open Route Sequence (Delivery Manifold)
START
XVH1B Closed AND
XVH3B Closed AND
XVH5B Closed
Close XVH0A
1 -s
H1A/B Closed OR N/A AND
H3A/B Closed OR N/A AND
H5A/B Closed OR N/A AND
G1E Closed OR N/A
Close XVH1A/B
INT Close XVH3A/B
INT Close XVH5A/B
INT Close XVG1E
H0A Closed OR N/A
2 -s
Close H0A
Close Source valves,
Set other product
header valves to Auto
and Closed
XVH1B Not Closed OR
XVH3B Not Closed OR
XVH5B Not Closed
Close XVM1A
Close XVDM1
Close XVT2B
Close XVCC1
Close XVCC1A
4 -s
END
XVH1B Closed
M2E, DM2, DC2, T2C, CC!, CM1,
T2A Closed OR N/A AND
CC1A/B, CM1A/B, T2AA/B Closed
All faults during the process
result in the sequence
continuing, complete with all
associated alarming and event
logging.
Close XVM2A
Close XVDM2
Close XVDC2
Close XVT2C
Close XVCC1
Close XVCC1A/B
Close XVCM1
Close XVCM1A/B
Close XVT2A
Close XVT2AA/B
3 -s
Close valves
associated with second
meter run (dual meter
manifolds) and all
consignor valves
M1A, DM1, T2B, CC1 Closed OR N/A
AND
CC1A Closed
XVH1B Not Closed
Close selected product
meter outlet,
distribution and
consignor valves
Open XVDC1
Open XVCC1A
Open XVH0A
5 -s
DC!, H0A Open OR NA AND
CC1A Open
Open selected product
consignor, common
header valves
Figure 7.2-31: LP Routing – PRDx Open Route Sequence (Delivery)
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 313 of 363
Page 313 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
7.2.12.9 LP Routing – PRDx Start Delivery Sequence (Delivery Manifold)
START
Close XVM2A
Close XVDM1
Close XVT2B
Close XVDM2
Close XVDC2
Close XVT2C
Close XVCC1B
Close XVCM1
Close XVCM1A/B
Close XVT2A
Close XVT2AA/B
INT Close XVH3A
INT Close XVH3B
INT Close XVH5A
INT Close XVH5B
4 -s
M2A, DM1, T2B, DM2, DC2,
T2C, CM1, T2A, H3A, H3B,
H5A, H5B Closed OR Not Avail
AND
CC1B, CM1A/B, T2AA/B Closed
END
Open XVH1B
2 -s
H0A, H1A Open
All faults during the process
result in the sequence
continuing, complete with all
associated alarming and event
logging.
Open XVH0A
Open XVH1A
H1B Open
M1A AND
H1A Closed
True
Open XVM1A
Close XVH1A
1
All faults during the process
result in the sequence aborting,
complete with all associated
alarming and event logging.
3 -s
-s
Open selected product
Meter Inlet valve and
close product header
ball valve
Open Product Header
EPV valve
Open Product Header
ball valve and
Common Header valve
(H0A Set to Auto and
Open)
Close Previous
Route valves,
including cross
product header
valves
Figure 7.2-32: LP Routing – PRDx Start Delivery Sequence
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 314 of 363
Page 314 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
7.2.12.10 LP Routing – PRDx Stop Delivery Sequence (Delivery Manifold)
START
Close XVM1A
Close XVM2A
Close XVDC1
Close XVDM1
Close XVT2B
Close XVDC2
Close XVDM2
Close XVT2C
Close XVCM1
Close XVCC1
Close XVT2A
Close XVG1E
Close XVCC1A/B
Close XVCM1A/B
Close XVT2AA/B
4 -s
M1A, M2A, DC1, DM1, T2B, DC2,
DM2, T2C, CM1, CC1, T2A, G1E
Closed OR Not Avail AND
CC1A/B, CM1A/B, T2AA/B Closed
END
Close CVH0J
1 20s
H0A Closed or Not Avail
All faults during the process
result in the sequence
continuing, complete with all
associated alarming and event
logging.
XVH3A Closed AND
XVH5A Closed
Close XVH0A
Minimum Step Time
exceeded
2 -s
Close XVH1A
Close XVH1B
3 -s
XVH3A Not Closed OR
XVH5A Not Closed
H1A, H1B Closed or Not
Avail
Close Common
Header valve (Set to
Auto and Open)
Close same
product Dual Meter
Manifold valves
Close CVH0J (Set to
Auto and Open)
Close selected Product
Header valve
Figure 7.2-33: LP Routing – PRDx Stop Delivery Sequence
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 315 of 363
Page 315 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
7.2.13 Prover Device Group
7.2.13.1 Prover Availability Table
XV
Y1A
XV
Y1E
XV
Y1K
XV
Y1V
XV
Y2V
XV
F1A
XV
F1B
LSH
861
LSL
862
LSH
863
LSL
864
Content XV
F1R
X01 XV
F1E
LT
861
Prover Online a a a c c c c PRDx
Prover Offline a a a
PRDx Fill c c a a a a l* l* PRDx/Empty a a a Not empty
PRDx Drain c c a a a a h* h* PRDx a a a Not full
Y01
PRDx
Manifold Prover Transfer
Full
Table 7.2-3: Prover Y01 Availability
Legend:
a = available a/c = available or closed o = open c = closed c/wb = closed or wirebreak o/wb = open or wirebreak h = high l = low (* denotes an OR condition)
7.2.13.2 Prover Online Sequence
START
Open XV Y1A
Open XV Y1E
1 - s
XV Y1A Open AND
XV Y1E Open
XV Y1K Closed
END
Open Y1A, Y1E
Close XV Y1K
2 - s
Close Y1K
ULSD 1 Offline =
Abort, Idle or Complete
All faults during the process
result in the sequence aborting,
complete with all associated
alarming and event logging.
Figure 7.2-34: Prover Y01 Online Sequence
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 316 of 363
Page 316 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
7.2.13.3 Prover Offline Sequence
START
Open XV Y1K
1 - s
XV Y1K Open
XV Y1A closed AND
XV Y1E closed
END
Open Y1K
Close Y1A, Y1EClose XV Y1A
Close XV Y1E
2 - s
ULSD 1 Online =
Abort, Idle or Complete
All faults during the process
result in the sequence aborting,
complete with all associated
alarming and event logging.
Figure 7.2-35: Prover Y01 Offline Sequence
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 317 of 363
Page 317 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
7.2.13.4 Prover Fill Sequence
START
Open XV Y1V
Open XV Y2V
Open XV F1A
Open XV F1B
Open XV F1E
Reverse XV F1R
1 -s
Open Y1V, Y2V, F1A, F1B,
F1E
Close F1RXV Y1V open AND
XV Y2V open AND
XV F1A open AND
XV F1B open AND
XV F1E open AND
XV F1R reverse
Start X02
2 -s
Start transfer pump
X02 running
3 -s
LT861 low trip OR
FS861 not active
Wait till tank empty or pump
no flow
Close XV F1A
Close XV F1B
5 -s
Close F1A, F1B
XV F1A closed OR not Avail AND
XV F1B closed OR not Avail
Stop X02
Close XV F1E
Close XV F2E
Forward XV F1R
6 -s
Stop X02
Close F1E, F2E
Open F1R
X02 stopped OR not Avail AND
XV F1E Closed OR not Avail AND
XV F2E Closed OR not Avail AND
XV F1R forward OR not Avail
END
Close XV Y1V
Close XV Y2V
4 -s
XV Y1V closed OR not Avail AND
XV Y2V closed OR not Avail
Close Y1V, Y2V
Opening
Closing
Drain = Abort, Idle or
Complete
Drain = Abort, Idle or
Complete
All faults during the process
result in the sequence
continuing, complete with all
associated alarming and event
logging.
All faults during the process
result in the sequence aborting,
complete with all associated
alarming and event logging.
Figure 7.2-36: Prover Y01 Fill Sequence
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 318 of 363
Page 318 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
7.2.13.5 Prover Drain Sequence
Figure 7.2-37: Prover Y01 Drain Sequence
START
Open XV Y1V
Open XV Y2V
Open XV F1A
Open XV F1B
Open XV F1E
Forward XV F1R
2 -s
Open Y1V, Y2V, F1A, F1B,
F1E, F1R
XV Y1V open AND
XV Y2V open AND
XV F1A open AND
XV F1B open AND
XV F1E open AND
XV F1R forward
Start X02
3 -s
Start X02
X02 running
4 -s Wait till all prover switches
indicate empty or pump no
flow
6 -s
Wait 20 sec before checking
levels again
LSH861 not low OR
LSL862 not low OR
LSH863 not low OR
LSL864 not low
LSH861 low AND
LSL862 low AND
LSH863 low AND
LSL864 low
Opening
Fill = Abort, Idle or
Complete
Fill = Abort, Idle or
Complete
20s
All faults during the process
result in the sequence aborting,
complete with all associated
alarming and event logging.
LSH861 low AND
LSL862 low AND
LSH863 low AND
LSL864 low
FS861 not active
Count FS Trips
5 -s
Count FS Trips
Not More then 3 Trips More then 3 Trips
ABORT
Close XV F1A
Close XV F1B
7 -s
Close F1A, F1B
XV F1A closed OR not Avail AND
XV F1B closed OR not Avail
Stop X02
Close XV Y1V
Close XV Y2V
Close XV F1E
Reverse XV F1R
8 -s
Stop X02
Close Y1V, Y2V, F1E, F1R
X02 stopped OR not AvailXV Y1V closed OR not Avail AND
XV Y2V closed OR not Avail AND
XV F1E closed OR not Avail AND
XV F1R reverse OR not Avail
END
Closing
All faults during the process
result in the sequence
continuing, complete with all
associated alarming and event
logging.
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 319 of 363
Page 319 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
7.2.14 Intermix Blend Device Group
7.2.14.1 Intermix Blend Online Sequence
START
Source 8508
(Tank T05)
Close XVT4E
Open XVT5E
Close XVT6E
Close XVT7E
2 -s
T5E Open AND
T4E, T6E, T7E Closed
Open XVG1R
Open XVT4A/T4B
Close XVG1E
Close XVG3E
Close XVG5E
Close XVT6B
Close XVT7B
Close XVX1E
5 -s
G1R, T4A, T4B Open
AND G1E, G3E, G5E,
T6B, T7B, X1E Closed
Start X05
Interlock Open
CVG0J
6 -s
Interlock Closed
CVG0J
8 -s
Recirc Volume Reached
Close XVG1R
Close XVT4A/T4B
-s
END
Recirc Volume
Reached
7 -s
X05 Running AND CVG0J Open
All faults during the process
result in the sequence
continuing, complete with all
associated alarming and event
logging.
All faults during the process
result in the sequence aborting,
complete with all associated
alarming and event logging.
Source 8408
(Tank T04)
Open XVT4E
Close XVT5E
Close XVT6E
Close XVT7E
T4E Open AND
T5E, T6E, T7E Closed
Source 8608
(Tank T06)
Close XVT4E
Close XVT5E
Open XVT6E
Close XVT7E
T6E Open AND
T4E, T5E, T7E Closed
Source 8708
(Tank T07)
Close XVT4E
Close XVT5E
Close XVT6E
Open XVT7E
T7E Open AND
T4E, T5E, T6E Closed
1 -s 3 -s 4 -s
CVG0J Closed
Destination 32
(MAN2)
Open XVG3E
-s
G3E Open
Destination 31
(MAN1)
Open XVG1E
G1E Open
Destination 33
(MAN3)
Open XVG5E
G5E Open
-s -s
G1R, T4A, T4B Closed
Remove CVG0J
Interlock
-s
CVG0J Interlock
removed
Recirc
Open Blend
From Tank
Open Route to
Recirc Tank
(T0$)
Start Blend
Pump, Open
Blend Control
valve (Set to
Auto and Open)
Recirc Volume
Reached?
Close Blend
Control valve
(Set to Auto and
Close)
Open Blend Inlet
valve
Close Recirc
valves
Set Blend
Control valve to
control
9 10 11
12
13
Figure 7.2-38: Intermix Blend Online Sequence (WAO)
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 320 of 363
Page 320 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
7.2.14.2 Intermix Blend Offline Sequence
START
True
Stop X05
1 -s
X05 Stopped or Not
Avail
Close XVG1E
Close XVG3E
Close XVG5E
2 -s
G1E, G3E, G5E Closed
or Not Avail
T4E, T5E, T6E, T7E, G1R
Closed or Not Avail
Close XVT4E
Close XVT5E
Close XVT6E
Close XVT7E
Close XVG1R
3 -s
END
All faults during the process
result in the sequence
continuing, complete with all
associated alarming and event
logging.
Stop Blend
Pump
Close all Blend
valves
Close Tank
Outlet valves
Figure 7.2-39: Intermix Blend Offline Sequence (WAO)
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 321 of 363
Page 321 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
7.2.15 Station Sequences
7.2.15.1 Station Line-Up Sequence
True
Start
Segmentation
Online Sequence
2 -s
Segmentation Open Sequence
Completed OR Aborted OR Idle
Start Segmentation
Online Sequence
Start HP Online
Sequence
3 -s
HP Online Sequence Completed
OR Aborted OR Idle
P0x Not Ready
OR Mixed MoC
Start Lube Oil
Online Sequence
4 -s
Lube Oil Online Sequence
Completed OR Aborted OR Idle
Start Lube Oil
Online Sequence
Start Main
Pumphouse
Ventilation Duty
Controller
5 -s
Main Pumphouse Ventilation Duty
Controller Running
Start Main Pumphouse
Ventilation Control
Note: Any failure shall
result in the sequence
continuing, complete with
all associated alarming and
event logging.
Start P0x
Line-up
Sequences
Start P0x Line-up
Sequences
1 60s
P0x Line-up Sequence
Completed OR Aborted OR Idle
P0x Ready AND
Not Mixed MoC
Start HP Online
Sequence
END
START
Figure 7.2-40: Station Line-Up Sequence (TNI)
7.2.15.2 Station Online Sequence
Note: Step 1 does not apply
to TNI, only MBT and HTP
START
END
Open Mainline Pumps
Bypass ValveOpen XV N1K
1 -s
True
XV N1K Opened
Start Station Duty ControllerStart Station Duty
Controller
2 10s
Station Duty Controller
ActiveNote: Any failure shall
result in the sequence
aborting, complete with all
associated alarming and
event logging.
Figure 7.2-41: Station Online Sequence (TNI)
7.2.15.3 Station Offline Sequence
START
END
Start Segmentation Offline Sequence
Start
Segmentation
Offline Sequence
1 -s
True
Segmentation Close
Sequence Completed OR
Aborted OR Idle
Note: Any failure shall
result in the sequence
continuing, complete with
all associated alarming and
event logging.
Figure 7.2-42: Station Offline Sequence (TNI)
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 322 of 363
Page 322 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
7.2.15.4 Station Isolation Sequence
Start HP Offline
Sequence
START
END
Open Pump BreakersOpen Pump
Breakers
2 -s
1 -s
HP Offline Sequence
Completed OR Aborted OR
Idle
Start Lube Oil
Offline Sequence
4 3s
Timer expired
Lube Oil Offline Sequence
Completed OR Aborted OR
Idle
Stop Main
Pumphouse
Ventilation Control
5 -s
Ventilation Duty Controller
Stopped
Start HP Offline Sequence
Start Lube Oil Offline
Sequence
Stop Main Pumphouse
Ventilation Duty ControllerWaiting Time
3 30s
Wait for Lube Oil
Stopping Timer
True
Pump Breakers Open
OR Fault
Note: Any failure shall
result in the sequence
continuing, complete with
all associated alarming and
event logging.
Figure 7.2-43: Station Isolation Sequence (TNI)
[Type here]
Page 323 of 326 Originator: Vasu Govender Original date: 20/03/2016 Always refer to the electronic copy for the latest version.
7.2.15.5 Station Flush Sequence
START
END
1
Launcher Flush Sequence
Completed OR Aborted OR IdleStrainer Flushed or Not Ready
True
Note: Any failure shall
result in the sequence
continuing, although the
individual flush sequence
aborts, complete with all
associated alarming and
event logging.
Receiver Flush Sequence
Completed OR Aborted OR Idle
Start Receiver
Flush SequenceFlush Receiver
5 -s
Receiver Ready AND
Not Mixed MoC
Receiver Not Ready
OR Mixed MoC
Start Launcher
Flush SequenceFlush Launcher
Launcher Ready AND
Not Mixed MoC
Launcher Not Ready
OR Mixed MoC
6 -s
Start Strainer
Flush Sequence
Enable Strainer
Software
7 -s
Pump Flush Sequence
Completed OR Aborted OR Idle
Start Pump Flush
SequenceFlush Pumps
At Least One Pump
Flush Available and
Not Mixed MoC
No Pump Flush
Available OR Mixed
MoC
8 -s
Strainer Not ReadyStrainer Ready
Figure 7.2-44: Station Flush Sequence (TNI)
[Type here]
Page 324 of 326 Originator: Vasu Govender Original date: 20/03/2016 Always refer to the electronic copy for the latest version.
7.2.15.6 MV Mainline Pump P01-P03 Flush Sequence
END
Flow > 9000 l/m Flow =< 9000 l/m
START
True
Flow =< 12000 l/m
P02 and P03 not online P02 and P03 online
P01 online
P02 Ready and Not Mixed MoC
P03 Ready and Not Mixed MoC
P02 and P03Not Ready or Mixed MoC
Flush P02
1Start P02
flushing
sequence
- s
Flush P03
2Start P03
flushing
sequence
- s
P02 flush complete or aborted or idle
P03 flush completeor aborted or idle
P01 and P03 not online P01 or P03 online
P02 online
P01 Ready and Not Mixed MoC
P03 Ready and Not Mixed MoC
P01 and P03Not Ready or Mixed MoC
Flush P01
3Start P01
flushing
sequence
- s
Flush P03
4Start P03
flushing
sequence
- s
P01 flush complete or aborted or idle
P03 flush completeor aborted or idle
P01 and P02 not online P01 or P02 online
P03 online
P01 Ready and Not Mixed MoC
P02 Ready and Not Mixed MoC
P01 and P02Not Ready or Mixed MoC
Flush P01
5Start P01
flushing
sequence
- s
Flush P02
6Start P02
flushing
sequence
- s
P01 flush completeor aborted or idle
P02 flush completeor aborted or idle
Flow > 12000 l/m
P01 online ORNot Ready or Mixed MoC
Flush P01
7Start P01
flushing
sequence
- s
P01 flush completeor aborted or idle
P01 not Online AND Ready AND not Mixed MoC
P02 online ORNot Ready or Mixed MoC
Flush P02
8Start P02
flushing
sequence
- s
P02 flush completeor aborted or idle
P02 not Online AND Ready AND not Mixed MoC
P03 online ORNot Ready or Mixed MoC
Flush P03
9Start P03
flushing
sequence
- s
P03 flush completeor aborted or idle
P0 not Online AND Ready AND not Mixed MoC
Figure 7.2-45: MV Mainline Pump P01-P03 Flush Sequence (TNI)
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 325 of 363
Page 325 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
7.3 Comment Resolution
Item Section Comment / Clarification
Response Date / Rev
Originated
Comment Source
Comment Status
Approval Status
TRANSNET PIPELINES
Document Name Document Number Revision Number Page
Process Control System Automation Standard PL723 04 [DRAFT] 326 of 363
Page 326 of 326 Originator: TPL MC&I Dept. Original date: 01/04/2017
Copyright © Transnet Pipelines, All rights reserved, including rights to amendments
7.4 DOCUMENT CHANGE HISTORY:
The owner of this document is responsible for the revision and control of the document,
including updating of the table below, which contains the history of the document with
details of each revision.
Date Previous
Rev No.
New
Rev No.
Details of Revision
13/06/2016 00 00 New Template
This table summarises what has been changed in the document so that it is easy to keep track of the effected changes.