the amount of rework by the electrical design team. However, a well-prepared sequential function chart or detailed process-logic flow chart may be substituted for a PCN.
Among other details, the process-functional description should note the following for the control system and its components:
• Manual starting and stopping;
• Local and remote control capabilities;
• Auto starting and stopping under normal conditions;
• Stopping under emergency conditions;
• Interlocks and permissives, if any; and
• System response to alarms and faults.
All starts and stops should be presented in order of occurrence. If permissives and interlocks are required for startup, they should be presented in the order in which they must be satisfied, along with associated monitoring, verifications, and timing constraints. The design team should be explicit, using tables as much as possible to simplify this description.
Regardless of detail, a process-functional description should not be substituted for a PCN, which the I&C designer should prepare as part of instrumentation specifications. When dealing with a large or complicated system, the designer should divide it into subsystems and produce a control strategy for each one. However, the overall flow of the main presentation should not be interrupted. Subsystem details should be presented after the main sequence is completed, and interlocks between subsystems should be noted or the presentation will be confusing and disjointed. As stated previously, the designer should consider more graphical methods (e.g., sequential flow charts) in instances of more complex logic to provide a more visual presentation of the sequences; this may make it easier for others to follow.
Process control narratives describe each control loop and its strategy. Each narrative must include
• Related equipment and instruments;
• Reference drawings;
• A process description;
• Local controls;
• Interlocks;
• Motor control center or variable-speed drive (VSD) functions;
• Programmable logic controller/DCS/RTU functions;
• Automatic and manual control functions, including control modes, proportional–integral–derivative algorithms, cascade controls, and so on (Metcalf and Eddy, 2003); and
• Discrete components.
The contractor or system integrator uses this information to program control sequences and loops so that the equipment will operate as designed.
Once PCNs are drafted, the I&C designer should submit them to the project coordination engineer for review and approval. At this stage, owner or end user review approval should be sought to ensure that their goals are being implemented. Each instrument and piece of equipment should be described in the PCN by its identification or tag number, if available at this point. The tag numbering system should be coordinated with P&IDs so that they can be referenced and verified. Use of tag numbers at this stage ensures that there is no ambiguity as to the exact equipment or instrument being referenced in the PCN.
When developing a control system for a shutoff valve, the I&C designer should be aware of the significance of its position (i.e., fully open, fully closed, or somewhere in between or “failure” position). The narrative should note whether the valve position must be confirmed directly or whether it can be inferred from a position switch. The importance of valve position depends on the treatment process. As an example, suppose that the control system is supposed to turn off a centrifugal pump and its discharge valve simultaneously, and the sequence is timed so that the pump motor will not shut off until the system has confirmed that the valve is closed. What happens if the valve fails to close? Does it matter how far open the valve is?
Designers should indicate in the PCN whether a valve modulates or simply opens and closes fully. All automatic valves include two-position limit switches (open and closed). Modulating valves come with a continuous valve-position transmitter that will signal the local control station (LCS), remote control panel, or operator workstation how far open the valve is (0 to 100%).
All motor-operated valve actuators include local and manual controls and, in some instances, handwheels or chain-operated wheels. If a valve is inaccessible from the ground or a platform, however, then a separate, accessible means of operating it must be provided (typically, a conveniently mounted LCS). This provision must be noted in the PCN because if affects both system wiring and equipment supplies.
The PCN should include a list of possible malfunctions and alarm conditions along with descriptions of responses to these events. This information should include where and how such problems will be indicated, which alarms will sound at what locations, and which control functions will be activated. Designers should also note how alarms will cascade from local to remote locations (e.g., when one alarm sounds at a local panel, if and when another will sound at the central remote-control panel or operator workstation.) The alarm description should specify whether specific alarms will sound at each location or whether the local alarm will be specific, while the remote alarm will be a common alarm for the panel or system. If common alarms are to be used at the central control site, the PCN should note whether the common alarm at the central control site will be reactivated if a second alarm sounds at the local control panel before the first one is cleared.
Designers should also note whether each alarm is a warning condition that resets itself upon removal of the condition or latching alarm (Table 3.3). A latching alarm requires an operator to reset the system after correcting the problem, even if the condition corrects itself. The latch can only be released when the alarm condition is no longer present and. the system is manually reset by the operator. This also applies to associated network devices such as Ethernet switches, media converters, and UPSs.
TABLE 3.3 A sample description of an alarm control strategy.
If the control system included human–machine interface color graphic screens on personal computer-based operator workstations, the alarms will be recorded (with a time stamp) in the computer’s hard drive. If the hard drive is full, then new alarms will overwrite old ones unless provisions are made to store alarm logs on removable media (e.g., compact discs, digital versatile discs, backup tape drives, flash drives, or other external hard drives). In addition, alarms for personal computer-based systems must be acknowledged at the operator workstation (an industrial-grade computer mounted on a control panel or a desktop personal computer in a control room, or a wireless workstation or smartphone device). Some systems may also include an alarm printer in the control room that prints out all alarms as they occur. Printouts include an alarm description, the time it happened, priority level (e.g., critical, warning, or equipment status) and whether and when the alarm was acknowledged by an operator. Similar information is also available at the alarm summary screen of the personal computer-based operator workstations. Alarms can also be stored in a dedicated Historian Server for long-term storage and retrieval (see the “Suggested Readings” section at end of this chapter for more information).
If a system must be inspected after a malfunction or alarm before it can be restarted, then the system will need a reset function to clear it after the problem is corrected. Designers have several reset options. For example, they can provide a reset button or combine a reset button with the control system’s stop button. The subsystem or equipment could be momentarily disengaged from the automatic control system and then reconnected. It is important to note, however, that a motor overload can only be reset at the motor control center [MCC] starter, typically via a reset pushbutton on the MCC starter compartment’s front door that pushes the spring-loaded overload relay contact block into position. This feature forces the facility to send qualified personnel such as electricians to properly diagnose the nature of the