P&IDs and Process Control Narratives

How are process control ideas shared between different parties

within your organization especilly when all parties are not
control engineers?
IhaveanopenendedquestionaboutP&IDsandProcessControlNarratives
(PCNs).
OurorganizationhasbeenusingP&IDsforalongtime.(Wealsousedtouse
loopdiagramsuntilitdidn'tmakeasmuchsensetouseloopdiagramssince
withtheadventofDCSsystemsandPLCs,thefieldinstrumentationand
devicesgetconnectedtotheDCSorPLCandtheDCSorPLCbecomesalarge
"blackbox").TheP&IDconventionsadherefairlycloselytoISA5.1,insofaras
theyshowwhatisconnectedtowhat(andwhere)withinourprocesses.Yet,
whensomeoneislookingataP&IDdrawing,oneislefttoreallyguessasto
howthecontrolisactuallydoneinsidetheDCSorPLC.
WiththeadventofcomputersandPLCs,weusedProcessControlNarratives
(PCNs)todescribeinwrittenformwhatkindofcontrolistotakeplace.The
primaryauthorofthePCNwastobetheengineer,whoinourorganization
wouldusuallyleavetheprogramminguptosomeoneelse(suchasasystems
integratortheengineerverifiesduringcommissioning).ThePCNwastobe
the"blueprint"thattheprogrammerwastofollow.Unfortunately,thesePCNs
oftenenduponlytellingtheprogrammerhowaprocessistofunctionwhen
everythingisworkingwell.Anyofyouwhohavedoneprocessprogramming
knowthatwritingaprogramtodowhatyouwantwheneverythingis"normal"

isonlypartofwhatreallyneedstobedoneinaprogram.Goodprograms
protectpeople,processesandequipmentfromdisasterwhenthingsgowrong
withinasystem(faultysensororfielddevice,unforeseensequenceofevents,
lossofpower,returnfromlossofpower,etc).Itismuchhardertoconveyideas
withinaPCNorP&IDforhowasystemshouldoperatewhenthingsaren't
"normal".AlsowithPCNs,IamremindedofwhataHamlineUniversity
professorsaidonceinatechnicalwritingcoursehetaughtinourorganization
("Thereisnothingwrittenanywherebyanyonethatcan'tbemisinterpreted
somewherebysomeone."F.GarvinDavenport).
Whatmethodsandtoolshaveyouusedwithinyourorganizationtoconvey
ideasforhowaprocessistooperate(ingoodtimesandinbadtimes)?
Rememberthatyouraudiencemightbesomeonewhoisnottrainedincontrol
engineering,yethasaneedtoknow...orperhapshasagoodidea...about
howtheprocessshouldoperate(thispersoncouldbeanoperator,maintenance
personnel,orplantmanager).
WellthemodernapproachisthattakenbyVirginalGalacticandleaveitupto
theprogrammer....
Thisleavesquiteadisconnectbetweentheprocesshydrodynamicsandcanlead
toacostlymesswithequipmentfailures,multiweekshutdownsandimpacton
thebottomline.
Inmansafeapplicationstheprocesscontrollogicneedstobedocumentedin
detailandsubjecttoengineering,maintenance,operationalreviews...

Inthosecases,evenforasinglep&idyoucanhavea100Csizedsheetsof
controllogics.Youcanimaginethemanagementresponseofmostfirms...
Ofcoursethebeautyofleavingthecontroldescriptiontoaprocesscontrol
narrativeisthatyoupasstheliabilitytothenextguyandultimatelytothe
operating/maintenancestaff...thatpleasesmost

Ihaveusedthefollowingasasummaryoftheinformationrequiredinacontrol
systemnarrativeordescription.ThisisanextractfromsomenotesIprepareda
fewyearsago.
"THECONTROLLOOPDESCRIPTION
TheControlLoopDescriptionisabriefdocumentsummarisingthedetailsofa
controlormeasurementloop,andthecomponentsinit.Itprovidesameansof
recordingatthedesignstagethedecisionstaken,andthereasonsforthose
decisions,thatwillinfluencethefinalloop.WhiletheControlLoopDescription
isprimarilyofuseforcontrolloops,italsocanbeusedinasimplifiedformfor
measurementsystems.
Adjustmentandtuningofcontrolloopsduringcommissioningrequiresan
understandingofthepurposeoftheloop.Forinstance,alevelloopmaybe
installedprimarilytoprovideaconstantheadandmustthereforegiveaccurate
levelcontroloverarangeofflows,orusedtomaintainalevelwithinbroad
limitsforstoragepurposesinasituationwheresteadyflowsaretheprimary
requirement.Thetwoapplicationswillbesetupindifferentways.Loop

configurationalsowilldependonthelikelysourcesofdisturbance,andthe
magnitudeanddynamicsofdisturbances,sotheControlLoopDescription
shouldrecordthisinformationatthedesignstageforlaterreference.Italso
promptsthedesignertotakeoperationalandmaintenancerequirementsinto
account.Suggestedheadingsare:
FUNCTION
[Specifythevesselorflowstreammonitored,andstatewhytheloopis
installed.]
CONTROLLERMODESAVAILABLE
[StatewhethertheloopmustbemadeavailableforAuto,Cascade,Manual,etc.
operation]
CONTROLLERALGORITHM
[ForP+Itypesdetailsofsettings
Forcalculationsdetailsoftheequations
LOOPDESCRIPTION
[Identifytheprocessstreaminmoredetail,withanypeculiaritiesofmaterial
etc.Typeoftransmitter,andanyspecialsignalconditioningshouldbestated.
Whereacomplexcontrolalgorithmistobeimplemented,theFunctional
Specificationforthecontrolshouldalsobedefinedhere.Detailsoffinalcontrol
elementsandtheirbehaviour.]
ALARMFUNCTIONS
[Specifyalarmsettings,andgiveabriefjustificationforhavingthealarm.]

OPERATORINFORMATION
[Listallinformationpertinenttotheoperationoftheloop.Thisshouldinclude
detailsofliningoutproceduresforcontrolloops,andthesignificanceofand
recommendedoperatoractionsintheeventofanalarm.]
COMPONENTS
[Listeachcomponentused,itsfunction,andinputandoutputrangeswhere
appropriate.Thisprovidesausefulcheckthatallcomponentshavecompatible
ranges.]
MAINTENANCE
[Specifytheprecautionsneededtoallowmaintenanceonthelooptoinclude
isolationandotheractions.Thisshouldincludeanydesignfeaturesrequiredto
allowmaintenance.Specialconsiderationmustbegiventotheeffectsof
isolationonotherrelatedsystems.]
OTHERITEMS
[Specifyanyotherpointsthatcouldaffectloopoperatione.g.ramping.Also
identifyanysituationswherethenormalbehaviourofthisloopisinterrupted,or
affectedbyanotherloop.]"
YouarequiterightwhenyousaythataPCNorPCDmayendupsettingout
whatistheexpectedbehaviourwhenthingsaregoingtodesignwhena
controlsystembyitsnatureisonlyneededifthingsgooffspecorbehaviour
goesoutsidepermittedlimits.Ihavefoundthatagoodtoolforsortingthisout
(andforhighlightingtheissues)isaSequentialFunctionChartorFlowChart
constructedsothateverydecisionisanIFTHENELSEconstruct,ratherthan

WAITUNTILorWHILEforexample,ifastartingsequencecallsforfuelto
beinjectedwhenspeedreaches33%,thereneedstobeatimelimitsetsothat
thelogicreads
IF(speed>33%)&(time>45seconds)THEN(*addfuel)ELSETRIP.
Inotherwords,foreachstage,identifyreasonablylikelycausesoffailureand
makesureit'sdealtto.Bewarnedyouwillgetintoendlessargumentsabout
whatis"reasonablylikely"MrMurphyhasanendlesssupplyofwaystomake
thingsgowrong!

TheImplementationofSAMAdiagramshelpsonetoidentifythescenarioin
whichonetypeofcontrolisactivatedorstopped.
Itisnormallydevelopedasacommunicationmethodfornonprogrammers
(Flowchartlikesequencing).Butyesthereaderneedstohavesomeknowledge
ofthesystembeingdiscussed.
FailscenariosarediscussedisasectioncalledSIS'SafetyIntegratedSystems'
fortheplant.Thisdiscussesthe'FailSafe'controlforthePlant.(Meaningthe
statustheplantshouldbeifafailoccurs,withoutcatastrophiceffects).The
plantwillhaveInstrumentcontrolsdesignspecificationknownasSIL.The
greaterthenumberofSIL,moresaferthesystemwillbe.
ThesearethereportsnormallyaManagerofPlantslookupontounderstandthe
wholesystemwithouthavingtogotoomuchintoprogrammingdetails.
specification of instrumentation based on experience, vendor
recommendations, client preference, random number generators

etc.
- development of a "control narrative" which attempts to describe
the interaction of each instrument element with its environment,
related equipment, and the SCADA

"Element X will measure process variable Y over a range of 0 to

100. Should the value fall below 10, the following alarm conditions
occur. Should the value fall above 90, the following alarm conditions
occur. Over the remaining range, the VFD on pump A is spun
proportionally to the PV as measured at element X."

A few problems with this. Wordy, obviously. Does not lend itself to
large systems. Often ambiguous despite best intentions. Also, in
our firm we have a couple of refugees from Big Chemical (incl yours
truly), several veterans of engineering consulting, and a double
handful of junior folks that lack experience in-plant or at the desk to
be able to meaningfully tease out or interpret a narrative-style
control plan. Most of us think we know EXACTLY what is required,
and of course no two of us approach the problem in the same way.
A proper narrative will include equipment numbers and descriptions, detailed descriptions of the modes
and sequence of operation, how the system will respond to upsets, how the system will ensure
personnel, food, and environmental safety, and more. The exact details of what that more includes will
depend on the nature of your company. There is no fixed format.