Alarm System

Booklet

Issued by: Mostafa Sharaf

Page 1 of 32
 INDEX

1. INTRODUCTION 3
1.1 GENERAL 3
1.2 ISA STANDARDS 3
1.3 EMERGENCY SHUT-DOWN SYSTEM 5
1.4 ESD LEVELS 5
1.5 EMERGENCY SITUATIONS 10
1.6 ALARM TYPES AND CLASSIFICATION 11
2. ALARM DEVICES 12
2.1 GENERAL 12
2.2 GAS DETECTOR 13
2.3 FLAME DETECTOR 19
2.4 OPTICAL DEVICES 21
2.5 ACOUSTIC DEVICES 22
3. ALARM CONTROL SYSTEM 24
3.1 GENERAL 24
3.2 CONTROL CARDS 26
3.3 ALARMS ARCHITECTURE AND REDUNDANCY 28
3.4 DIAGNOSTIC 30
3.5 POWER SUPPLY SYSTEMS 32

Page 2 of 32
1. INTRODUCTION

1.1 General

Alarm systems include:

 Safety Alarm System

 Process Alarm System

The Safety Alarm System provides all the necessary monitoring of process
plant and has been designed to guarantee the safety of the personnel that
work in the plant.

The Safety Alarm System deploys detector instruments both in buildings and
in the field.

The Process Alarm System provides all the necessary monitoring of

equipment and has been designed to guarantee the normal operation of the
equipment installed in the plant.

The Process Alarm System has many instruments to detect all variable
process values and mechanical deviations from established range (Pressure,
Temperature, Flow-rate, Level, Speed, Vibrations, etc.).

Automatic shut-down(s) invariably accompany high deviations from process

set-points.

For greater flexibility, shut-down push-buttons are available in the Control

Room and, sometimes, in the field

Upon activation of the emergency shut-down signal, whether by field process

instrument switches or manually activated by the Operator, the emergency
stop sequence is managed by the Emergency Shut-Down System.

1.2 ISA Standards

ISAS84.01 and IEC61508 standards on safety instrumented systems

incorporate a hazard risk analysis along with performance and testing
requirements for the safety system.

These performance requirements address redundancy and diagnostic features

and make the system more reliable.

Page 3 of 32
Safety systems using advanced architecture with redundancy and diagnostics
capabilities can reduce 'nuisance trips' as well as improve plant safety.

Also required are periodic testing programmes to detect latent system

problems and avoid system failure or 'nuisance trips' which could cause
process shut-downs or area evacuations.

ALARM definition by ISA Standard

“A device or function that signals the existence or an abnormal

condition by means of an audible or visible discrete change, or both, intended

to attract attention”.

It is not recommended that the term ALARM SWITCH or ALARM be used to

designate a device whose operation is to close or open a circuit that may or
may not be used for normal or abnormal inter-lock, start-up, shut-down,
actuation of a pilot light or an alarm device, or the like.

The first device is properly designated as a level switch, a follow switch, etc.
because “switching” is what the device does.

A device may be designated as an alarm only if the device itself contains the
alarm function.

ISA standard is suitable for use whenever any reference to an instrument or to

a control system function is required for the purposes of symbolisation and
identification.

Such references may be required for the following uses, as well as others:

 Design sketches
 Teaching examples
 Technical papers, literature, and discussions
 Instrumentation system diagrams, loop diagrams, logic diagrams
 Functional descriptions
 Flow diagrams: Process, mechanical, engineering, systems, piping process
and instrumentation
 Construction drawings

Page 4 of 32
  Specifications, purchase orders, and other lists
 Identification (tagging) of instruments and control functions
 Installation, operating and maintenance instructions, drawings, and records.

1.3 Emergency Shut-down System

In a dangerous situation, the ESD system shall initiate the required
combination of the following operations depending on ESD levels:

 Block-in the process

 Blow-down the process
 Shut-down machinery
 Shut-down all utilities with the exception of safety critical services
 Isolate sources of ignition (e.g. fired equipment, non-classified equipment,
etc.)

The ESD monitors receive inputs from the following initiators:

Manual initiators

Process trip monitors

Fire and gas detection

1.4 ESD Levels

According to the situation, different emergency shut-down levels are provided.

Total Plant Shut-down with Depressurisation.

Initiated manually, from control room or from a dedicated push-button if ESD

Level 1 condition arise.

ESD Level 1 Total process shut-down and depressurisation to safe

pressure level.

Some events may produce an ESD Level 1:

 Confirmed fire in an open hydrocarbon area

Page 5 of 32
 Confirmed flammable gas detection in an open area
 ESD system failure or malfunction.

Manual initiation of an ESD Level 1 will be actuated by an Emergency

Depressurisation push-button (EDP)

EDP push-buttons are located in control room and in dedicated sites

throughout the plants.

In a typical Oil and Gas Plant Compression Station the consequences of

activating EDP are as follows:

Shut-off feed gas to compressor suction.

Shut-off gas from compressor discharge.

Shut-off fuel gas to turbines and turbine fuel gas heater.

Depressurise compressor train by opening Blow-Down Valve (BDV) on the

last stage discharge.

ESD Level 2 Total process shut-down without depressurisation.

Initiated by signal related to undesirable process events, whenever the trip of

the related process necessitates shut-down of the total process.

The objective is to prevent cascading of process trips into other process

systems.

In addition to the above events ESD Level 2 will also be activated in the event
of:

 Low pressure in the instrument air system

 Electric power failure
 High High level (2 out of 3 voting system) in flare K.O. Drum

Page 6 of 32
 High High level (2 out of 3 voting system) in Slug-Catcher

ESD Level 2 may be initiated by ESD push-buttons located throughout the

plants.

ESD Level 3 Initiated by process trip signal whenever the trip of the
related process or process sub-system does not
necessitate shut-down of the total process.

For each process subsystem or unit a local and remote push button is
foreseen, for manual initiation of ESD Level 3 of process sub-system or unit.

Process initiated shut-downs are part of the plant protection measures to

safely shut-down the plant before the situation can escalate into a major
emergency.

Some ESD Level 3 are reported hereafter:

A Gas Compressor and related Gas Turbine trip can be activate by:

 High-High level in the compressor suction

 High-High level in the compressor discharge K.O. drum
 High-High temperature in gas exit from after-cooler
 High-High gas discharge pressure
 Low-Low suction pressure
 Low-Low pressure of the turbine fuel gas
 High-High temperature of the turbine fuel gas
 High-High pressure of the turbine fuel gas

The depressurised shut-down of the compressor may also opens Blow-Down

Valves on a compressor train discharge.

Compressor discharge High-High pressure (2 out of 3 voting system), trips the

compressor and closes the fuel gas SDVs to the turbine.

The Main Fuel Gas K.O. Drum High-High level closes the inlet and outlet shut-
down valves.

Page 7 of 32
The Fuel-Gas Heater Fuel Gas K.O. Drum High-High level, High-High
pressure and Low-Low pressure will close the inlet and outlet shut-down
valves.

The Gas Turbines Fuel Gas K.O. Drum High-High level and/or High-High
pressure will trip the turbine and the associated gas compressor.

ESD Level 4 This is the lowest level of shut-down. It involves shut-down

of an individual piece of equipment or a localised system,
which is immediately affected by an upset condition, but
not affecting other equipment.

A localised system may comprise of a number of related pieces of equipment

or a complete package.

Such a shut-down may be immediate or sequential depending upon the safe

shut-down requirements of the affected system.

This level of shut-down applies only at equipment, systems or packages

where a shut-down of the affected system does not necessitate the shut-down
of a further system or of a process train.

This may be because the particular system is buffered from the main process
stream by vessels or tanks of sufficient capacity to enable process to continue
for a period.

Alternatively, a stand-by piece of equipment system may be available. Where

this is the case, then the automatic switch-over to the stand-by equipment may
be initiated to enable process to continue uninterrupted.

Manual shut-down of individual pieces of equipment is normally only available

locally to the equipment (STOP push-button) or from the DCS Operator
Interface position.

In the event of package equipment supplied with its own control system, then
shut-down may be under direct package control.

Some Level 4 ESD are reported hereafter:

Page 8 of 32
CLOSED DRAIN VESSEL PUMPS xxx-A/B

The Pump “A” trip may be initiated by one of the following factors:

 High-High temperature for electric motor winding

 Low-Low level for seal leak
 Low-Low pressure for seal leak
 High-High vibration

AIR COMPRESSORS xxx-A/B/C

The Air Compressor “A” trip may be initiated by one of the following factors:

 High-High temperature for electric motor winding

 Low-Low lube oil level
 Low-Low lube oil pressure
 High-High bearings temperature
 High-High inter-stage temperature
 High-High vibration.

Page 9 of 32
 GAS COMPRESSORS xxx-A/B/C

The Gas Compressor “A” trip may be initiated by one of the following factors:

 Gas Compressor (and its auxiliaries) dedicated trips (pressures,

temperatures, speeds, vibrations, axial displacement, etc.)
 Gas Turbine (and its auxiliaries) dedicated trips (pressures, temperatures,
speeds, vibrations, axial displacement, etc.)
 Load Gear Box (and its auxiliaries) dedicated trips (temperatures,
vibrations, axial displacement, etc.)

1.5 Emergency situations

The main types of emergency situations managed by alarm system usually

are:

High rate of rise of temperature

If the temperature in a supervised room increases fast at an above average

rate (differential or rate of rise measuring) or if a maximum temperature is
exceeded (maximum or fixed temperature measuring).

Maximum temperature in supervised area

If the temperature in the supervised area reaches a definite maximum. The

measuring feelers consist of temperature NTC-resistance's located at the end
of the probe in the supervised area.

Manual break glass push-buttons

Any originating fire can be recognised earlier by the "human detector" than by
an automatic fire detector. To operate the manual break-glass units in case of
fire, the thin front glass must be broken and then the push-button inside the
housing must be pressed.

Flame detection

A fire or flame emits electro-magnetic waves in the ultra-violet, visible and

infra-red range. The flame detector will activate in case of flame detection.

Gas detection

Page 10 of 32
 If a specific gas concentration reaches a definite maximum value in the
supervised area.

Smoke detection

If smoke is detected in the supervised area.

1.6 Alarm types and classification

For each of the above alarm situations a clear identification of type and
location of alarm is necessary.

For this reason a mimic panel should be in the form of a chart or geographic
plan of the plant/building which details the zones, entrances, circulation routes
and escape routes

The Display Layout provides the quickest and most accurate method to
display the alarm location.

A procedure for the classification and management of each alarm type should
be present in the plant.

Page 11 of 32
2. ALARM DEVICES

2.1 General

The Alarm System is an essential service for the safety of the personnel in the
Plant.

The scope of an Alarm System is the detection of abnormal situations on the

Plant.

The instruments that are used by Alarm System for the safety of the personnel
/ plant are:

 Alarm call-point
 Alarm push-button
 Audible signal
 Deluge discharge
 Flammable gas detection
 Heat detector
 Hydrogen detection
 Path optical smoke detectors
 Smoke system detection
 Toxic gas detection
 Visible signal

The alarm system detection is obtained by means of specific detectors

localized throughout the plant.

Page 12 of 32
2.2 Gas detector
Combustible gas detector

Areas identified as potential locations for releases of flammable fluids must be

monitored by fixed gas detectors, if the release could pose a hazard to
persons or property.

Each building that houses a flammable fluid or is connected to a source of

flammable fluid by piping must be monitored by fixed gas detectors that have
a visible or audible alarm outside the building.

The combustible gas detector (figure 2.1) is a transducer for measuring the
concentration of hydrocarbons in the atmosphere by absorbing infrared
radiation.

Most combustible gases absorb infrared light energy at defined wave-lengths,

providing an absorption signature for that gas.

The principle of infra-red detectors is based upon the absorption of the infra-
red light at a specific wavelength as it passes through the gas.

The more of the absorbing gas that is present, the more light is absorbed.

The detector measures the energy from an infra-red light beam at a wave-
length that is absorbed by the gas and compares it to the energy emitted by
the source.

The difference in energy received by the detector indicates the level of gas in
the atmosphere.

Page 13 of 32
Figure 2.1 - Example of combustible gas detector with direct display

(The figure shows an assembled instrument)

Hydrogen detector

The sensor (figure 2.2) operates on the principal of catalytic combustion, using
a matched pair of elements, one element being highly sensitive to flammable
gas, and the other one non-sensitive.

In the presence of flammable gas, combustion takes place at the sensitive

element which raises its temperature and its electrical resistance.

This imbalance produces a signal that is proportional to the gas concentration.

The non-sensitive element compensates for changes in ambient conditions.

Page 14 of 32
The amplifier amplifies the signal from the sensor and converts it to a 4-20mA
analogue signal for transmission to the monitor/controller.

Figure 2.2 - Example of Hydrogen detector

Page 15 of 32
H2S Detectors

The most proven instruments designed to provide reliable detection of

Hydrogen Sulphide gas are based on two different technologies:

 Solid State Sensor

 Electro-chemical Sensor

Solid State Sensor

The solid state Hydrogen Sulphide (H2S) specific sensor (figure 2.3) is a
continuous diffusion adsorption type.

The conductivity of a semi-conductor material is changed in the presence of

Hydrogen Sulphide gas. This conductivity change alters the signal current to
the controller, which is proportional to the concentration of H2S gas present.

Electro-chemical Sensor

An electro-chemical sensor works by oxidizing or reducing reactive gases that

diffuse through a hydrophobic membrane and come into contact with an
electrode embedded in a special electrolyte.

Ions and electrons are produced, the latter forming a current in a circuit
connected to the sensor's electrodes.

A third electrode keeps the voltage constant, so the signal is proportional to

the gas concentration.

The sample diffuses into a micro fuel cell, where it chemically reacts to
produce an electrical current. The micro fuel cell is designed so that the
current produced is proportional to the concentration of hydrogen sulphide
present. The output signal is linear.

The figure 2.4 shows a portable H2S detector.

The figure 2.5 shows Electro-chemical H2S Sensor Measuring Principle.

The figure 2.6 shows Catalytic Sensor Measuring Principle.

Page 16 of 32
 Figure 2.3 - Example of H2S detector

Figure 2.4 - Example of portable H2S detector

Page 17 of 32
Figure 2.5 - Electro-chemical H2S Sensor Measuring Principle

Figure 2.6 - Catalytic Sensor Measuring Principle

Page 18 of 32
2.3 Flame detector

Fire is a phenomenon of combustion. Combustion is the continuous chemical

reaction of a reducing agent (fuel) and an oxidizing agent (oxygen, etc.) with
the evolution of thermal energy (heat).

Fire is usually manifested in:

 heat (IR)
 smoke
 light (Visible)
 flame (UV)

Flame is the gaseous region of a fire where vigorous combustion chain

reactions take place.

These reactions emit radiation covering the:

 Infra- red (IR)

 Ultra-violet (UV)
 Visible Spectral Regions.

Flame Detection System normally employs a remote detector (figure 2.7),

which sense the presence of flame radiation (some manufacturer use two or
more channels system).

Should the radiation exceed preset levels, controller alarm circuits will be
activated. The detectors see flame radiation and are insensitive to sunlight
and ordinary room lighting.

Page 19 of 32
Figure 2.7 - Ultra-violet detector (Flame detector)

Figure 2.8 - UV/IR Detector (Flame detector)

Page 20 of 32
2.4 Optical devices

Optical devices are located near acoustic devices

The optical device (figures 2.9, 2.10) is designed visually signal "General
Alarm" and "Fire Alarm" in hazardous areas.

The optical devices, or beacon devices, must be explosion proof beacon &
alarm sounder combination units or dual Xenon beacons.

Figure 2.9 - Example of optical device

Page 21 of 32
 Figure 2.10 - Example of optical device

2.5 Acoustic devices

The siren (figure 2.11) is supplied for outdoor installation in a safe area and
mounted in an exposed position.

The siren is usually provided by an electric motor, with automatic wailing (up
and down sound).

The siren is an all-metal construction to protect it from environmental

conditions.

The sound output is clearly audible at ground level in still conditions for a
radius of 150 metres.

Page 22 of 32
Figure 2.11 - Motorized siren

Page 23 of 32
3. ALARM CONTROL SYSTEM

3.1 General

The alarm control system that protects and controls all the process plants and
personnel must be of the highest reliability and functionality. It must be able to
recognize alarm conditions and notify the control room (on DCS and/or via a
dedicated Alarm Panel).

Examples of process variable deviations from established range and related

alarms are:

 Low Pressure Alarm via Low Pressure Switch

 High Pressure Alarm via High Pressure Switch
 Low Level Alarm via Low Level Switch
 High Level Alarm via High Level Switch
 Low Flow-rate Alarm via Low Flow-rate Switch
 High Flow-rate Alarm via High Flow-rate Switch

Examples of mechanical deviations from established range are:

 High Vibrations Alarm via High Vibrations Switch

 High Speed Alarm via High Speed Switch
 High Axial Displacement Alarm via High Displacement Switch

Figure 3.1 shows an axial displacement detector installed on a centrifugal

compressor.

Page 24 of 32
 Figure 3.1 - Axial displacement detector

Dedicated Alarms and Automatic Shut-down(s) are accomplished when Very

High (High High) deviations are registered.

For greater flexibility, shut-down push-buttons are also available in Control

Room and out on the plants.

Upon activation of the emergency shut-down signal the emergency stop

sequence is managed by the ESD system whether the emergency stop was
manually activated from the control room or out on the plant.

If a variable deviation arise, an alarm-condition signal appears on a graphic

page of the DCS and on the alarm-list dedicated page. At the same time the
alarm condition is also memorised on the DCS system for future checks.

Page 25 of 32
 For important machines such as large centrifugal compressors, dedicated
Local Control Panel are installed. In this case alarm condition appears on the
local control panel and is reported to DCS.

If High High deviation of a variable arises and the Emergency Shut-Down

system is activated the cause of the shut-down is monitored and recorded as
FIRST-OUT.

3.2 Control cards

Control cards are connected with all detectors in the plant and with the control
room.

There are different types of electronic cards installed in the alarm control
system.

The principal types of control card are:

INPUT/OUTPUT control card

The control provides a certain amount of channels of configurable input or

output points that can be programmed for supervised or unsupervised
operations.

Each input point can accept fire detection devices such as heat, smoke, or
flame detectors.

Each output point can be configured for dry contacts, signalling or releasing
output operation.

Each channel on the module is provided with individual indicators for active
and fault conditions.

A block scheme of input/output control card is showed in figure 3.3.

Relay module

The control card is designed to provide a certain amount of relay output

channels for use with non-supervised devices (PLCs, fans, dampers, etc.).

Page 26 of 32
Digital communication card

The Digital Communication Unit (DCU) digitizes a 4 to 20ma analogue signal

from a sensor/transmitter and transmits the value as a process variable to the
controller.

Figure 3.2 - Example of Control Card

Page 27 of 32
 Figure 3.3 - Example and Scheme of Control Card

3.3 Alarms architecture and redundancy

First priority of a critical control system is safety, the system must maintain a
high system availability to avoid unnecessary shut-downs.

The architecture of the protective system should be designed to protect

against random hardware failure.

Defensive measures may include high reliability elements, automatic

diagnostic features to reveal faults, and redundancy of elements (e.g. 2oo3
voting for sensors) to provide fault tolerance.

For example the control card has three memories in work and one in “spare”:
the three memories check all I/O signal.

The signal that goes out of the control card must have 2 voting at least, and in
this case the third memory is changed with the fourth.

The system indicates that a memory is out of order via a LED (Light Emitting
Diode).

Page 28 of 32
Logic systems

Commonly, the logic systems for protective systems are electronic, but
programmable and other technology systems have been used.

The architecture of the logic system will be determined by the hardware fault
tolerance requirements, for example, dual redundant channels.

Where a high level of integrity for the system is required then diverse
hardware between channels may be employed.

Logic systems are likely to incorporate fault alarms and over-rides, for which
there should be suitable management control arrangements.

They may also provide monitoring of input and output signal lines for detection
of wiring (open circuit, short circuit) and sensors/actuators (stuck-at, out of
range).

Such monitoring may initiate an alarm, a trip action or, in a voting

arrangement, disable the faulty element.

Software based systems should be protected against systematic failures, for

example, by appropriate hardware and software safety life-cycles, suitable
techniques and quality systems.

Page 29 of 32
3.4 Diagnostic

The work of a control system can be represented (figure 3.4) with a diagram.

Figure 3.4 - Working flow of a control system

Page 30 of 32
Once the power to the control system is first initialised and if no errors are
detected then the monitoring process, program execution, calling the I/O lines
and serving the peripheral devices starts to occur in cycles.

In case of a problem the control system has additional functions that make
locating errors easier.

Errors can be divided into two categories according to severity:

1. Fatal errors are severe and they prevent the control system from operating
until the cause is located and solved.

2. Non-fatal errors are those that do not prevent control system from
operating. After detecting one or more non-fatal errors, programme execution
will continue. Nevertheless, it is necessary to correct these errors as soon as
possible.

Usually when a non-fatal error takes place, indicators POWER and RUN will
be on, and the indicator ERROR/ALARM will blink. Upon locating non-fatal
error, the manual for the given control should be consulted and the flags
checked in order to understand the cause of a problem and correct the error.

When any of the fatal errors take place, the control system stops operating
and all outputs are shut-down. Control system cannot be put back to work until
the controller is turned off and then turned back on, or until it is switched to
PROGRAMME mode via peripheral device and the fatal error corrected.

Usually, with these errors, indicators ERR/ALM are on, while the RUN
indicator remains off. It is necessary to check the error flag in the manual of
the given control system in order to locate the cause of the problem and to
correct the error.

Special diagnostic software programmes help to find the errors/problem.

Page 31 of 32
3.5 Power supply systems

Most controllers work either at 24v DC or 220v AC. On some controllers an

electrical supply is necessary as a separate module.

These are usually bigger controllers, while small and medium series already
contain the supply module. It is important to determine how much current the
modules use to ensure the electrical supply provides appropriate amount of
current.

Different types of modules use different amounts of electrical current.

A redundant power supply system is standard choice for critical control system
electrical supply. Usually a battery pack with an automatic switching is used.

Page 32 of 32