Petroleum Development Oman L.L.C.

Corporate Philosophy for Control & Automation

Document ID SP-1243

Document Type Specification

Security Restricted

Discipline Control and Automation

Owner Control & Automation CFDH-UEI

Issue Date 27th January 2020

Revision 4

This document is the property of Petroleum Development Oman, LLC. Neither the whole nor any part of this
document may be disclosed to others or reproduced, stored in a retrieval system, or transmitted in any form by any
means (electronic, mechanical, reprographic recording or otherwise) without prior written consent of the owner.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

This page was intentionally left blank

Page 2 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMS Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

i Document Authorisation
Authorised For Issue – January, 2020

Document Authorisation

Document Authority Document Custodian Document Author

(CFDH-C&A)

Fahdi, Saud UEI Idris, Khalid UEI11 Idris, Khalid UEI11

Date : 03-02-2020 Date : 03-02-2020 12:00 Date : 27-01-2020
9:21 AM AM 2:01 PM

Page 3 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

ii Revision History
The following is a brief summary of the 4 most recent revisions to this document. Details of all revisions
prior to these are held on file by the issuing department.

Revision No. Date Author Scope / Remarks

4.0 Jan.-2020 Khalid Idris, UEI11 Complete revamp/update of the

specification.
3.0 Nov.-2016 Ajay Dofe, UEOA23 Third issue incorporating latest
development
2.0 June-2011 Salim Hinai, UES Second issue incorporating latest
development
1.0 May 2004 Saif Al-Barwani (UES) First issue for implementation

Page 4 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

TABLE OF CONTENTS
i Document Authorisation ............................................................................................................... 3
ii Revision History ........................................................................................................................... 4
1 Introduction .................................................................................................................................. 9
1.1 Objectives ........................................................................................................................ 9
1.2 Governing Principles ........................................................................................................ 9
1.3 Distribution, Intended use and Regulatory considerations ............................................ 10
1.4 Review and Improvement .............................................................................................. 10
2 Technical Integrity Assurance .................................................................................................... 11
2.1 Risk Management in Design .......................................................................................... 11
2.1.1 SIF Management .............................................................................................. 11
2.2 Technical Integrity in Design .......................................................................................... 11
2.2.1 Safety Critical Elements (SCEs) ....................................................................... 11
2.2.2 Compliance to Shell Design Engineering Manual1 (DEM-1)............................ 11
2.2.3 Compliance to Shell Design Engineering Manual2 (DEM-2)............................ 12
3 Control & Automation – General Requirements ........................................................................ 13
3.1 General .......................................................................................................................... 13
3.2 Design Class Selection for Control & Automation ......................................................... 13
3.3 Plant Process Control & Optimisation ............................................................................ 13
3.4 Automation Systems ...................................................................................................... 14
3.5 Instrumented Protection and Safeguarding ................................................................... 15
3.5.1 Safeguarding Requirements ............................................................................. 15
3.5.2 IPF/SIF Classification........................................................................................ 15
3.5.3 IPF Reset Philosophy ....................................................................................... 15
3.6 Alarm Rationalization and Management ........................................................................ 16
3.7 Field Instrumentation Selection...................................................................................... 16
3.8 Smart Plant Instrumentation (SPI) ................................................................................. 16
3.9 SAP-PM Projects Data Requirements ........................................................................... 17
3.10 Obsolescence Management .......................................................................................... 17
4 Production Automation Systems (PAS) Philosophy .................................................................. 18
4.1 General Overview .......................................................................................................... 18
4.2 Process Control Domain Architecture ............................................................................ 18
4.2.1 Office Domain (OD) .......................................................................................... 20
4.2.2 Process Control Access Domain (PCAD) ......................................................... 20
4.2.3 Process Control Domain (PCD) ........................................................................ 20
4.3 Reliability and Availability Requirements ....................................................................... 20
4.4 Control systems Requirements ..................................................................................... 21
4.4.1 Fieldbus Control System (FCS) ........................................................................ 21
4.4.2 Distributed Control System (DCS) .................................................................... 21

Page 5 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

4.5 Instrumented Protective System (IPS) - Requirements ................................................. 21

4.6 Fire, Gas & Smoke detection system (FGS) - Requirements ........................................ 22
4.6.1 Fire & Gas detection mapping study................................................................. 22
4.7 Communication between Electrical Intelligent Relays and BPCS ................................. 23
4.8 Wireless Instrumentation ............................................................................................... 24
5 Real-Time Operations ................................................................................................................ 25
5.1 Distributed Temperature Sensing (DTS) ....................................................................... 25
5.2 Gas Breakthrough Control ............................................................................................. 27
5.3 Project Scope for RTO ................................................................................................... 27
6 PCD Cyber Security Overall Baseline Controls ......................................................................... 28
6.1 Physical/Asset & Logical Access Management ............................................................. 28
6.1.1 Physical Assets/ Facilities Access Management .............................................. 28
6.1.2 Logical Access Management ............................................................................ 28
6.2 Inventory Management .................................................................................................. 28
6.3 Patch Management ........................................................................................................ 29
6.4 Anti-Virus Management ................................................................................................. 29
6.5 Removable Media Management .................................................................................... 29
6.6 Back-Up & Restore Management .................................................................................. 29
6.7 Change Management .................................................................................................... 29
6.8 Incident Management .................................................................................................... 30
6.9 Cyber Security Step-Out/Deviation Management .......................................................... 30
6.10 System Hardening.......................................................................................................... 30
6.11 Time Synchronization .................................................................................................... 30
6.12 Security Log Collection .................................................................................................. 31
6.13 Wireless Security ........................................................................................................... 31
7 Field Instrumentation - Requirements ........................................................................................ 32
7.1 General .......................................................................................................................... 32
7.2 IPF Valves ...................................................................................................................... 32
7.2.1 Partial Stroke Testing (PST) for IPF Valves ..................................................... 32
7.2.2 Tight Shutoff requirements for IPF (ESD & PSD) Valves ................................. 33
7.3 Applications of Triple Offset (TOV) butterfly IPF Valves................................................ 33
7.4 Motor Operated Valves (MOVs) for Safeguarding Applications .................................... 33
7.5 Fieldbus Instruments ...................................................................................................... 33
7.6 Hazardous Area Protection ............................................................................................ 34
7.7 Powering Medium .......................................................................................................... 34
7.8 Power Supply for Instruments ........................................................................................ 34
7.9 Instrument Tagging Philosophy ..................................................................................... 35
7.10 Instrument Cabling ......................................................................................................... 35
7.11 Instrument installation .................................................................................................... 35

Page 6 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

7.11.1 Sunshade for field Transmitters ........................................................................ 36

7.11.2 Off plot cabinets cable entry ............................................................................. 36
7.12 Earthing .......................................................................................................................... 36
7.13 Instrument Fittings.......................................................................................................... 36
7.14 Flare Flame scanners .................................................................................................... 36
8 Production Measurement (Metering) ......................................................................................... 37
8.1 General .......................................................................................................................... 37
8.2 Flow Measurement......................................................................................................... 38
8.2.1 General ............................................................................................................. 38
8.2.2 Fiscal Measurement (Class 1) .......................................................................... 38
8.2.3 Allocation Measurement (Class 2) .................................................................... 39
8.2.4 Reservoir and Facility Measurement (Class 3) ................................................. 40
8.2.5 Environmental Measurement (Class 4) ............................................................ 43
8.3 Quality measurement ..................................................................................................... 43
8.3.1 Water Cut Measurement ................................................................................... 43
8.3.2 Oil in Water Measurement ................................................................................ 45
8.3.3 Reid Vapour Pressure (RVP) Analyser............................................................. 45
8.3.4 Gas Chromatograph (GC)................................................................................. 45
8.3.5 Moisture analyzer .............................................................................................. 45
8.3.6 Sampling Methods ............................................................................................ 45
8.3.7 Sample Conditioning Systems .......................................................................... 45
8.3.8 Other Analysers ................................................................................................ 45
9 Maintenance ............................................................................................................................... 46
10 Engineering Principles ............................................................................................................... 48
10.1 Application of Standards ................................................................................................ 48
10.1.1 Setting and Applying Standards ....................................................................... 48
10.1.2 Approved Vendor for Materials & Equipment (AVME) ..................................... 48
10.1.3 Standards Challenge & Variance Control ......................................................... 48
10.2 Contracting and Procurement Strategy ......................................................................... 48
10.2.1 Main Instrument Vendor (MIV)/Main Automation Contractor (MAC) ................ 48
10.2.2 Valve Automation Centres (VAC) ..................................................................... 49
10.2.3 Integrated Wellhead Control System ................................................................ 49
10.2.4 Pricing Agreement and SAP Coded Equipment: .............................................. 49
10.3 Packaged Units .............................................................................................................. 50
10.3.1 General Considerations .................................................................................... 50
10.3.2 Package Units specific controls ........................................................................ 50
10.3.3 Machine Monitoring and Protection .................................................................. 50
10.4 Environmental Conditions .............................................................................................. 51
10.4.1 Control room ..................................................................................................... 51

Page 7 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

10.4.2 Field/ Outdoor ................................................................................................... 51

10.4.3 Outdoor system cabinets. ................................................................................. 51
10.5 Loading and Sparing Philosophy ................................................................................... 52
10.6 Critical Documentation ................................................................................................... 52
11 Future Developments ................................................................................................................. 53
11.1 General .......................................................................................................................... 53
11.2 Process Control Technology and Optimization ............................................................. 53
11.2.1 Advanced Process Control Techniques ........................................................... 53
11.3 Instrumented Protection and Safeguarding ................................................................... 53
11.3.1 Fully Automated IPF testing .............................................................................. 53
11.3.2 Reduction of failure rates of IPF elements ....................................................... 53
11.4 Field Instrumentation ..................................................................................................... 53
11.4.1 Non-intrusive Measurement Techniques .......................................................... 53
11.4.2 Safety Shutdown Valves ................................................................................... 53
11.4.3 Electronic Marshalling ....................................................................................... 53
11.4.4 Smart Mobile Operator...................................................................................... 54
11.4.5 Production Measurement .................................................................................. 54
11.4.6 Digitalization ...................................................................................................... 55
12 Quality & Acceptance Testing .................................................................................................... 56
12.1 Inspection & Test Plan ................................................................................................... 56
13 Appendices ................................................................................................................................ 57
13.1 Definitions ...................................................................................................................... 57
13.1.1 General Definitions ........................................................................................... 57
13.1.2 Specific Definitions ............................................................................................ 57
13.2 Abbreviations and Meanings.......................................................................................... 58
13.3 References ..................................................................................................................... 62
13.4 User Comment Form ..................................................................................................... 64

Page 8 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

1 Introduction

1.1 Objectives
The objective of this document is to provide design basis for Control and Automation, in
accordance with the current operating philosophies. This document is based on sound
economical and technical grounds with full regard to the safety of operations.
The Control & Automation philosophy focuses on the following main objectives in the business
process.
 Process Safety and HSE.
 Maximise Production and Operation performance.
 Cost Leadership – Lowest TCoO.
 Well and Reservoir management (WRM), Smart Fields and Operational Excellence.
In support of these objectives, the following strategies are adopted:
 Incorporate C&A design class recommendations; while challenging the technical
standards and applying a risk based approach to standard selection for potential cost
savings.
 Align with the Appropriate Level of Smartness (ALOS) in C&A design.
 Facilitate remote and fully automated operations to minimize human intervention for
the production facilities.
 Utilisation of and adherence to facilities operating envelopes, thereby reducing
production deferment and operating & maintenance costs.
 Using “open systems” based Production Automation Systems (PAS).
 Increase the overall availability to maximise production.
 Maintain the overall reliability and integrity to meet the safety requirements.
 Apply online equipment and system performance monitoring culture for the production
process.
 Integrate subsurface and surface facility optimisation and control.
 Increase accessibility and quality of measured real time data to enable wells
optimisation and reservoir management.
 Automation of routine tasks to enable efficient utilisation of PDO staff.
 To manage Control & Automation Systems security and oversee industrial cyber
security threat reduction and help mitigate overall risks to the company.

1.2 Governing Principles

The Operating Philosophy should be the basis for the implementation of Control & Automation
requirements on any facility (surface facilities, off plot wells and RGMS(s)/RMS(s)).
Operational requirements, economics, technology opportunities and technical integrity shall
determine the level of automation, rather than being driven by today's (potential) system
capability. The following principles to be considered as minimum, when implementing any
Control and Automation design:
 Maximum Standardisation: throughout the engineering design including equipment and
instrumentation variety Control (minimize different makes and models).
 Ease of System Integration.
 Simplicity and fit-for-purpose.
 Minimum maintenance requirement.

Page 9 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

 Remote diagnostics down to sensor level.

 Compliance to PCD Security requirements.
 Human Factor Engineering (e.g. Alarm Management and Rationalization, HMI design,
etc.)
 Product Obsolescence.
 Proven-in-use equipment.

1.3 Distribution, Intended use and Regulatory considerations

Unless otherwise authorised by PDO, the distribution of this document is confined to employees
of Petroleum Development Oman, their nominated System Suppliers and Contractors.
This document shall be used as a framework, which provides requirements for design and
guidelines on how to handle today's technology and the application of new technology in the
field of Control and Automation.
The framework provides basis for Engineering, Maintenance and Operations, on both Green
and Brown field projects.
If national and/or local regulations exist, in which some of the requirements are more stringent
than in this document, the Contractor shall determine by careful scrutiny, which of the
requirements are the more stringent and which combination of requirements will be acceptable
as regards to safety, environment, economic and legal aspects. In all cases the Contractor shall
inform the Principal of any deviation from the requirements of this document which is considered
to be necessary in order to comply with national and/or local regulations.
Any queries relating to this document should be referred to CFDH-C&A.

1.4 Review and Improvement

This document will be updated every 4 years to ensure highest values of providing a fit-for-
purpose requirement on Control and Automation framework.

Page 10 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

2 Technical Integrity Assurance

2.1 Risk Management in Design

2.1.1 SIF Management

The C&A Discipline is responsible for SIF Management, which shall be based on DEP
32.80.10.10; Safety Instrumented Systems and PDO SP-2316 SIL Assessments and
Implementation Specification.

2.2 Technical Integrity in Design

2.2.1 Safety Critical Elements (SCEs)

CP-117 defines requirements for the development of Performance Standards (PS) for Safety
Critical Elements (SCE) during the Define phase to confirm that each selected SCE has been
designed according to the relevant PDO specifications, Shell DEPs, and HEMP studies (refer
to SP-2062).
Therefore, identification of applicable Control & Automation SCEs shall be carried out and
relevant Performance Standards (PS) shall be developed during Define phase by C&A
Engineering Discipline. The Performance Standards should mature further during the Execute
phase and shall verify that the SCEs have been constructed as designed (through TIV-
Technical Integrity Verification process). The Performance Standards will evolve into Operate
phase Performance Standards before project handover.

2.2.2 Compliance to Shell Design Engineering Manual1 (DEM-1)

The purpose of DEM1 compliance is to define the technical standards for design and
construction, which have a direct impact on Process Safety.
A PDO Specification or PDO-adopted Shell DEP shall be designated as DEM1 if it contains a
minimum of one “SHALL [PS]” statement relating to prevention of, or managing risk associated
with a Process Safety related incident significantly contributing to a preventative control or
mitigating measure for “Severity Five or High Risk” hazards to People, Environment, Assets or
Reputation.
Projects to apply the Version of the DEM1 DEPs and PDO specifications that are valid at the
time of end of the project Select phase (Decision Gate 3) for design of a new Asset or
modification to an existing Asset (capital project and/or Management of Change).
Compliance to DEM-1 “SHALL [PS]” statements is mandatory. Therefore, C&A Engineering
Discipline shall confirm that the mandatory Process Safety requirements in the DEM 1 DEPs
and PDO Specifications are met for the construction of new Assets and the modification of
existing Assets supported with the documented evidence.
“SHALL [PS]” statements are mandatory unless derogation is approved by the discipline C&A-
CFDH or UED (delegated TA-0) supported with ALARP assessments that:
 Demonstrates at least an equal standard of control as the SHALL [PS] requirement
(e.g. if the SHALL [PS] required an engineered control, then the derogation should also
rely on an engineered control rather than a procedural control or PPE).
 Be supported by a suitable and sufficient risk assessment; and
 Demonstrate that the risk to people, assets, environment and reputation is no greater
than would have been achieved through adoption of the SHALL [PS] requirement.
Project to ensure that all Derogations for the Asset are entered in the DEM1 Derogation
Register and Reporting System.
Compliance to “Shall” statements is mandatory, deviation from “shall” statements shall follow

Page 11 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

the process managed by Variance Tracking Tool (VTT), refer to PR-2066.

2.2.3 Compliance to Shell Design Engineering Manual2 (DEM-2)

PSBRs are requirements derived from learning from past AI-PS accidents in the industry. The
purpose of the Process Safety Basic Requirements (PSBR) is to prevent re-occurrence of
known major Process Safety incidents by focussing on their main causes and key barriers.
PSBR compliance applies to Assets that have process Hazards with PDO RAM Red and Yellow
5A, 5B Risks that are applicable to the project scope.
There are eight identified PSBRs applicable to onshore oil and gas facilities as referred to SP-
2062.
Compliance in PDO with PSBRs in projects is mandatory.
C&A Engineering Discipline is responsible to demonstrate compliance with applicable PSBRs
as per project scope.

Page 12 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

3 Control & Automation – General Requirements

3.1 General
Control & Automation covers the following areas.
 Process Control Technology and Optimisation.
 Field Instrumentation and Automation systems.
 Instrumented Protection and Safeguarding.
 Fire & Gas Detection and Systems.
 Process Control Domain Security (PCD Security).
 QMI and Production Measurement.
 Real time Data Acquisition and Presentation.
In the early stage of every project, a detailed operating philosophy should be defined. Based
on the conceptual design and the operating philosophy, the functional requirements for C&A
including the degree of automation will follow, which in turn will define the minimum
requirements for the C&A infrastructure. Early involvement of the C&A engineering function in
the project definition phase will assist in the optimum selection of C&A systems.
A project specific C&A philosophy shall be produced describing the C&A infrastructure, system
and sub system requirements & interfaces, communication networks, production measurement
and real time data requirements, which will allow the realisation of the specified design
functionality and be the ‘Design Basis’ for further C&A Engineering & Design. Deliverables of
design and reports shall be in line with DCAF requirements, Shell DEPs, and applicable PDO-
Specifications (SPs), Guide Lines (GUs) and Procedures (PRs).
As a base rule, non-proven, uniquely tailored, standalone and proprietary systems should be
avoided for reasons of risk on system immaturity, future service support and total cost of
ownership. The requirement is to integrate all controls into one common system per oil or gas
facility with the aim of minimising system variation and provide single window for full station
operation.

3.2 Design Class Selection for Control & Automation

A pre-selected base line design class shall be applied for each of the performance category in
line with the new SP-2199 "Design Class selection for PDO projects". This sets the overarching
design criteria.
The SP-2199 defines the approach to Portfolio Classification and explains the Design Class
approach for the Control and Automation discipline. All other design philosophies for the project
shall flow from the Design class selection as the "next level" of documents. Any additional
investment beyond the base design class selection shall be endorsed by the project decision
executive.
Appendix 3 of SP-2199 shall be used to detail C&A requirements for the different design
classes.

3.3 Plant Process Control & Optimisation

All PDO facilities will be operated from the Integrated operating centre (IOC) at PDO premises
in Mina Al Falah. Therefore, these facilities/stations shall be designed to facilitate full
automation during start up, normal operation and shutdown with minimum operator intervention
and facilitate remote control and monitoring. Main operator role should be for the facility
operational parameters surveillance.
The function of Process Control is to maintain the plant-operation within its defined operating
envelope and hence in a safe, stable, efficient and productive state. It should be recognised

Page 13 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

that failure of the control system could be one of the root causes for a deviation beyond the
operating envelope and thus a demand on the instrumented protective functions.
Although the level of automating the facility should be based on the type of the facility,
complexity, and its intended operation, the design criteria should aim for the level of automation
that benefit in the Total Cost of Ownership.
The plant should be design to be fully automated in all scenarios of operation driven from the
following benefits;
 Eliminate human exposure to field hazards.
 Resource management- less resources required for the same tasks.
 Higher plant availability- Reduces human errors & less human intervention.
 Enables more fidelity of remote control.
 Enable large extent of station optimisation.

The routine repetitive tasks shall be fully automated to eliminate human exposure to field
hazards.
Process Control Narratives shall be developed based on SP-2307 and Shell DEP 32.30.20.15.
In addition to advanced process control techniques, user application programs also shall be
developed and built in the automation systems so as to further optimise the process and the
facility operation. The process optimisation, not only improves the availability, but also yields
benefits possibly by means of:
 Reduced infrastructure (less number of equipment could be employed by more optimal
utilisation of operating envelopes).
 Reduced operation/ maintenance cost.
 Equipment & system performance monitoring.
 Reduce downtime and faster start-up.
Integration of Real Time Operations (RTO) with the respective station’s control system shall be
implemented for the optimisation of the overall facility including the wells. This will further
improve the availability of field and facility.

3.4 Automation Systems

The function of Automation Systems is to monitor, control, optimise automate and facilitate
remote operation of all surface facilities, including the provision of operator interface (HMI) to
the process facility.
The automation systems currently available in the market offer a variety of automation
techniques, function blocks, application programs, advanced diagnostics, fast data transfer and
communication flexibilities with different systems. Any new automation system shall be based
on the state-of-the art “Open systems” architecture, having the flexibility for scalable
expansions, software upgrades and easy maintenance in order to extend their life expectancy.
In order to limit the required SIL level for IPF’s/SIF’s, the Demand Rate of that function shall be
limited through the appropriate use of process control systems. For IPF classification as
described under paragraph 3.5.2, the default demand on the IPF is based on highly reliable
and available modern basic process control systems.
Any other type of control systems (e.g. single/ multi loop controllers, remote terminal units) can
be considered if demonstrated to clearly provide the lowest total cost of ownership and shall be
approved by CFDH-C&A.
In general, Automation systems shall only be procured from Approved vendors with a clear
vision on future development, including recognising the requirement for 'migration paths' and

Page 14 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

'upwards compatibility'.
For brown field modifications/expansion in the existing station/plant including off-plot, the
Automation System (i.e. FCS/DCS/IPS/FGS) shall be of the same make as the main
station/plant. Deviation from this shall be approved by C&A CFDH.

3.5 Instrumented Protection and Safeguarding

3.5.1 Safeguarding Requirements

Plant control system is installed to regulate the process within the design-operating envelope.
Failures of the control system, or human error, can lead to potential excursions outside this
envelope and depending on risk associated, there may be a requirement for the provision of an
additional safeguarding system.
The safeguarding philosophy should be defined during FEED depending on the type of facility
in line with the Company standards. The Instrumented protection and safeguarding shall be
specified and described in the Safeguarding/IPF narratives.
The process safeguarding system shall comprise:
 Emergency Shutdown (ESD), with/without depressurisation to suit the facility:
To prevent the escalation of abnormal conditions into a major hazardous event and
limit the duration of any such events that occurs.
 Process Shutdown (PSD): To avoid harmful or damaging consequences of
operational malfunctions or excursions outside the operating envelope.
Design shall ensure:
 Local manual ESD pushbuttons shall be provided.
 Additional remote soft ESD/PSD activation from operator Control Rooms or remote
Common Control Rooms. This can be implemented over fiber optic communication
links.
 ESD Valves should not be provided with bypass, if required, the bypass valve shall
meet the ESD valve design requirements.
The type and level of protection should be determined during FEED and confirmed by a Hazard
and Operability (HAZOP) review. All Instrumented Protective Functions (IPF’s/SIF’s) shall be
subsequently reviewed and classified as per IPF methodology described in the SP-2316 SIL
Assessments and Implementation Specification.

3.5.2 IPF/SIF Classification

Refer to the SP-2316 SIL Assessments and Implementation Specification.

3.5.3 IPF Reset Philosophy

The following reset philosophy shall be adopted for all green and brown field projects:
i) Reset shall only be allowed if the initiator of the shutdown has returned to healthy state.
ii) Reset of emergency or process shutdown (any IPF function) Shall be by deliberate operator
reset action, i.e. auto-reset is not allowed. This requirement is meant to prevent using IPF
final elements as control layer and consequently causing higher demand rate for the IPF.
iii) Reset of PSD (Process Shutdown) IPFs (on-plot as well as off-plot facilities) should be
carried out remotely from station Control Room(s) FCS/DCS HMIs. However, off-plot over
pressure protection trip shall be reset locally.
iv) Reset of ESD (on-plot / off-plot) should be from local hardwired pushbutton field reset
provided next to each ESD valve followed by remote reset (i.e. from FCS/DCS HMIs at
associated station Control Room). The requirement of local ESD reset is to examine and

Page 15 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

ensure the healthy condition of ESD valves by visual inspection. Blow-down Valves do not
require individual reset but they will be reset by the ESD reset push button provided in the
local Control Room.
v) Valves that are activated by ESD and PSD in combined functionality should be reset in
accordance to the trip causes, i.e. if trip by PSD it requires only remote reset, if tripped by
ESD then both local and remote reset are required.
vi) For machinery protection trip function reset, careful assessment should be made to
implement local or remote reset.

3.6 Alarm Rationalization and Management

The purpose of alarms is to alert operators to a hazardous situation in the most rapid and
unambiguous manner so that appropriate action can be initiated. Alarms should be specified
only where they provide meaningful information and where the operator has time to take action.
An Alarm management and rationalization study shall be conducted in accordance with
company SP-2239 Corporate alarm management philosophy and DEP 32.80.10.14.

All alarms configured in the production station BPCS shall be configured in other Central control
rooms for remote control/night shift as per alarm rationalization categorization.

3.7 Field Instrumentation Selection

Selection of proper instrumentation is critical. Therefore, the following aspects shall be
considered.
 Selection of the right measurement principle for the application.
 Standardization and control of Instruments type variations.
 Material selection.
 Sizing including turndown requirements.
 Range and span.
 Accuracy and repeatability.
 Installation methods.
 Diagnostic capabilities for remote maintenance/ calibrations.
 Maintainability including Vendor availability and spare parts.
 Life Cycle performance.
Section 7 (Field Instrumentation) and Section 8 (Production Measurement) provide more
details.

3.8 Smart Plant Instrumentation (SPI)

Smart Plant Instrumentation (SPI) previously known as InTools, is the Corporate Control &
Automation design tool. It provides the tool to process consistent, centralized instrument
database for engineers and plant maintenance staff. The use of SPI enhances data
consistency and assures design integrity even if design is shared with different parties and
design locations. SPI leads to improved performance to execute project, produce standardized
instrumentation deliverables and assures availability of latest information accessible to users
across different areas (multi-design consultants, system support engineers, field maintenance
and operation team).
All green field and brown field projects shall use SPI for managing instrument database and
to produce the following deliverables:

Page 16 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

 Instrument Datasheets.
 Loop drawings.
 ICTD for Junction Box and system marshalling.
 Alarm and trip setting document.
 Cable schedules.
 Cable drum schedule.
 I/O lists.
 Instrument index.
 Hook-up.
 MTO.
 Foundation Fieldbus Segment Diagrams.
Refer to the SP-2098; SmartPlant Instrumentation Specification for further details and
documentation requirements.
PDO approved templates shall be used to produce the deliverables from SPI. Refer to SP-
1206 for further details. Contractors shall use same PDO SPI documents and drawings
template/format. Project shall ensure delivery of those templates to the contactors.

3.9 SAP-PM Projects Data Requirements

The Asset Register is a complete and detailed overview of all physical (tangible) assets that
are fully or partially owned by PDO and that represent value and/or have related costs. The
Asset Register is held in SAP-PM.
For new builds and modifications the register is compiled and handed over as one of the ‘key
deliverables’. Throughout the life of the asset changes are recorded to the register. With regard
to Plant Maintenance the Asset Register shall contain SAP-PM Master Data on all equipment
installed within the asset.
The Z6 Notification is used to record requests made to update SAP-PM Master Data i.e.
creation of new SAP-PM Master Data (e.g. Asset registration for new projects), or change to
existing SAP Master Data (e.g. Equipment Movement from one location to other, change of
Maintenance Plan, etc.), or correction of errors in the Master Data. The Z6 Notification shall
also provide the necessary audit trail required to demonstrate Asset Integrity. Procedure for Z6
notifications shall comply with SP-1528 Z6 notification procedure.
SAP PM shall be uploaded to System database as per Company’s requirements and SP –2142
(Project Data Specification). GU-895; Control and Automation Instrument Maintenance
Management Guideline provides more detailed C&A functions data preparation and should be
followed.

3.10 Obsolescence Management

PDO operates a number of assets which include aging Instrumentation and Automation
Systems including PCD security Infrastructures. As time passes, number of these will become
obsolete. Obsolescence strategy GU-662; Obsolescence Strategy for Control & Automation
Systems addresses this issues with further details with an appropriate strategy

Page 17 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

4 Production Automation Systems (PAS) Philosophy

4.1 General Overview

The PAS will typically comprise the following main systems:
 Basic Process Control & Automation systems including the associated HMI’s and
operating consoles.
 Instrumented Protective Systems for process safeguarding and Fire, Gas & Smoke
detection.
 Secured Process Control Domain and all the associated OPC communication networks.
 Operational data server for control system historian.
 Remote operator/ engineering stations using thin client servers.
 Online performance/ Condition monitoring systems.
The introduction of new open technology based systems allows the integration of various
control and automation systems to be in one platform and provides secured and seamless
data transfer to the Desktop via office network.

4.2 Process Control Domain Architecture

PDO PCD System Architecture has been evolved over the time, However, PCD System
Architecture is defined into five functional levels as shown in Figure 4.2, namely:
 L5 – Internet / Third Party Networks / Public Domain Networks
 L4 – PDO IM&T Managed Office Domain
 L3.5 – Process Control Access Domain / Demilitarized Zone (DMZ)
 L3 – Real-time Optimisation / Real-time Operation / Remote Operation (CCR) /
Analytics & Specific Monitoring
 L2 – Automated / Safeguarding / Local Supervisory Control
 L1 – Basic Instrumentation and Device Control & Communication

This architecture is based on logical domains where each PCD related activities are performed.
The Process Control Domain (PCD) L3, L2 and below are where control, automation and Smart
Field operations such as basic process control, real-time process monitoring and control,
safeguarding, validation of set points, equipment diagnostics and maintenance of the producing
facilities are performed.
The Process Control Network (PCN), L3 networks, locally connects L2 Automated /
Safeguarding / Local Supervisory Control Systems to Real-time Optimisation / Real-time
Operation / Remote Operation (CCR) / Analytics & Specific Monitoring systems. In wider area,
Process Control Network also connects local L2 and L3 to other remote locations.
Process Control Access Domain (PCAD), L3.5, is the Demilitarized Zone (DMZ), to terminate
all direct communications to and from PCD. All systems which are not involved in control &
automation shall be maintained in this level, except local operation solutions such as local
network monitoring sensors and backup services.

Page 18 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

Figure 4.2 : Process Control Domain Architecture

Page 19 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

The Office Domain, L4, is where planning, forecasting, asset management, modelling, optimal
set-point computation, and some production operation diagnostics and maintenance activities
are performed where required response time is relatively longer, i.e. daily and monthly.
The C&A engineering functional discipline is responsible for the design integrity of the Process
Control Domain. The Information Management & Technology (IM&T) function is responsible for
the management of Information and IT Infrastructure of Office Domain, and providing corporate
IM&T services for PCD on project and operational requirements. A close interaction and follow-
up is required between the two functions to effectively manage the interface issues in the
projects, software upgrades, modifications, extensions and maintenance of the systems.
Project shall evaluate the risk of connecting the 3rd party packages to the local control network
L2 and evaluate the need for Firewall.
Following is a brief explanation about different domains shown in above Figure-4.2.
4.2.1 Office Domain (OD)

The Office Domain (OD) includes all devices, nodes, systems and networks required to provide
a standardised enterprise-wide computing / Information Technology environment. The OD
includes, but is not limited to standard desktop PCs, mail servers, business applications, office
networks and data storage.
4.2.2 Process Control Access Domain (PCAD)

The Process Control Access Domain is an independent domain separating the PCD from the
OD. It contains all devices and applications that are required to provide secure connectivity
between systems in the OD and PCD. The number and type of devices and applications in the
PCAD are tightly controlled and minimised where possible, and must include at least one
firewall.
Accessing a PCD requires a controlled login via the PCAD to initiate any communications
session. The PCAD network control software further requires the communications data streams
to be encrypted. Thus, the PCAD ensures protection against unauthorised penetrations from
Office Domain into Process Control Domain (e.g. malicious hackers, inadvertent users, viruses,
etc.) as well as compromised or corrupted data packets.
4.2.3 Process Control Domain (PCD)

The Process Control Domain (PCD) contains the data collection and control heart of a
producing asset. It has specific functions such as to collect, transmit, monitor, manipulate,
display, control, safeguard, optimise and store (primary storage only) production data for
purposes of direct monitoring, control and safeguarding of production processes.
A Process Control Domain is made secure by limiting, and controlling any network connectivity
to it or any of its components. All network traffic to and from the Office Domain must be
regulated by passing through a Process Control Access Domain (PCAD) composed of security
software and hardware components (firewalls, servers, hubs, switches, routers and internal
networks).

4.3 Reliability and Availability Requirements

The Production Automation Systems shall be highly reliable and available with a high degree
of tolerance to malfunctions of hardware and software. Any faults developed shall have its effect
localised to that part of the system rendering the remainder fully operational without
jeopardising the overall safety and integrity.
The availability of the C&A systems is very important for the production performance and
thereby the ‘Total Cost of Ownership’. The overall system availability shall be in excess of the
figure specified in the requisition and where not specified, 99.99% shall be taken as default.

System availability shall be calculated, using the Mean Time to Repair (MTTR) value of 8 hrs.

Page 20 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

4.4 Control systems Requirements

Control systems with “Open” interface architecture, i.e. a recognised international or de-facto
standard such as Foundation Fieldbus and High Speed Ethernet are the current standards that
have been adopted and shall be used in PDO.
Compared with proprietary interfaces advantages are:
 Ability to use widely available non-proprietary specialist skills for support and
maintenance.
 Flexibility in choice of vendor for subsystems.
 System integration and adaptability.
 Seamless information exchange between systems.
 Ability to grow and modify systems easily as requirements change.
The following Interface standards are considered to have an open nature and shall be applied
in order of preference:
 Field devices: H1 Foundation Fieldbus.
 Process Control Bus and Data interface: High Speed Ethernet.
 Data interfacing: Modbus RTU or Modbus TCP/IP.

4.4.1 Fieldbus Control System (FCS)

Foundation Fieldbus is a recognised international standard. Foundation Fieldbus provides a
complete and complementary Fieldbus solution:
 H1 Fieldbus (31.25 Kbits/s) for continuous process control with controls distributed to the
field at the device level.
 High Speed Ethernet (100 Mbits/s) for advanced process and discrete automation
applications. High Speed Ethernet provides the “backbone” for the integration of plant
hosts, control subsystems, data servers and large data generators such as analyzers and
IPS.
Fieldbus control system replaces incompatible control networks and systems with an open, fully
integrated architecture for plant data integration across the enterprise. Fieldbus Control system
will significantly reduce TCoO. Refer SP-1245; Standard Specification for Basic Process
Control System (BPCS), also covering Asset Management System (AMS).
FCS shall be deployed for new and large facility expansion/modification projects.

4.4.2 Distributed Control System (DCS)

DCS have been widely used for the plant control until the introduction of “Open” system
technology (Fieldbus) based systems as mentioned in section 4.4.1. PDO have a number of
installed DCS’s, which are relatively new and are still fit for purpose and so will be retained till
the end of their product life cycle period.
FCS shall be installed where modifications/ extensions are significant, e.g.; new units or trains,
and possibly integrate with the existing DCS.
Minor extensions or modifications may still be carried out in the existing DCS. CFDH- C&A can
assist in the evaluation process as to make a decision to the Asset teams.

4.5 Instrumented Protective System (IPS) - Requirements

The IPS design shall be provided as recommended in latest version of DEP 32.80.10.10 (Safety
Instrumented Systems).

Page 21 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

For new installations, as a minimum, SIL3TÜV-certified IPS’s, shall be used, except for Design
Class-1 (refer to SP-2199). PLC based IPS’s in accordance with DEP32.80.10.10, are the first
choice as plant changes or modifications can be incorporated easily and can be expanded
easily.
The process control system shall not be used for safety functions.
Use of relays based logic solver is not supported anymore. However, it is still allowed to execute
minor modifications or changes in the existing relays based system. In case of major
modifications or extensions (changes typically in the order of 20% of installed system capacity)
take place in a facility, which has a relays based logic system, the relays based logic solver
shall be replaced by at least a SIL3 TÜV-certified PLC based IPS.
Automation systems and field instruments including valves used for safety applications shall
bear either TÜV or EXIDA SIL certification.
The IPS shall interface with the process control system using peer-to-peer communication.
Alternatively, redundant OPC compliant link for data transfer of monitoring and status signals
(alarms, messages, SER etc.) and a redundant Modbus RS485 or TCP/IP link(s) for control
signals (interlocks, commands, MOS activation etc.) shall be provided.
Trip amplifier has environmental temperature limitation of 60 Co only. Hence, shall not be used
in off-plot (e.g. wellheads).
In case of off plot IPS, MOS supervisory permission shall come from SCADA system (LOWIS)
and local IPS panel shall have the hardwired MOS key.

4.6 Fire, Gas & Smoke detection system (FGS) - Requirements

FGS shall be provided as recommended in the DEP 32.80.10.10 and DEP 32.30.20.11 (Fire,
Gas & Smoke detection system).
FGS should preferably be independent from the process IPS. The make and type of the FGS
shall be the same as that of the IPS.
Combining the FGS with the process IPS can be considered at off-plot locations if it proves to
be cost effective. However, if combined, the FGS Input/output cards shall be separate than IPS.
The Fire, Gas & Smoke detection of the control room should be implemented in the plant FGS
and depicted in the same mimic (display)/HMI. However, in brown field projects where the
existing control room is already provided with dedicated Building Fire Alarm System (BFAS)
and have dedicated serial link with FCS/DCS addition of new F&G detectors in the control room
may be interfaced with existing BFAS provided sufficient spare capacity is available in BFAS
and there is no requirement of adding a new Fire Hazard Zone in the building.
Buildings other than plant control buildings shall follow requirements specified in SP-2155
(Building Service Specifications) and NFPA 72. For Fire & Smoke detection of electrical sub-
stations, additional requirements provided in DEP 33.64.10.10 shall also be considered.
For on-plot facilities, the back-up power (battery autonomy) for the FGS shall be at least 8 hrs.
In case the FGS is combined with the IPS, the 8 hrs back-up shall be maintained at least for
the FGS part and the associated operator station (FGS mimic/HMI/VDU) and associated
communication systems.
Historically, Break Glass Units (BGU) tend to be unreliable and had contributed in significant
number of spurious trips, manual lift & pull type switch (Manual Call Point-MCP) are less prone
to spurious failure. Therefore, Break Glass Units shall not be used.

4.6.1 Fire & Gas detection mapping study

The FGS detectors to be located as per general guidelines provided in Shell DEP 32.30.20.11.
However determining the correct site location of the detectors is not straight forward, particularly
in congested areas.

Page 22 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

A special software tool “Fire & Gas 3D Mapping” is available that optimises the effectiveness
of the FGS, recommends the detector locations and evaluates different voting configurations.
Fire and Gas coverage verification through 3D mapping shall be deployed in the project for on-
plot.
Gas leak detection should consider deploying mix detection technologies in a zone to minimise
common mode failures, e.g. LOS and ALD, or point detectors with LOS if feasible.
Upmost care shall be applied to ensure rational and reasonable contribution to trip voting, this
is to ensure plant availability and minimize spurious station trips. Number of gas detectors
contributing to voting for trip shall not exceed 20 detectors in a vote.
Boundary detectors e.g. Line of Sight that contribute to the coverage across more than one
mapping area shall vote with both voting groups separately, boundary detection shared by 2 or
more zones shall not be a reason to vote detectors in all zones together.
Note, mapping zones are not the same as fire/depressurization zones.
For off-plot well sites and RMS/RGMS a 2D mapping study is adequate as these areas are
not congested and detector deployment can be easily managed to satisfy detection
coverage requirements as per DEP 32.30.20.11.
3D F&G mapping software native file to be provided to Company.
Project F&G detection design philosophy shall comply with Fire & Gas Detection and Voting
Philosophy tabulated in appendix A.

4.7 Communication between Electrical Intelligent Relays and BPCS

Intelligent Electrical Drives (IED) are being used in PDO extensively for LV drives. The use of
direct serial/data communication between BPCS and electrical MCC is strongly recommended
for new (Greenfield or Brownfield) projects and projects which involve replacement/upgrade of
existing LV MCC.
The following potential benefits can be identified:
 Less wiring between the E&I systems and consequently possible reduction of equipment
room spacing.
 Common control system hardware, such as workstations and interfaces/ gateways;
 Enhanced operator and maintenance interfacing as a result of additional electrical system
data made available through the IED to various remote locations.
 E&I control-loop consistency and application effectiveness for motor interlocking and
control via the IED;
Integration of LV MCC/Drives with BPCS shall follow the below requirements:
 Direct communication from Intelligent Electronic Device (IED) to BPCS is mandatory for
switchboards in a single switchgear building that has more than 10 feeders excluding the
count of VFDs and motors in vital services. The switchboards shall have intelligent motor
protection relays and shall be able to communicate to FCS/DCS. Preferred protocol is
Ethernet / lP. However, Modbus TCP/IP can also be considered.
 VFDs should have serial links or an Ethernet connection to BPCS as per DEP
33.66.05.33-Gen.
 Outdoor switchboards shall have hard-wire interface with conventional protection
arrangement.
 lED shall be as per SP-1121 and the system architecture as defined in DEP 32.30.20.17.
 Switchboard shall contain redundant Ethernet switches. The switches are the scope
demarcation between C&A and Electrical disciplines.

Page 23 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

 The data link from the Substation to BPCS shall be a fully redundant link by single mode
fiber optic cable.
 IPS, RCU and Safety switches Stop commands shall be hardwired directly (through the
IFB) to the starter contactor and not via the protection relay.
 All signals for H.V motors to be hard-wired.
 For H.V motors, the control and status commands shall be hard-wired from DCS/FCS to
electrical system through IFB panel and shall have their own dedicated interposing relays
in IFB, i.e. shall not be routed through IPS to share the IPS relay in IFB panel.
If a step out is required, a full feasibility study (Technical and commercial benefit) should be
provided and approved by C&A-CFDH and Electrical-CFDH. Consult C&A-CFDH and
Electrical-CFDH for any doubt regarding selection of technology and network architecture.
Refer SP-1206 for Instrument/Electrical interface.

4.8 Wireless Instrumentation

The key promise of wireless technology is to reduce the cost of wiring/cables and associated
termination. In particular, wireless sensors are a key enabling technology for the future control
systems, reduces installation cost, commissioning and plant start up time and production
optimisation. Wireless sensors are typically low-cost, low-power, small devices equipped with
data processing and wireless communication capabilities, as well as power supply. However,
the wireless instrument battery lifetime is considerably short; especially in the control
applications due to short process value scanning time. Hence, they are recommended for
monitoring applications only.
In wireless instrumentation, the microprocessor based field devices are distributed in the field
and are controlled by a wireless instrument network manager and hence these segments
become an integral part of the DCS/FCS. This requires an integrated configuration, data
management, and system architecture approach to field network.
The wireless sensor system uses a mesh topology to provide alternative routing to enhance
availability and reliability. The sensors also act as repeaters to effectively extend the range of
the system.
At present, there are two (main) wireless standards available Wireless HART and ISA 100.
There is no native interoperability currently available between these two standards and the
associated devices.
Presently, PDO is under process of field tests and vendor acceptance for Wireless Instruments.
Wireless field instrumentation can be used for indication & monitoring purpose only and not for
control or protection. However, it shall not be used for machine vibration monitoring due to
battery lifetime limitation.
Projects shall consult C&A-CFDH for the application of wireless technology.

Page 24 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

5 Real-Time Operations
Real-time Operations provides a standard, secure, and open architecture that includes built-in
features for collecting, processing, transmitting, storing and presenting real-time and related
data.
The core functionality of these systems help to provide the capability for high level functionality
such as monitoring, alarming, analysing, and optimizing production facilities, wells, and
pipelines. The set of tools and systems provided by RTO will ensure that real-time data are
reliably and securely delivered to end users’ Desktops.
The overall data flow diagram shown below in Figure-5 as simplified block diagram showing
the overall data flow from the sources with the PCD to the OD Users.

RTO PORTAL (Nibras)

CORPORATE DATA HISTORIAN

SCADA DTS WMS WTS

Application Application Application Application

DATA ACQUISITION LAYER

Off-Plot Facilities
Data Capture Data Capture

Figure-5 : RTO overall data flow architecture

For more details refer to Real Time Operations SP-2201 and SP-2203.
For additional Guidelines on Automated Well Testing refer to PDO GU-636.

5.1 Distributed Temperature Sensing (DTS)

Distributed Temperature Sensing (DTS) systems use light travelling through a fiber optic cable
to measure temperatures along the cable length. By so doing, the data returned are not in any
predetermined increment like wireline log data, but are in a continuous profile. A high accuracy
of temperature can be achieved over great distances using this technology and it has been
demonstrated as a reliable alternative to wireline operations. It has minimal downtime at the
well site and provides accurate data.
There are many application areas for DTS which can be stated as following:
 Well integrity issues (e.g. leakages, gas lift optimisation).

Page 25 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

 Flow allocation from temperature profiling

 Injection allocation
 Cross flow verification and monitoring
 Inflow/injection valve operation
 Steam flooding performance
 Thermal & Polymer flood surveillance
Currently there are two alternates to DTS data acquisition. first there is the permanent fixed line
cables that are connected to the Company’s real time network and data are pushed into the
DTS-DB database automatically. The second is the data acquired via callout requests raised
by the team in WSAM.
Unlike most other data that arrive into the company, the DTS real time data are not requested
on a callout type arrangement. Instead, data are continuously being provided via an elaborate
real-time infrastructure originating in the field and extending into the IM&T building in Mina al
Fahal where they are stored in the DTS-DB database.
This infrastructure originates in the Process Control Domain (PCD) of the field and directs data
collected by the fiber optic cables into field-based servers which in turn are automatically
pushed through the Process Control Access Domain (PCAD) layers to eventually reside in the
Office Domain (OD) located in the MAF-based IM&T servers.
Ultimately the users of these data can access and download the data from the OD servers for
further processing.
Figure 5.1 below presents the typical DTS Architecture and Data Flow.

Fibre Cable

Leaser BOX

LIOS

WSTML File
Ultra Studio
DTS Server
Nibras
Web Portal

Process control Domain

Oracle DB

Office Domain

Figure 5.1: Typical DTS Architecture and Data Flow.

Presently, supported DTS application by PDO RTO is LIOS. LIOS have created a DTS load
tool to upload DTS data into database.
An Oracle database was created which complied with the TCP/IP based POSC / WITSML

Page 26 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

standard capable of storing well temperature data, collected using fiber optic technology.
The DTS application pushes data via a proxy server located within the Process Control Access
Domain to the Oracle server. This architecture complies with the DACA architecture.

5.2 Gas Breakthrough Control

Some fields in PDO behave according to Gas Oil Gravity Drainage (GOGD) mechanism. In
GOGD, oil is produced from fractures (containing gas, oil and water) within the matrix and these
fractures are recharged whenever drained.
The optimum production scenario is achieved when the drainage rate equals the charging rate.
When wells are overproduced this would result in gas and water breakthrough. In order to
maintain the optimum well drainage rate in such dynamic environment, the need for an
automatic choking device becomes inevitable.
Gas breakthrough controls have proven to be highly efficient in automatically controlling well
flow rates via maintaining a certain GOR.
Refer SP-1206 for details on Gas Breakthrough Controls package.

5.3 Project Scope for RTO

Project specific RTO documents shall be produced describing in brief the intended use of the
infrastructure, system and sub system & interfaces, communication networks, production
measurement. The principle and intent should be to integrate all sub-systems information
collection into the correct streams up to the end user.
Based on conceptual design and operating philosophy, the subsequent RTO documents such
as Scope of Work and Detailed Design will be defined by the RTO Philosophy document. Early
involvement of PDO RTO Team in the project Define phase will assist in optimum selection of
systems that are aligned with RTO Governing Principles described above.
As a base rule, non-proven, uniquely tailored, standalone and proprietary systems should be
avoided for reasons of risk on system immaturity, future service support and Total Cost of
Ownership. Exceptions to RTO norms will be considered as long as there are justification and
technical constraints.
The project team shall collect templates from RTO and shall use the templates provided as
guidelines to produce a set of project specific RTO documentation.
The Project shall ensure that Hardware, Software, Data Collection and Information
Presentation is standardised according to the RTO guidelines documents.
The project shall communicate with RTO department to determine if licences are required for
the systems being implemented and if these are to be purchased by the Project.
RTO offers standardised functionality and interfaces to Vendor systems. Should the project
require any additions or changes to systems features then these must be discussed with RTO
department as Vendor engagement is essential and may result in additional costs that may be
borne by the project.
Refer to SP-2203 for more details.

Page 27 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

6 PCD Cyber Security Overall Baseline Controls

To implement a high level of security, the accessing and segregation of the Process Control
Domain (PCD) and the Office domain (OD) are controlled by a Process Control Access Domain
(PCAD). Figure-4.2 indicates overall PDO Domain Structure with security associated with each
domain.

6.1 Physical/Asset & Logical Access Management

6.1.1 Physical Assets/ Facilities Access Management

It is the process of monitoring and controlling access to physical assets/ facilities i.e. Building
offices, Central Control Room, Auxiliary Room containing PCD IT Systems (e.g. Servers,
Workstations, Network equipment, Cabinets) are located in the plant. The entry and exit of all
PDO staff and OEM system vendors or contractors including their equipment such as Laptop
and Removable Media are required to restrict and observe on all areas. Personnel entering on
these physical assets/ facilities shall have a clear business case and authorized scope of work.
This is to prevent unauthorized physical access, damage and interference to the production
operation including the risks of inadequate protection from inadvertent or malicious exposure
of sensitive information to unauthorised parties and risks to business, assets and reputation.
The physical security must be in compliant with the following documents:
SP-2121 : PCD - Physical Access Control Management
SP-2125 : Information System Physical Access Management Specification

6.1.2 Logical Access Management

It is the process of managing User account (i.e. Username, Password and its complexity) in
PCD IT Systems including its privileges to access PCD network within the PCD. This includes
user account generation, authentication, logging and monitoring of system usage.
For details refer,
SP-2119 - Password Management Specification
SP-2126 - Information Systems Logical Access Management.
PR-2029 - PCD IT Security - Access Control Procedure.
For PCAD Portal Access details refer to PR-1995 PCAD Portal Access & Control Management.

6.2 Inventory Management

It is the process of keeping detail records of all PCD hardware and software information
including system architecture drawings for the purpose of understanding the current resources,
managing their configuration and tracking changes to these assets. A complete inventory of
PCD inventory enables the identification of current system risks and vulnerabilities. The
following information shall be documented for each component:
 Unique identifier
 Network address
 MAC address
 Operating system name and version
 Application software name and version
 Hardware manufacturer and model
 Device type

Page 28 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

 Business criticality
 Custodian
 Geographical location
 The inventory of the PCD architecture
For more details refer to GU-686 - Process Control Domain (PCD) IT Security - Asset
Management Guideline.

6.3 Patch Management

It is the process of controlling the deployment and maintenance of interim software releases
which helps to maintain operational efficiency and effectiveness, overcome security
vulnerabilities and maintain the stability of PCD IT System’s (Operating System and Software
Applications) in production environment.
For more details, refer to PR-2063 - PCD IT Security - Windows Security Patches Procedure.

6.4 Anti-Virus Management

It is the process of preventing, detecting and remediation of malicious code such as Viruses,
Trojans, Worms, Spyware, etc. in the production environment. This includes potential impacts
to other PDO organizations or third parties. Computer viruses can infect PCD IT systems. This
can result in substantial costs from loss of valuable information, system down time and costs
associated with the time and effort spent on virus infection cleansing activities. This Anti-Virus
process applies to all PDO staff, contractors or service providers and required to comply. For
C&A Systems two Anti- Virus (Symantec & McAfee) are preferred by PDO OEM system
vendors. For more details refer to PR-2030 - Process Control Domain (PCD) IT Security - Anti
Virus Procedure.
In addition to PCAD, each system shall be supplied with anti-virus software to protect the
Process Control Domain from inadvertent users and viruses.

6.5 Removable Media Management

It is the process of managing and controlling removable media (e.g. USB Drive, Memory Stick,
CD/DVD and other Optical/Magnetic Media) Use in Physical Assets/ Facilities to minimize the
risk of introducing virus or other malevolent software into the PCD IT Systems. It follows that
before any external media is connected to the PCD, it should be scanned with Anti-Virus
software and other precautions taken to detect malevolent software. When it is required to take
PCD data or software from a site, precautions should be taken to ensure that the contents are
documented and the removal has been approved. For more details refer to PR-2031 - Process
Control Domain (PCD) IT Security - Removal Media Management Procedure.

6.6 Back-Up & Restore Management

It is the process of copying of data to assure recovery of the installed PCD IT Systems (such
as DCS, FCS, IPS/FGS, packaged PLCs, RTUs /RPCs, etc.) in the event of mishap such as
data corruption/total loss or partial failure of software and/or plant specific database. For more
details refer to PR-1023 - Automation Systems Software Management Procedure.

6.7 Change Management

It is the process of managing changes within PDO Domains (OD, PCAD and PCD) when
launching, deploying new IT and Control & Automation solutions or changing any component
of the production computing hardware, software (application, licenses) or data communications.
This is to ensure all changes are made in a structured manner and do not adversely affect
neither IT infrastructure systems stability nor the delivery of production services.

Page 29 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

It also describes the steps to be followed when applying any change and is intended for all
members of IM&T and C & A Engineers who will be involved in the process of making changes.
All members of Change Management Group (IM&T and Control and Automation) responsible
for making changes to production services should be familiar with this procedure. For more
details refer to PR-1371 - Change Management Procedure.

6.8 Incident Management

It is the process of managing information security incident both in OD and PCD. The
management process specifies the activities, technology and responsibilities for incident
detection & recording, assessment, response & recovery and reporting & closure. It also implies
end-to-end management for controlling or directing how security events and incidents should
be handled. This involves defining a process to follow with supporting procedures in place,
assigning roles and responsibilities, having appropriate tools, identified qualified staff and
trained to execute the work in a consistent, high-quality, and repeatable way. In general,
information security (IS) incidents are defined as events that could imply loss of availability, loss
of integrity and/or loss of confidentiality of information assets, which may generate negative
consequences on the business and or create unwanted HSSE (Health, Safety and
Environment) situations. For more details refer to PR-2001-Information Security Incident
Management.

6.9 Cyber Security Step-Out/Deviation Management

It is the process of requesting, reviewing, approving and withdrawing deviation to the PDO
cybersecurity Standards. A Step-Out Form must be completed with all PDO information assets,
hardware and software that do not comply with mandatory standards and technical controls.
This includes PDO information assets managed by contractors or 3rd parties e.g. (OEM PCD
IT System Vendors). For more details refer to PR-2035 - IKRM Standards Step-Out Procedure.

6.10 System Hardening

It is the process to make systems in the PCD more stable and less sensitive to cyber attacks
by removing unnecessary elements (e.g. applications, services, accounts, configuration
settings) to ensure exposure to vulnerabilities is minimal.
The requirements shall address the following:
a) Removal or non-installation of software and functionality that is not required by the
Principal for the intended functional purpose of the system; e.g. E-mail, office applications,
games, USB ports, Bluetooth and Wi-Fi communication, etc.
b) Physical and logical access to diagnostic and configuration ports that shall be protected.
c) All unused ports on switches and routers shall be disabled to assist in preventing
unauthorized access to the PCD network infrastructure.
For more details refer to DEP 32.01.20.12-Gen. (DEM1).

6.11 Time Synchronization

It is the process of synchronizing all PCD IT System time from a secure synchronization source.
All PCD equipment capable of time-synchronization shall synchronize time from a secure and
accurate source (i.e., GPS clock or PCAD NTP service). Time synchronization of PCD IT
System is important. When systems in the PCD are not synchronized there could be issues
with:
a) Real time behaviour of PCD systems.
b) Historian or PI systems.
c) Sequence of Event Recorder (SER).
Due to the inherent security exposures of using Network Time Protocol (NTP), NTP is not
recommended for time synchronization between the OD and PCD. Alternatively, a GPS time
synchronization source is used in the PCD instead. This is connected to a master clock node

Page 30 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

which then synchronizes all devices in the PCD. Multiple GPS receivers may be required to
synchronize non-networked nodes in the PCD.
For more details refer to DEP 32.01.20.12-Gen. (DEM1).

6.12 Security Log Collection

The process of managing of security logs e.g. Account Login Failure, Account password
change/reset, account addition, deletion, or group membership change, shutdown and restart,
etc. which required to be archived or to analysed response to incidents and enables compliance
with regulatory requirements for retention of data. For more details refer to DEP 32.01.20.12-
Gen. (DEM1) and PR-2197 - Security Log Monitoring.

6.13 Wireless Security

Wireless devices may be used for a wide variety of applications within the PCD, e.g. collection
of data from sensors, collection of diagnostic data from field instruments, collection and delivery
of data to handheld devices, use of laptops, use of wireless cameras (either portable or fixed),
personnel location monitoring, asset location monitoring and network interconnection
(bridging). A wireless system consists of a number of components. For example a wireless
monitoring system may use a number of wireless sensors connected by wireless to an access
point. This uses a wireless connection to another central host, which may be a separate system
hosting data collection and systems administration applications. In turn, this may be connected
to the DCS or other systems for distribution of the data collected. The information security of all
the elements forming this complete system shall be considered. Industrial wireless field devices
shall be based on ISA 100 or Wireless HART. Other techniques shall not be used unless
approved by CFDH-C&A. Refer to DEP 32.01.20.12-Gen. (DEM1).

Page 31 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

7 Field Instrumentation - Requirements

7.1 General
Low-maintenance demanding field instrumentation should be applied, where other overriding
functionality requirements (e.g. accuracy) are not applicable.
It is recognised that the order of preference for selecting the lowest maintenance is non-
intrusive instruments, in-line instruments, close-coupled and finally impulse-lined instruments.
Intelligent field instrumentation is available with various levels of sophistication such as
'instrument -diagnostics' for maintenance management.
For instrument selection, diagnostic functionality may make the difference in view of:
 The benefit of minimum and efficient maintenance.
 IPF application, decrease of the Probability of Failure on Demand, potentially resulting in
a less hardware needed.
Multivariable field-instruments have been established on the market, offering supplementary
measurement of other process parameters. For certain applications these instruments are
attractive in view of their potential for 'process diagnostics' as well as to optimise the Fieldbus
segment design and minimize equipment counts.
The introduction of new technology shall be agreed with CFDH-C&A and will be based on
experience within the Shell Group, other operating companies or alternatively on field trials in
order to demonstrate the product reliability in PDO environment.

7.2 IPF Valves

7.2.1 Partial Stroke Testing (PST) for IPF Valves

In case the SIF has IPF valves as final elements, they usually become the major contributors
to the PFD of the SIF. A full functional testing of the IPF valve usually involves Process
disruption resulting not only in Production loss but also exposing to Shutdown cum Start-up
risks. Hence Partial Stroke Testing of the IPF valve is significant in order to help maintain the
integrity and to contribute in reduction of the PFD for the SIF.
The requirement for a PST device shall be thoroughly analysed and PST device at the IPF
valve should be avoided as much as possible. Following are some of examples where
requirement can be considered:
 In case the IPF valve final element in a SIF cannot meet required SIL PFD using full
function test as per maximum frequency allowed, refer SP-2316 for more details.
 In cases where the IPF valve final element in a SIF cannot be subjected to full functional
test as required in the SIF PFD calculation (actual test). This includes credits that should
be taken for tripping of the valve on Process demand like ESD/PSD.
The only PST methods allowed are:
 Timed Solenoid Valve Pulsing
 PST using Smart Positioner
PST devices shall be specified only for SIFs in Low Demand Mode of operation and the
frequency of PST should be either 3 or 6 months as per SP-2316.
During PST the IPF Valve should be available for Trip Function. The PST action shall be
independent of safety function and shall allow the valve to respond to a safety demand and
protect the plant during the PST.

Page 32 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

7.2.2 Tight Shutoff requirements for IPF (ESD & PSD) Valves
All ESD and PSD valves shall be tested - during operation phase- for seat leak test to ensure
TSO requirement is maintained to an acceptable level as per PR-1904 acceptance criteria.
Frequency of testing shall be in accordance to SP-2316- SIL Assessments and
Implementation Specification.
The most efficient method for seat leakage testing during operation phase is in-situ online
testing method using acoustic measurements. This method is non-intrusive but requires
testing conditions, i.e. providing a pressure drop across the valve. If this cannot be created
during shutdown then valves shall be taken to workshop for seat leakage testing.

7.3 Applications of Triple Offset (TOV) butterfly IPF Valves

The use Triple Offset Butterfly valves over years have proven experience and found to be
working satisfactorily for shutdown applications as well as for general purpose. Their design
save space and significantly improve operability due to lower torque compared to other
valves. Triple Offset Butterfly Valves are lighter in weight; require smaller actuators and lower
costs compared to ball valves, which would improve the Total cost of ownership. The Triple
Offset Butterfly valves can be used in:-
 Clean liquid applications.
 Gas with no chance of liquid carryover,
 Steam and clean services.
 Pressure rating <= class 900#

Triple Offset Butterfly valves shall not be used for:-

 Lines require pigging.
 Blowdown applications.
 Sizes 8” and below.

7.4 Motor Operated Valves (MOVs) for Safeguarding Applications

Nowadays MOVs are available with self-contained electric fail-safe actuators, i.e. electrically
operated, spring-return failsafe with SIL functional safety certification for use in hazardous
areas. MOVs can be used in safety (IPF) applications where instrument air is not available (like
RMS/RGMS).
However, use of MOVs for IPF application will be a deviation to the Shell DEP 32.36.01.18 and
shall be approved by C&A-CFDH.

7.5 Fieldbus Instruments

In principle, foundation field bus, i.e. H1 Foundation Field bus devices and High Speed Ethernet
shall be used as default. In case a particular type of instrument is not (yet) available with FF
protocol, then use conventional analogue HART instrument or discrete signal.
Fieldbus (i.e. Foundation Fieldbus, Profibus or other equivalent technology) may significantly
reduce TCoO because of its ability to:
 Reduced hardware (less system footprint, field cabling, multivariable transmitters)
 Transmit diagnostic information from the field device or sensor to the central control
system.
 Utilise control algorithms and associated functionality within the final field device, i.e.
migration of the control algorithm from the central control system whilst the functionality
of central set point manipulation is maintained.
All FF field instruments shall have advanced diagnostics features as a minimum.

Page 33 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

Design and configuration of intelligent field devices shall follow DEP 32.30.20.13 and SP-1245.

7.6 Hazardous Area Protection

All field instrumentation including Fire & Gas detectors Shall be certified to EExd (flameproof)
for hazardous area protection,
EExia shall be used for instrumentation installed in Zone 0 areas, or instrumentation not
available with EExd (e.g. some machine monitoring sensors), or in case the existing facility is
predominantly with Intrinsically Safe protection.
EExe field junction boxes shall be used for IS and Non-IS applications. Material of construction
of junction boxes shall be GRP or Stainless Steel.
All field Instruments and Fire & Gas detectors to be installed in the field, including
instrumentations installed in safe area shall be suitable for hazardous area classification Zone
1, Gas Group IIB and Temperature Class T4 as a minimum. However, higher level of hazardous
area protection shall be used if required by facility Hazardous Area Classification.
All field installed instrumentation shall be certified and marked to IECEx standards to meet the
hazardous area class it is used in.

7.7 Powering Medium

For small, medium and large size facilities, valve actuation through Instrument Air is generally
considered as the most reliable, accommodating ' fail-safe' operation at lowest cost.
For very small applications such as a single-well-site, hydraulic and/or Electro-hydraulic
actuation may be considered, provided the concept remains 'fail-safe’ and control response is
within the required limits.
However, switching valves on production well flow lines provided at RMS/RGMS, for well
testing, may be electrical Motor Operated Valves (MOVs); provided they do not participate in
IPFs.
For Instrument Air sizing purpose, the following Control Valve air consumption could be used:
(i) Control Valves:
 Steady state rate: 1.3 Nm3/hr
 Maximum actuation/transition rate: 33.2 Nm3/hr
(ii) On-Off Valves:
 Instrument Air Consumption per Valve: 0.7 Nm3/hr
There is no continuous air consumption for PSD/ESD valves in steady state. Value considered
here is for conservative calculation for infrequent operation and indicative only for initial sizing.
However, final Instrument Air consumption shall be developed based on actual plant operating
demand and selection of Instruments (i.e. valve sequencing, frequency of operations,
especially for switching valves,etc.).

7.8 Power Supply for Instruments

The PAS and Package Systems in the Stations/on-plot facilities shall be provided with UPS
power supply of 240 VAC 50Hz. Power supplies redundancy requirements shall be in line with
the SP-2199 Design Class Selection for PDO Projects.
Field Instruments, Equipments (e.g. MPFM) and Fire & Gas Detectors requiring separate 24
VDC Power Supply for their operation, should be fed from System/Marshalling Cabinets of
respective location.
Power supply design shall meet SP-2199 "Design Class selection for PDO projects Appendix-
3 requirements.

Page 34 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

7.9 Instrument Tagging Philosophy

In order to have a uniform instrument tagging philosophy across PDO for new projects, all
new Greenfield projects as well as major modifications in Brownfield projects shall follow SP-
2152 (Tagging Philosophy and FLOC Level 5) for Instruments Tagging and Instrument
symbols representation on PEFS.
The tagging structure between the PEFS/UEFS, the DCS/lPS/FGS, and engineering tools
(such as Smart Plant Instrumentation (InTools) or another instrument index, flow calculations,
alarm enforcer/other alarm management tools, instrument installation drawings,
instrument/valve sizing, etc.) should align.
Tagging for other instrumentation items like Cables, Junction Boxes, Panels, Cabinets,
Consoles, System Cables, etc.; shall be in accordance with SP-1206 and DEP 32.37.20.10.

7.10 Instrument Cabling

Cables design shall comply with DEP 32.37.20.10-Gen and DEP 33.64.10.10-Gen.
Unless otherwise specified, Type A cable Shall be used for Fieldbus application. All FF
compatible (Type A) cables Shall be of armoured type as per DEP 32.37.20.10, DEP
32.30.20.13 and SP-1206 (Standard Drawing) & shall be minimum 2x2x1.13 mm2 (#16 AWG)
size.
H1 Foundation Field bus signals should be wired directly to the FCS cabinet terminal block,
without intermediate marshalling cabinets. Conventional signals and H1 FF segments shall not
be combined in the same multi core cables.
The cabling for certain applications that are required to be operational during fire, such as for
Fire detection and energise to depressurising duty (if used), shall maintain circuit integrity for a
period of time after commencement of a Fire (in accordance with IEC-60331) to reduce or limit
the consequences of the Fire.
Critical instrument and power supply cabling that is critical for safe shutdown of the Equipment
/ unit during Fire exposure shall be installed in such a way that they are protected against direct
heat radiation and flame impingement. Separation distances using Fire Area rules will not be
adequate since cabling cannot withstand high temperature. If adequate protection via spacing
is not possible, then special Fire-resistant cables shall be used in accordance with IEC-60331,
i.e. able to withstand temperatures of at least 750°C for a period of time necessary to complete
the actions of the critical function, up to a maximum of 90 minutes.
For cabling associated with Fire safety and Fire protection, see DEP 80.47.10.30 and DEP
80.47.10.31.
The Instrument signal cable construction up to 2.5mm2 size shall be based on BS EN 50288-
7. However, for discrete signals (i.e. solenoid power, instrument power, etc.) core cable of size
2.5mm2 and higher as per IEC 60502 is also acceptable.
For Fire resistant application, Mica Tape should be provided over conductor (for cable with
XLPE insulation) or CSR (Ceramifiable Silicone Rubber) insulation should be provided as
conductor insulation. Cable sheath should be Low Smoke Low Halogen to comply with circuit
integrity under Fire condition in accordance with IEC-60331.
Outer sheath of all field cables shall be UV resistant.
Signal separation and spacing requirements from electrical cables shall be as per DEP
32.37.20.10 for the Instrument cables.

7.11 Instrument installation

Field instruments shall be installed in accordance with the standard drawings, SP-1206.

Page 35 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

7.11.1 Sunshade for field Transmitters

All field instruments that contain electronics shall be provided with sunshade to protect them
from high surface temperature unless they are certified to operate up to 70o C, or installed within
larger equipment shades/shelter.

7.11.2 Off plot cabinets cable entry

Off plot cabinets’ cable entries shall be through cable glands fitted to gland plates. All spare/not-
used cable entries shall be sealed. This is to maintain the cabinet assigned IP grade and protect
cabinet’s components from dust/sand/rodents.

7.12 Earthing
Instrument earth systems shall be provided to ensure:
 Minimize the hazards to personnel and equipment resulting from electrical faults, lightning
discharges and static electricity.
 Reduce the effects of electrical interference on the signal lines of instruments.
 To limit the energy transmitted to equipment located in hazardous areas.

The instrument earth system shall be made up from three independent sub-systems:
1. Instrument Protective Earth (IPE).
2. Instrument Earth System (IE).
3. Intrinsically Safe Earth (ISE).

The instrument earth/intrinsically safe earth shall be connected at a single point.

For further details, refer to DEP 32.37.20.10-Gen. Instrument Signal Lines.
For typical configuration of a protective earth and instrument earth system, refer to SP-1206
and S 37.101.
For Systems earthing, refer to SP-1245.

7.13 Instrument Fittings

The following requirements to be considered:-
 Fittings and tubing should be avoided for process connections as much as possible.
 All Instrument fittings shall have BSP threads. NPT threaded fittings Shall not be used.
Purchasers/Projects Shall ensure that packages and equipment sourced from North
America use BSP thread for instrument fittings.
 There is a safety risk of tubing materials intermix. Therefore, different tubing materials
to be minimized and identified.
Refer to DEP 32.37.10.11-Gen for impulse line and fittings further requirements.

7.14 Flare Flame scanners

Flares flameout that contribute in shutdown action to be provided with flame scanners
configured in 2oo3 voting instead of thermocouples, trip time delay should be assessed in case
by case basis. Flare Flame scanners shall be located outside the sterile zone.

Page 36 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

8 Production Measurement (Metering)

8.1 General
Metering shall be provided to monitor and optimise production from all production processes.
A comprehensive description of the current Production Measurement System, its activities and
interfaces is defined in the “Production Measurement management System GU-919”.
Maintenance requirements for production measurement devices are described in the following
procedures:
 PR-1293 “MOL Metering System Verification Procedure”
 PR-1099 “Metering Flow Factor Update Procedure”
 Metering MCPs in SAP.
Metering uncertainty shall be as per following table:

Metering classes
Uncertainty for
volumes/ contractual
Class Type and purpose
or statutory
requirements
Custody Transfer / Fiscal Measurement System.
It measures the amounts transferred at the custody transfer
point. This measurement is done for monetary exchange. Gases ≤ 1%
1
Purpose: Sales/tariffs for natural gas and hydrocarbon Liquids ≤ 0.25%
liquids or electricity and other utilities (e.g. steam) and
allocation to a production system.
Allocation/Material Balance Metering System.
It determines the quantity of hydrocarbon liquids (oil and
condensate) and natural gas produced from an allocation
2 node e.g. field export meters and MOL meters 1% to 5%
Purpose: Segregation of areas of different uncertainty, or
different equity shares, or taxation rules, e.g. concession
boundaries.
Well and Reservoir Management/Surveillance Metering
System.
It determines the quantity of oil, water and gas produced
3 from an individual well e.g. via well testing or (including 10% to 20%
injectors). May also be used for gas balance
Purpose: Allocation to individual wells and for well and
reservoir management
Environmental Metering System.
It determines the quantity of oil, water and gas within the
allocation process attributed to environmental measuring
4 10% to 20%
(flare, fuel, water, etc.)
Purpose: Allocation/Hydrocarbon Material Balance and
Environmental Reporting requirements (GHG, etc.).
Table-1: Metering uncertainty Table

Pressure and temperature compensation shall be applied for all process gas applications.
Utility gas lines (e.g. Nitrogen, Instrument Air, Plant/Service Air line) flow meters may not be
pressure and temperature compensated; when utility is supplied from a common header

Page 37 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

having constant pressure and temperature. For liquid applications, temperature compensation
to be provided, if specified in the requirements of various classes detailed below.
The selection and specification of the instruments for production measurement shall be as per
below details and DEP 32.31.00.32 and DEP 32.32.00.11-Gen.
Project specific Allocation, Surveillance and Metering Philosophy should be developed in
consultation with UCA2 (Hydrocarbon Allocation) and UOA2 (Production Measurement).
Boundary (export/import) Meters classes shall be consulted from UCA2.

8.2 Flow Measurement

8.2.1 General
Flow compensation configuration to be configured in the BPCS for flow meters class 1, 2 &3 as
per below PDO standard drawing for different flow meter type:
 STD-00-000000-IN-2580-00002-0001
 STD-00-000000-IN-2580-00002-0002
 STD-00-000000-IN-2580-00002-0003
 STD-00-000000-IN-2580-00002-0004

8.2.2 Fiscal Measurement (Class 1)

Within the field of Custody Transfer Metering, integrity includes both a technical and fiscal
aspect. Technical integrity shall guarantee reliable and safe operation with a low risk of failure.
Fiscal integrity shall ensure confidence in the metering results by all stakeholders.
Custody transfer metering system shall be designed, integrated, installed & commissioned by
using Metering System Integrators as per the AVME list.
The metering system uncertainty shall be as per table 1. However, the overall metering system
accuracy shall be within the limits stipulated in the product sales agreement between the
buyer/seller and the Company. To meet the overall system accuracy, compensations from
online measurements (such as pressure, temperature, density, specific gravity, viscosity,
TVP/RVP and composition) shall be applied.
The following instrumentations shall form part of the overall fiscal metering system. Flow meters
and validation methods are listed in their order of preference:
Device Fiscal metering for liquid Fiscal metering for gas

Flow meter  Coriolis mass flow meter, or  Multipath (four or more)

Ultrasonic flow meter, or
 Multipath (four or more) Ultrasonic
flow meter, or  Coriolis mass flow meter, or
 Turbine flow meter  Orifice flow meter
Secondary 1. Pressure transmitter(s) 1. Pressure transmitter(s)
instrumentation
2. Temperature transmitter(s) 2. Temperature transmitter(s)
3. Density meter(s) 3. Density meter(s)
4. Flow computer(s) 4. Specific gravity meter(s)
(Optional)
5. BS&W Meter
5. Flow computer(s)
6. Supervisory System(s)
6. Supervisory System(s)
7. PLC
7. PLC

Page 38 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

Device Fiscal metering for liquid Fiscal metering for gas

Quality and 1. Sampling extraction system (Auto 1. GC(s) with Sample

Composition grab sampler) with all necessary conditioning system(s) that
devices to extract liquid samples incorporate manual lab
for purpose of online and off-line sampling facility
analysis.
2. Hydrocarbons Dew point with
2. Manual Sampling point Sample conditioning system
3. Sample conditioning system for
RVP/TVP Analyser
4. RVP/TVP Analyser
Validation Method  Pipe/compact prover unit, or  Duty / standby meter for
validation in Z configuration
 Master meter
Isolation Valves  Double Block & Bleed Valves for  Double Block & Bleed Valves
stream inlet, outlet and crossover for stream inlet, outlet and
valve. crossover valve.
Table-2: Class 1 meters types & Selection

All Class 1 metering systems selection should be reviewed by C&A function.

Gas chromatograph (GC) with auto validation facilities shall be part of the metering system.
The calibration of all measuring devices of the metering system and calibration gasses shall be
traceable to international standards.
A meter validation/proving shall be provided for all Class 1 metering systems.
A proper uncertainty assessment (based on ISO/API) shall be made to confirm that uncertainty
of the metering system is within the overall limits.
A metering system total pressure drop assessment shall be made to confirm not exceeding the
metering system maximum allowable pressure drop
Technical integrity of custody transfer metering including traceability of metering data shall
primarily be achieved through compliance with relevant engineering practices, standards,
design reviews, etc. Assurance audits shall be built in the yearly business plans.
Transparency in the metering system shall be provided by a measurement manual addressing
metering configuration, operational procedures, data handling, quality assurance, audit results,
etc. Adequate management of software and parameter settings of flow computers, flow meters
and gas chromatographs shall be in place to ensure transparency.
The design of a metering system shall also address the data flow from/to buyer/seller.
Automated daily reporting and transmission to buyer/seller shall be designed in order to
minimise manual intervention. It shall have a demonstrable high integrity.
During the operational life of the metering system, integrity shall be maintained by an adequate
and auditable quality assurance system. This quality assurance system shall be in line with
relevant contractual agreements.
For more Fiscal measurement system guidance, refer to GU-875 Fiscal Measurement Systems
Guideline document.

8.2.3 Allocation Measurement (Class 2)

The following instrumentation shall form part of the overall allocation metering system. Flow
meters are not listed in their order of preference; preference of a meter principle depends
on the specific fluid properties and application requirements:

Page 39 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

Device Allocation metering for liquid Allocation metering for gas

Flow meter  Coriolis mass flow meter, or  Wetted-type Multipath (two or

more) Ultrasonic flow meter, or
 Wetted-type Multipath (two or more)
Ultrasonic flow meter, or  Coriolis mass flow meter, or
 dP (cone, venturi or orifice) meter  dP (cone, venturi or orifice)
meter
Secondary 1. Temperature transmitter 1. Pressure transmitter
instrumentation
2. Pressure transmitter(s) 2. Temperature transmitter
3. Density meter, if required 3. Density meter, if required (Note
1)
4. Flow computer, if required
4. Flow computer, if required
5. BS&W Meter
Composition 1. Sampling extraction system (Auto 1. Manual sample extraction
grab sampler), if required, with all system with all necessary
necessary devices to extract liquid devices to extract gas samples
samples for purpose of online and off- for purpose of online and off-
line analysis. line analysis, if required
2. Sample conditioning system 2. Sample conditioning system if
GC is installed
3. RVP/TVP Analyser, if required
3. GC, if required (Note 1)
4. Moisture Dew point
Table-3: Class 2 meters types & Selection

Note 1: In case it is not possible to get a density reading for conversion to Sm3, a GC to be used.

All Class 2 metering systems selection should be reviewed by C& A function.

8.2.4 Reservoir and Facility Measurement (Class 3)

8.2.4.1 General
Class 3 meters are used for Facility Management. Facility Management flow metering
comprises monitoring of equipment performance for optimisation of production capacity,
monitoring of equipment performance or individual station export meters (not used in allocation)
and envelope measurement of all consumables (fuel gas, chemicals, etc.) used in the
production process.
These measurements plays a primary role in determining wells and facilities production.
Production measurement, Reservoir Management & Surveillance flow meters form the
foundation of wells / reservoirs and facilities measurement. These include well testing
equipment, separators and rotating equipment flow measurement, gas lift measurement, well
testing measurement etc.
All oil, water, gas, steam, condensate, and polymer streams produced from or injected into a
reservoir shall be measured under this category to enable the evaluation, development and
optimal management of PDO's hydrocarbon reserves.
Flow meter selection for Facilities Measurement shall follow guidelines provided in Section-7 of
Shell DEP 32.31.00.32. The most cost & maintenance effective solution shall be selected for
the intended flow measurement application meeting uncertainty as specified table 1 above.
Pressure and/or temperature compensation shall be applied.
Since the flow devices in class 3 involve measuring wide flow ranges of different phases from

Page 40 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

single-phase, two-phase and three-phase, a wider selection of flow metering devices may be
considered based on the application.

8.2.4.2 Single and Two phase Flow Measurement

Single phase flow measurement often refers to either one liquid type with entrained gas
generally less than 2% GVF or gas with less than 2% liquid. Two phase flow measurement is
often refers to a flow mixture of two liquids (oil & water) or (condensate & water) with GVF less
than 2%. In addition, two phase flow measurement is also used in well testing where wells have
GVFs less than 2%.
Selection of the flow meter in this category depends on the application (i.e. rotating equipment
suction/discharge flow, test/bulk separator outlet, gas lift, water injection, pump recycle, fuel
gas, etc.) as it will differ from an application to another.
The following instrumentation shall be provided for different applications. The flow meters are
listed in their order of preference.
Note: Flow meters listed hereunder are for the streams which form part of hydrocarbon
accounting. Other streams may follow the same selection or alternative flow meters in line with
GU-919.
For optimisation applications and meter selection, consult C&A function.
Flow Meter Selection
Application Oil / Cond. / Liquid Water Only Gas

Vortex,
E-magnetic,
Ultrasonic,
Vortex,
Export/Import (Note 1) Coriolis, Ultrasonic
dP (cone, venturi
(single phase only), dP (cone, venturi or
orifice or pitot tube)
or dP (cone, venturi orifice ) meter
meter
or orifice ) meter
Coriolis, Ultrasonic
Gathering station (single phase only),
gross discharge / or N/A
Bulk meters (Note 1) N/A
dP (cone, venturi or
orifice ) meter

E-magnetic,
Vortex, dP (cone,
Vortex,
3-phase venturi orifice pitot
Coriolis, Vortex, or
Separator (Note 1) Coriolis, or tube) meter, or
dP (cone or venturi)
meter dP (cone, venturi or Ultrasonic
orifice ) meter

Vortex, dP (cone,
venturi orifice or
pitot tube) meter, or
2-phase Separator Coriolis, Vortex, or dP (cone or venturi)
(Note 1)
meter Ultrasonic

Wells with
Coriolis N/A
GVF < 2% (Note 1)
Gas Lift / injection
N/A N/A Vortex, or Orifice

Page 41 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

Flow Meter Selection

Application Oil / Cond. / Liquid Water Only Gas
Water Injection / N/A E-magnetic, or N/A
supply (Note 2)
dP (cone, venturi or
orifice ) meter
Others Consult CFDH-C&A Consult CFDH-C&A Consult CFDH-C&A
Table-4: Class 3 Meters Types & Selection
Notes:
1. For oil / condensate stream, a water cut meter is required. Refer to section 8.3.

2. An OIW (Oil In Water) analyser may be required. Refer to section 8.3

8.2.4.3 Multiphase Flow Measurement (MPFM)

Multiphase flow measurement has become one of the most favourable solutions for well testing,
bulk flow measurement and some applications for allocation purposes. Multiphase flow meters
provide continuous production data enables early detection of changes and real time production
optimisation. They have no moving parts and generally are smaller in size. The use of
multiphase flow meters requires a thorough understanding of individual application and in-depth
knowledge of the flow regimes.
Multiphase flow meters may be used for well testing applications where GVFs are more than
2%. Although some multiphase flow meters may handle higher GVFs (greater than 90%) by
using partial separation or advanced computation, their performance requires confirmation by
CFDH-C&A before using them for these applications.
The selection of MPFM is to be aligned with the net oil uncertainty requirement specifically on
high water cut applications, if the MPFM will not yield acceptable net oil uncertainty due to the
high water cut; it is advised to seek alternative measurement / testing methods. Technically
acceptable alternatives may require robust justification in terms of their business and economic
viability.
Net oil measurement for fluids contain water cut higher than 98% does not yield a useful
measurement accuracy. Consult CFDH-C&A for such applications.
The use of MPFMs utilising radioactive sources shall be considered only if they add significant
benefits over the non-radioactive technologies.
The selection between test separator, multiphase flow meter or two-phase flow meter shall be
in line with asset development plan.
All multiphase flow meters selection shall be approved by CFDH-C&A.

8.2.4.4 Wet Gas Flow Measurement

Wet gas metering is another type of multiphase metering, mainly intended for gas wells.
However, the definition of wet gas involves liquids with high GVFs which is also applicable to
oil wells with very high GVFs. The value of GVF where the fluid is considered wet gas depends
on the mass flow rates of liquid and gas and expressed in a Lockart-Martenelli (LM) parameter.
Generally, the fluid is considered wet gas if LM parameter is less than 0.35.
Generally, for gas well head wet gas measurement, a dp flow meter with wet gas correction
module shall be selected, preferably Venturi flow meter. The requirements for wet gas flow
meters shall be addressed to CFDH-C&A for selection of appropriate wet gas flow meters
The wet gas metering system shall comprise of the following three main elements:
 A fluid flow measuring device (single phase measurement).
 A method of correcting the measurements of the flow measuring device for multi-phase

Page 42 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

flow based on relative phase content, and

 A means of estimating the relative phase content through the measuring device. This can
be obtained from a secondary method (e.g. Tracer dilution technique, well testing data,
etc.).
Venturi based Wet Gas Flow Measurement system shall be designed and operated in line with
requirements of PR-1996 (Venturi Based Wet Gas Meter (WGM) Sizing, Commissioning,
Update and Review Procedure).
All wet gas flow meters selection shall be approved by CFDH-C&A.

8.2.4.5 Steam Flow Measurement

EOR is using steam injection, therefore measurement of injected steam flow and quality
becomes essential to optimise production and hydrocarbon recovery. Developments in the field
of steam flow measurement are evolving rapidly. Some of these involve using orifice, vortex
meters, venturi meters, cone meters, flow nozzles.

8.2.5 Environmental Measurement (Class 4)

The data from Environmental measurement meters are used for environmental legislation or
monitoring e.g. flow measurement of flared gas, water disposal (including injection), oil in water,
gas emissions, and any aspect where continuous measurement of volume released to the
environment forms part of environment legislation requirement.
The following instrumentation shall be provided for different applications related to
environmental measurement. The flow meters are listed in their order of preference.

Application Flow Meter Selection

Liquid Gas
Flare gas N/A Ultrasonic
Water disposal (to Reservoir) E-magnetic, or N/A
dP (cone, venturi or orifice )
meter,
Oil in Water Consult CFDH-C&A N/A
Emissions N/A Consult CFDH-C&A
Table-5: Class 4 Meters Types & Selection

8.3 Quality measurement

Determining the quality of fluids on each produced stream is as important as measuring the
flow. Traditionally, samples from key producing streams were extracted and analysed in the
laboratory. A continuous measurement of some of these parameters is important to enable
carrying out production monitoring, optimisation activities, allocation processes and to meet
contractual agreements, specifications and environmental legislations.
Manual sampling shall be provided for the same application where online quality measurement
is installed.

8.3.1 Water Cut Measurement

Online water cut measurements are widely required across many PDO's operation from well
testing to fiscal measurements. As the water cut in these applications varies from a fraction of
a percentage to almost 100%, different water cut measurement technologies are available for

Page 43 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

different applications (e.g. infrared, microwave, conductivity, capacitance or density based).

All water cut meters selection shall be approved by CFDH-C&A based on the application, fluid
composition and range requirements.
Many streams will require water cut measurement (or sometimes referred to as BS&W meter).
These include HC export and import streams from gathering and production facilities, test
separators liquid outlets, certain tanks/bulk separators liquid outlet, MSVs equipped with well
testing equipment (e.g. Coriolis meters)..
Generally, a microwave based water cut meter is preferred for fiscal and export applications
where water cuts are generally low. For test and bulk separators, tanks, different water cut
technologies may be used after consultation from CFDH-C&A.
For well testing with low GVF (generally <2%) and water cuts 20%- 80%, generally a coriolis
meter equipped with a Net Oil Computer (NOC) can also be used for water cuts between 20%
to 80%. Correct base densities of dry oil and dry water shall be configured in the NOC. These
will require to be updated periodically.
For Class 1 Liquid Fiscal/Custody transfer measurement Auto Grab Sampler shall be installed
for water cut Laboratory analysis and reporting. For any other application to install Automatic
Grab Sampler CFDH-C&A shall be consulted.
Water Cut meter Selection table below summarises water cut meters selection based on
different water cut and GVF ranges. Note that for Class 1 and Class 2, water cut meter is
required.
Selection of water cut measurement devices shall take into consideration, velocity and
homogenous mixing requirement, installation orientation, maintenance and operations
influence on measurement accuracy.

The selection of Water Cut Meter is to be aligned with the net oil uncertainty requirement as
per PR-1304 specifically on high water cut application, if the water cut meter will not yield
acceptable net oil uncertainty due to the high water cut; it is advised to seek alternative
measurement / testing methods. Technically acceptable alternatives may require robust
justification in terms of their business and economic viability.
For water cut more than 98%, current technology is not available to meet the net oil uncertainty.
Therefore, online water cut meter shall not be installed in these applications.

Water Cut 0 – 4% 4 – 20% 20 – 80% > 81- 98%

GVF = 0% Microwave Microwave Density Infrared
Capacitance Capacitance Microwave Microwave
0% < GVF <2% Microwave
Microwave Microwave Microwave
Density
Infrared Infrared Infrared
Infrared
2% < GVF < 10% Infrared Infrared Infrared Infrared
GVF > 10% Consult CFDH-C&A
Table-6: Water Cut Meter Selection Table

Page 44 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

8.3.2 Oil in Water Measurement

With the increase of water production and IOR activities of water injection, it has become
important to monitor the injected and disposed water quality to meet environmental legislation
and to capture water treatment facilities performance at early stage.
Oil in water analysers are used at specified locations where continuous monitoring of water
quality is important.

8.3.3 Reid Vapour Pressure (RVP) Analyser

This type of online analyser is one of the requirements in fiscal measurement (Class-1) as well
as allocation measurement (Class-2). It is also used for condensate quality monitoring to meet
MOL TVP specifications. CFDH-C&A is to be consulted for proper selection.

8.3.4 Gas Chromatograph (GC)

Gas chromatograph is one of the requirements of fiscal measurement (Class-1) as well as
allocation measurement (Class-2) of gas or where gas is exported in pipelines. Gas
chromatographs measure the composition of the gas and calculate different parameters
essential to monitor the quality of the gas and for custody calculations.
Selection of appropriate gas chromatograph shall be in consultation with CFDH-C&A.

8.3.5 Moisture analyzer

Moisture analyzers cover a variety of methods for measuring moisture content in both high level
and trace amounts in solids, liquids, or gases. Most industrial process moisture measurements
are done using an extractive sample system where the analyzer probe is located in a flow-
through cell. Other types of moisture analyzers can measure directly through the process pipe
(TDLS) while the majority requires some type of sampling system.

8.3.6 Sampling Methods

There are several methods used to take a process sample depending on process conditions
and composition. Process temperature and pressure as well as accessibility for maintenance
must be considered when selecting the type of sampling method. The Instrumentation,
Systems, and Automation Society (ISA) uses the words Insitu, Ex-Insitu, Semi Extractive, and
Extractive to describe different sampling techniques.
Design and Selection of appropriate sampling methods shall be in consultation with CFDH-
C&A.

8.3.7 Sample Conditioning Systems

Analyzers are designed to work with clean, dry, non-corrosive, non-interfering samples at
specific conditions of temperature, pressure and flow. The sample system has to take process
samples that are dirty, corrosive, contaminated, too hot or cold, at too high a pressure or at
insufficient pressure to provide proper sample flow, and condition the process sample so that it
meets the required conditions for sustained operation.
A complete process data shall be given to the analyzer system vendor in order to design a
proper sampling conditioning system for a given application.

8.3.8 Other Analysers

Any requirement for other analysers shall be discussed with CFDH-C&A for selection.

Page 45 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

9 Maintenance
It is evident that over time the technical integrity of a facility will significantly deteriorate, if
planned maintenance is not being followed.
Figure 9. Illustrates facilities 'Integrity confidence' over time;

Maintenance Integrity over time

"Confidence"
Initial shortfall
Total 1.0
Resilience to design accidental events
Technical integrity
PM/Audit PM/Audit PM/Audit Current
Start-up
RRM practice
(Periodic audit)

(Operator errors)
Business controls
Pragmatic band

Uncontrolled
Deviations progression

0.5 Formulation
of 'Plan' Modifications

Relaxation of procedures
Resolution of
uncertainties
Changes in operating &
environmental conditions

Project
Introduction of inadequately
inception
trained personnel

0.0
TIME

Figure 9: Maintenance Integrity over time

Following initial start-up of a facility, minimum maintenance requirements of the C&A system,
equipment, modules and components shall be put in place to ensure sustained Technical
Integrity. PDO is developing an overall Maintenance Management System (MMS) for all the
assets and will be incorporated in the SAP Work management system. The MMS will have ‘task
lists’ describing the required maintenance activities and frequencies for each item of the assets
to be maintained.
For the purpose of effectiveness, such maintenance procedures shall be based on rated risk,
i.e. through a criticality assessment of the various equipment and systems of which that facility
or asset consists. Note that the adoption of risk based maintenance potentially implies a
reduction in cost whilst ensuring an acceptable technical Integrity.
The PDO adopted basis for the Maintenance Management System, is the methodology of 'Risk
Reliability Management' (based on IPF, RCM and package criticality), which determines the
required maintenance activities on the basis of the rated 'criticality'.
For the Instrumented Protective Functions, the risk level classification will yield a maintenance
/ test schedule, which should be subsequently entered into the SAP Workbench Management
Tool for the purpose of maintenance management.
Maintenance execution should be managed through the SAP Workbench Management Tool.
To date, on-line 'Maintenance Diagnostic and Advisory systems' have become mature enough
that under certain conditions, their preventive maintenance may be fully based on the diagnostic
information provided.

Page 46 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

Only relying on such diagnostic advice and thus without further maintenance scheduling, would
potentially reduce the TCoO.
To date, the maintenance cost for Control and Automation systems are not fully visible, but it is
yet appreciated that: maintenance fees amongst the various vendors do vary, system
availability’s differ (failure rates) and that different maintenance strategies are in place.
Consequently, it will be required to monitor reliabilities and cost, to develop Performance
Indicators and to establish targets on the basis of benchmarking.

Page 47 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

10 Engineering Principles

10.1 Application of Standards

10.1.1 Setting and Applying Standards

Application of standards is considered beneficial for the following two reasons:
1) Standards are the 'corporate memory' and hence available resources can be utilised
more effectively, i.e. the re-inventing of methodologies might be avoided;
2) Risk might be demonstrably limited to an acceptable level as the standard is generally
proven.
When applying standards for PDO facilities, the mandatory order for their use is as follows:
1) Local statutory rules and regulations governed by the Omani law.
2) Project specifications & Philosophies.
3) PDO specifications (SP’s)
4) Shell group standards (DEP’s)
5) International standards (e.g.: API, IEC, ISO, DIN, BS, ISA, etc.)

10.1.2 Approved Vendor for Materials & Equipment (AVME)

PDO’s AVME (latest publication); Product Group Categories is a selection Guideline for
Vendors of instrumentation devices and systems, aiming to:
 Avoid multiple evaluations and field-trials of instrumentation throughout PDO.
 Provide a certain degree of Standardisation.
 Provide a selection aid for proven (non-risk) instrumentation devices and systems.
 Limit the variety of similar devices and systems throughout PDO.
 Reduce operations and maintenance cost.
All field instrumentation and automation systems including Instrumentations within all Packages
shall be sourced from the AVME vendors only. Any deviation from AVEM shall be approved by
C&A CFDH.

10.1.3 Standards Challenge & Variance Control

Users should always endeavour to apply standards with a certain degree of rationale and are
strongly encouraged to challenge the current Company standards (PDO PR’s, SP’s, GU’s and
DEP's etc.) during the project execution with the aim of identifying areas where cheaper, quicker
and more cost effective design can be achieved, albeit without compromising the integrity and
operability of the facility.
However, any deviations (non-compliance to Shall or Shall [PS]) to the C&A standards,
including this specification, or AVME shall be approved by CFDH- C&A through Web based
Standards variance control log.

10.2 Contracting and Procurement Strategy

10.2.1 Main Instrument Vendor (MIV)/Main Automation Contractor (MAC)

The concept of Main Automation Contractor (MAC)/Main Instrument Vendor (MIV) have been
introduced for the purchase and integration of main control room equipment/ systems and the

Page 48 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

associated sub systems to provide single point accountability. This strategy has potentially the
following advantages:
i. Reduces systems interfaces.
ii. Minimises project delays and consequently budget overrun.
iii. Minimum vendor systems and software interfaces.
iv. Commercial attractiveness for a contractor.
v. Early involvement of vendors and hence opportunity for design optimisation
The scope of MAC/MIV should typically include the main systems and equipment such as FCS,
IPS, FGS, System cabinets, Interface boxes, Marshalling cabinets, HMI’s/ Servers,
Communication hardware and Field bus devices including their associated power conditioning
units.
The non-FF devices and other field instruments, valves, etc., are best to be handled separately
especially if they are not from the same vendor.
For modifications in the existing PAS, Corporate Purchase Agreement (MAC EFA) will be
applied.
This strategy shall be reviewed on a project-by-project basis depending on the number & type
of systems, schedule, interface issues and the estimated order value etc. For sizable projects,
CFDH-C&A shall be consulted for advice on the optimum scope for the MIV/MAC contract.

10.2.2 Valve Automation Centres (VAC)

Actuated On-Off valves required for IPF applications shall be procured through the approved
Valve Automation centres (VAC) recommended in the AVME. General purpose actuated On-
Off valves may be procured from the Valve manufacturers recommended in the AVME, but
necessarily from VAC.
Actuators for On-Off valves shall comply with DEP 32.36.01.18.
The VAC’s have a track record of more than 8 years in the valve automation with shell operating
units and supply the actuators that have already been type tested in accordance with DEP
32.36.01.18 (or as per DEP 31.40.70.30 before publication of DEP 32.36.01.18). This is to
ensure the approved valve design and actuators are followed for maintaining the required safety
integrity level.

10.2.3 Integrated Wellhead Control System

To optimise the wellhead design and avoid the interface issues between different sub-
components, especially for the safety critical valves, Integrated wellhead control system
approach is strongly recommended. This shall typically include the following items.
 Wellhead Hydraulic Control panel.
 Design and supply of fusible plugs.
 Choke valve.
 IPF/HIPPS valves.
Wellheads shall be provided with SIL rated PLC and transmitters for safety functions in place
of relay system and switches. It is preferred; wherever possible the logic solver (PLC) should
be of the same make and type of the main facility Instrumented Protective System. This shall
be reviewed on a case-to-case basis depending on the project requirements.

10.2.4 Pricing Agreement and SAP Coded Equipment:

Company has sets of pricing agreement with equipment suppliers; projects are encouraged
to use them for the objective to:

Page 49 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

1. Expedite procurement and delivery.

2. Quality of technical spec is maintained and no bid evaluation is needed.
3. Guaranteed vendor support.
Company also has repository of purchase codes that can be used to expedite purchases.
Project with limited scale should consult with C&A function for support.

10.3 Packaged Units

10.3.1 General Considerations

Conceptual differences shall be avoided between discrete Control and Automation Systems
and those provided by vendors of package units. For the purpose of an optimum operator plant
interface and for technical simplicity, a similar ‘C&A concept and system selection criteria’
should be applied for package units as for the overall facility. This means that the C & A systems
applied for the package units should, in principle, be same as the overall facility and integrated
into the main system.
Production Automation Systems (PAS) as described under section 4 should be followed.
Applying Foundation Fieldbus based open systems will allow remote diagnostics and remote
maintenance of the systems and field instruments.
In conclusion, modular concepts should be considered to control variety and accommodate
Operator Interface transparency, especially if all systems are linked to one common host
system with common operator interface (HMI).
The PAS for the package units shall be followed as per the concept outlined above.

10.3.2 Package Units specific controls

The packages such as Compressor units may have the following typical control requirements.
 Capacity control
 Performance/ Load control
 Anti-surge control
Capacity control, Anti-surge control and/or performance/ load controls etc. shall be
implemented in the facility’s main Basic process control system such as FCS/DCS. Scan time
for Capacity control and/or performance/ load controls shall be less than or equal to 250 mSecs.
Anti-surge loop shall be implemented using the Shell CASC methodology. The anti-surge
control loop shall be executed every 100 ms. Instruments shall be HART for optimal controller
performance. Anti-surge trip shall be implemented in facility main FCS/DCS/IPS in line with SIL
implementation (refer to SP-2316).

10.3.3 Machine Monitoring and Protection

On line Vibration and temperature monitoring systems are applied for the machinery monitoring
and protection purposes. Some of these systems are proprietary in nature and have proven
track records but yet to obtain full TÜV approval for the SIL classes.
Due to the limited number of systems in the market and considering their past performance,
these proprietary systems are still acceptable for the machine monitoring and protection.
To further increase the reliability of the machines and availability, on-line performance
monitoring system may be applied where practical and cost benefit.
Some of the MHMS Systems have limitation of total length of cable between Machine Vibration
Sensor and MHMS System Cabinet. This limitation shall be discussed with the vendor in the
early stage of the project (e.g. SELECT phase) to avoid any ambiguity/specific additional

Page 50 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

requirements during subsequent phase of project execution.

10.4 Environmental Conditions

10.4.1 Control room

Normally the control room will have an air-conditioned environment at a temperature of 25C.
However while being transported to site or during a malfunction of the air conditioning system
the ambient temperature may vary between 5 and 50C. At all times, the relative humidity may
vary between 30 and 98%, and the air may contain sand dust particles as small as two microns.
Normal dust filters will be used for heating, ventilation and air-conditioning (HVAC) equipment.
All system hardware installed in the Auxiliary Room/ Field Auxiliary Rooms /Control Room shall
withstand maximum 50C room temperature and relative humidity of 95% for four hours at
power on condition with full rated capacity in case of HVAC trip due to power supply failure.
The effect of HVAC trip shall be carefully reviewed and assessed for its impact on the PAS.
Tripping of HVAC cooling circuit should be avoided.
Panels mounted inside control building shall have a minimum ingress protection class of IP-22
(IEC 60529) and Corrosion Resistance classification shall be G2 as per ISA 71.04 for Control
system components.

10.4.2 Field/ Outdoor

All plant mounted equipment to be installed in the field or outdoor location shall be suitable for
use in industrial, humid, saliferous and corrosive atmospheres and Shall be adequately
protected to the electrical area classification.
All field instrumentation shall be certified to operate without any degradation at 70o C ambient
temperature if not provided with shade. However, shaded instruments shall be certified to
function-without any degradation at 60C; with relative humidity of 95% max.
All outdoor field instruments with local LCD display should be installed under shade.
The minimum degree of protection of plant Equipment shall be IP65 as defined in IEC 60529.
Tropicalisation (conformal coating) of printed circuit boards is required for all equipment in
outdoor areas.
Depending on site conditions, the contacts of switches/ relays may require protection against
traces of H2S and SO2 in the indoor and outdoor atmospheres by gold coating (at least 10
microns) or by locating them in hermetically sealed housings.

10.4.3 Outdoor system cabinets.

All outdoor system cabinets’ components shall be certified to operate without degradation at
70o C.
Internal cabinets heat dissipation calculation to use 60o C as ambient temperature. Circulation
fans shall be redundant and provided with alarm on HMI in case of fan failure and cabinet high
temperature. Cabinet door open indication shall be provide on the HMI as well.
Outdoor cabinets shall be provided with sunshade to protect them from direct sun
radiation/exposure.
All system cabinets shall undergo heat sock test part of the FAT activities at the specified
temperature for outdoor.
The minimum degree of protection of cabinets shall be IP65 as defined in IEC 60529.

Page 51 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

10.5 Loading and Sparing Philosophy

Loading and Sparing Philosophy for C&A shall follow guidelines provided in SP-2199 "Design
Class selection for PDO projects", “FRD - 00000787_SF_2015-02 – PACO”, Appendix-3 of

10.6 Critical Documentation

Following documents shall be produced for every project/FCP regardless of size:
 PAS selection strategy report
 Instrumentation Database handover certificate.
 Error! Hyperlink reference not valid.
Non-compliance to the above shall be managed through variance tool.

Page 52 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

11 Future Developments

11.1 General
Consideration of new innovation is highly encouraged, as new technologies potentially will
provide equal and often enhanced functionality at a lower lifecycle cost.
From another perspective, new technologies may also enable new cost-attractive-ways of
working, i.e. an alternative operating strategy.

11.2 Process Control Technology and Optimization

11.2.1 Advanced Process Control Techniques

In the longer term, application of multivariable control and other advanced control techniques
will be considered for further overall optimisation of product flow and thereby reduction of the
TCoO.

11.3 Instrumented Protection and Safeguarding

11.3.1 Fully Automated IPF testing

Where feasible, fully automatic IPF testing facilities (such as MVC, Partial stroke testing) for
both IPF initiators and IPF final elements should be installed to further reduce operating cost.
However, Partial stroke testing to be applied on final elements based on requirements specified
under Section 7.2.1 of this document.

11.3.2 Reduction of failure rates of IPF elements

Detailed analysis need to be carried out on un-revealed and revealed failures for IPF initiators
and final elements. Reduction of the failure rates will enable a longer test interval for IPF’s.

11.4 Field Instrumentation

11.4.1 Non-intrusive Measurement Techniques

The development and application of non-intrusive instrumentation will ensure a higher integrity
(only one or none process connections) and lower CAPEX and OPEX. This technology is
promising and currently under testing.

11.4.2 Safety Shutdown Valves

Safety Shutdown valves are being developed comprising diagnostic functionality, such as
torque monitoring, travel / time checking and leakage determination.
Potentially, such diagnostic functionality improves the PFD, and hence simplification of a
Shutdown Valve actuated IPF function would be imminent.

11.4.3 Electronic Marshalling

Electronic Marshalling is being developed that can offer a flexible assignment I/O sub-system.
“An I/O sub-system that’s I/O channels (i.e., analogue input, analogue output, discrete input,
discrete output, RTD input, T/C input, etc.) can be assigned and reassigned to any controller
without re- I/O wires.”
A design that permits installation in Zone 2 (Class 1, Division 2) hazardous areas.

Page 53 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

A design that permits adding/removing/re-installing individual interface modules under power

and without hot-work permits.
Potentially such functionality can minimize system engineering time and system tailor made.

11.4.4 Smart Mobile Operator

Smart Mobile Worker Technology is a wireless solution which aims to equip workers in the field
with Mobile Camera & Audio System, Safety Detection Sensors, Temperature & Vibrations
devices,
Mobile Computer (PDA, Tablet, Tough book) with rich real time process information from
DCS/FCS and maintenance applications then exchange this data with the Central Control
Room for continuous remote monitoring, automatic data update and support of tele-expert
mode.
Benefits:
 Reduce staff exposure, in particular at sour gas facilities, and increase plant safety by
introducing the tele-buddy system.
 Reducing downtime and maintaining asset integrity by empowering fieldworkers with live
process data, operating manuals, histories and other maintenance documents available
in the field.
 Supports the objective of Collaborative Work Environments (CWE) and Smart Field Sites.
 Assist with retaining local ownership by fully engaging technicians or operators when
solving problems in the field and enabling future savings by reducing remote interactions
with vendors when faced with similar problems.
 Improve maintenance productivity by reducing downtime for searching maintenance
documents and carrying loads of paper onsite for troubleshooting or inspection purposes.
 Improve maintenance and operational activities by having diagnostics, predictive
maintenance and other Fieldbus/HART functionalities available to the worker onsite
 Improve maintenance activity through the ability to perform configuration, calibration and
diagnostic in the field
 Improve data collecting capability by equipping operators with all the tools and reports
needed onsite then updated automatically on the control room system
 Optimize fieldworker mobility by being able to receive and send urgent emails or view
technical information while onsite.
 Reduce number of staff required to perform the job.

11.4.5 Production Measurement

Following developments in the field of production measurement:
 Water-Cut measurement in Steam applications.
 Measurement in well testing for wide range of Water-cut.
 Accurate determination of CGR (Condensate Gas Ratio) for gas wells.
 Heavy Oil Well testing flow measurement.
 None intrusive flow measurement e.g. clump on flow meters for permanent installation.

Page 54 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

11.4.6 Digitalization
Technologies rapidly evolving therefore Company should be proactively catch-up with such
technologies. Projects are encouraged to deploy digital technologies and Digitalization process
across all C&A aspects to improve business model and provide new revenue.
Digitalization aid to unlock new values, opportunities and potentials. It would reveal following
benefits:
 All stakeholders will have the same state of knowledge without gaps.
 Efficient and sleek processes
 Unlock potentials of the digital world.
 Accessible, Accurate and consistent source of information and database.
 Adds value to business, minimizes time, efforts and reduces costs
Furthermore, the following smart technologies will be areas of investment in the coming
business requirements; Digital twin, IIOT (Industrial Internet of Things), Big Data and Artificial
intelligence.

Page 55 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

12 Quality & Acceptance Testing

Projects to deploy the remote FAT for all C&A products. However, whenever, the remote FAT
facilitation is infeasible, C&A-CFDH approval is required to conduct FAT at the manufacturer
premises.
Consult the SP-2269 Specification for Quality Intervention for Provision of Products Appendix
D for the C&A Equipment/Material Inspection Requirements.
Refer to the GU-936 Guideline for the Implementation of Remote Test and Inspection of C&A
Equipment for the remote FAT set up requirements.
Refer to the individual C&A Equipment/Material specifications and DEP’s for detailed inspection
requirements.

12.1 Inspection & Test Plan

Projects and new purchases of C&A items including field instruments and valves quality and
testing requirements shall follow ITP structure. Currently, standard ITPs (Inspect & test plan)
for the following items have been developed and ready for use:-
 IPF valves.
 Control valves for general purpose.
 Instrument cables.
The aforementioned ITPs should be used as a starting guidance and purchaser/project shall
list specific requirements.

Page 56 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

13 Appendices

13.1 Definitions

13.1.1 General Definitions

The Company means Petroleum Development Oman LLC of Muscat, Sultanate of Oman.
The Contractor is the party, which carries out all or part of the design, engineering,
procurement, construction, commissioning or management of a project or operation of a facility.
If the contract allows, the Principal may undertake all or part of the duties of the Contractor.
The Consultant is the party, which provides design, engineering and other related consultancy
services under a contract.
The Main Instrument Vendor (MIV)/ Main Automation Contractor (MAC) is the party
responsible for the delivery and physical and functional integration of various control and
automation systems of different makes or types. The precise scope of this party is to be defined
during the conceptual or front-end engineering stage of the project. The Manufacturer is the
party, which manufactures equipment and services to perform the duties specified by the
Company or their nominated Consultant or Contractor.
The Vendor or Supplier is the party, which supplies equipment and services to perform the
duties specified in the purchase order by the Company or their nominated Consultant or
Contractor.
The Principal is the party, which initiates the project and is ultimately accountable. The
Principal will generally specify the technical requirements. The Principal may also include an
agent or consultant who is authorised to act for, and on behalf of, the Principal.
The word shall indicates a mandatory requirement.
The word should indicates a strong recommendation.
The capitalised term SHALL [PS] indicates a process safety requirement.

13.1.2 Specific Definitions

AVME: - Approved Vendor for Materials & Equipment
Fieldbus:- A Fieldbus is a digital, two-way, multi-drop communication link among intelligent
measurement and control devices. It serves as a Local Area Control Network (LACN) for
advanced process control, remote input/output and high-speed factory automation applications.
It shall comply with international industry standards for Fieldbus Control Systems such as
IEC61158 & ISA S50.
Fiscal Integrity: - Fiscal Integrity of a flow metering facility is considered achieved when, the
risk on loss, corruption and/or fraud of metering data is as low as reasonably practicable
(ALARP).
Fiscal metering system: - An independent system containing fiscal production data and
protected for unauthorised access to vital metering parameters.
Production System: - A complex of production facilities, such as for Gathering, Treatment,
Transfer and Transport, operated and maintained by roving operators and maintenance
personnel.
Production Automation System (PAS): An assorted number of systems such as FCS/DCS,
PLC’s, IPS & Machine monitoring etc. and their associated interface devices that will be utilised
for process control, monitoring, automation, optimisation, instrumented protections and remote
control & operations to work as part of the overall Integrated Production Management System.
RTO: Real-time Operations provides a standard, secure, and open architecture that includes
built-in features for collecting, processing, transmitting, storing and presenting real-time and

Page 57 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

related data. The core functionality of these systems help provide the capability for high level
functionality such as monitoring, alarming, analysing, and optimizing production facilities, wells,
and pipelines.
Technical Integrity:- Technical Integrity of a facility is considered achieved when, under
specified operating conditions, the risk of failure endangering safety of personnel, environment
or asset value is as low as reasonably practicable (ALARP). Technical design integrity is the
responsibility of the engineering function.
Total Remote operation: - Totally unmanned operation with total remote monitoring, control,
operation, diagnostics and maintenance etc. with full automation and optimisation.

13.2 Abbreviations and Meanings

AIPSM Asset Integrity and Process Safety Management
ALARP As Low As Reasonably Practicable. This is considered being the case when
specific risk is lower or equal to other accepted risk levels
AVME Approved Vendor for Materials & Equipment
AMS Asset Management System
BFAS Building Fire Alarm System
BPCS Basic Process Control System
BS&W Basic Sediment and Water
C&A Control & Automation
CAO Computer Assisted Operations
CAPEX Capital Expenditure, i.e. initial investments
CCR Common/Central Control Room
CCTV Close Circuit Tele Vision
CFDH Corporate Functional Discipline Head
CGR Condensate Gas Ratio
COM Component Object Model is Microsoft’s framework for developing and
supporting program component objects.
CP PDO Corporate Code of Practice
CR Control Room
CWE Collaborative Work Environment
DACA Data Acquisition and Control Architecture
DCAF Document Control and Frameworks
DCS Distributed Control System
DEM Design Engineering Manual (Shell)
DEP Design Engineering Practice (Shell)
DMZ Demilitarized Zone
DPN Dedicated Private Network
DTS Distributed Temperature Sensing
E&P Exploration & Production
EDV Emergency De-pressurisation Valve

Page 58 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

EOR Enhanced Oil Recovery

ESP Electrical Submergible Pump
ESD Emergency Shut Down
ERP Enterprise Resource Planning
FAT Factory Acceptance Test
FCS Field bus Control System
FEED Front End Engineering and Design
FGS Fire, Gas and Smoke detection and protection system
GC Gas Chromatograph
GOGD Gas Oil Gravity Drainage
GOR Gas Oil Ratio
GPS Global Positioning System
GU PDO Engineering Guidelines
GVF Gas Volume Fraction
HART Highway Addressable Remote Transducer
HAZOP HAZard and Operability
HEMP Hazard and Effects Management Process
HIPPS High Integrity Pressure Protection System
HMI Human Machine Interface
HSE Health, Safety, and Environment
HVAC Heating, Ventilation and Air Conditioning
IAMS Instrument Asset Management System
I/O Inputs/Outputs
ICTD Instrument Connections and Termination Diagrams
IED Intelligent Electrical Drivers
IM&T Information Management and Technology
IOR Improved Oil Recovery
IPF Instrumented Protective Function
The IPF methodology: a methodology to establish the required integrity of
individual IPF function-loop on the basis of potential impact, failure rate and
maintenance frequency. Note that the function-loop includes the sensor, logic
solver and the final element.
IPS Instrumented protective system.
The (electrical and/or programmable electronic) Logic Solver component of
the Instrumented Protective Function.
IS Intrinsically Safe
IT/ICT Information Technology / Information and Communication Technology.
LACN Local Area Control Network
LAN Local Area Network
LV Low Voltage

Page 59 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

MAC Main Automation Contractor

MCC Motor Control Centre
MCP Maintenance Craft Procedure
MHMS Machine Health Monitoring System
MIS Management Information Systems; applications providing information for
purpose of Business Management.
MIV Main Instrument Vendor
MFM Multi Phase Flow Meter
MMS Maintenance Management System
MOL Main Oil Line
MPFM Multi Phase Flow Meter
MRP Maintenance Reference Plan
MSE Material Subject Expert
MSV Multiport Switching Valve
MTTR Mean Time To Repair
MVC Measurement Validation and Comparison. A sub-system to compare multiple
measured values for purpose of alarming in case of signal drift of one of the
measurements, e.g. comparison of a 'Control and Alarm' transmitter value with
a 'Shutdown' transmitter value.
NOC Net Oil Computer
NTP Network Time Protocol
OD Office Domain
ODBC Open Data Base Connectivity
OEM Original Equipment Manufacturer
OLE Object Linking and Embedding: an international standard for data exchange
between software applications.
OPC OLE for Process Control: an international industry standard for data exchange
between process control applications or systems through object-description.
OPEX Operational Expenditure, i.e. operational cost.
PACO Process Automation & Control Optimisation
PAS Production Automation Systems
PCAD Process Control Access Domain
PCD Process Control Domain
PCN Process Control Network
PCP Progressive Cavity Pump
PDA Personal Digital Assistant
PDO Petroleum Development Oman, LLC
PEFS Process Engineering Flow Scheme
PFD Probability of Failure on Demand
PI The PI system TM is a software application toolset designed to fully automate
the collection, storage and presentation of manufacturing plant data.

Page 60 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

PLC Programmable Logic Controller

POSC Petrochemical Open Standards Consortium, now known as Energistics.
PPE Personal Protective Equipment
PR PDO Procedure
PSBR Process Safety Basic Requirements
PSD Process Shut Down
PSO Production System Optimisation
PST Partial Stroke Testing
PSV Pressure Safety Valve, i.e. a pressure relief-valve
QMI Quality Measurement Instrument
RAM Risk Assessment Matrix
RBI Risk Based Inspection; a philosophy to inspect mechanical equipment on the
basis of assessed actual risk.
RCM Reliability Centred Maintenance; a methodology focusing on the actual
contribution of maintenance risk of individual equipment or systems.
RGMS Remote Gathering Manifold Station
RMS Remote Manifold Station
RRM Risk Reliability Management; managing operational risk through applying the
methodologies of IPF, RCM and RBI
RTD Resistance Temperature Detector
RTO Real Time Operations
RTU Remote Terminal Unit
RVP Reid Vapour Pressure
SAP PDO's central computer system for Enterprise Resource Planning. The
Workflow Management Tool forms part of this computer system.
SCADA Supervisory Control and Data Acquisition
SCE Safety Critical Element
SER Sequence of Events Recorder
SIF Safety Integrity Function
SIL Safety Integrity Level. A definition of System Integrity as defined by the
International Standard IEC- 61508/61511. The SIL definition has been
adopted in Standards such as DEP 32.80.10.10
SOFS/RTAP Shell Oil Foundation Software/ Real time Application Platform
SP PDO Specification
SPI Smart Plant Instrumentation (Intools)
TCoO Total Cost of Ownership: Total cost of owning an asset over its entire life, from
conception of the need through to ultimate disposal. The TCoO is made up of
the cost elements of specification, price, purchasing, introduction/installation,
execution, operation and termination/disposal.
TCP/IP The complete suite of Internet, Intranet and Extranet protocols included
Internet Protocol (IP), the Transmission Control Protocol (TCP) and
associated application protocols. for transmission of data through data-grams

Page 61 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

(packets)
TDLS Tunable Diode Laser Spectrometer
TIPS Total Instrumented Protective System. Fail-safe Instrumented protective
system with a certified high reliability, subjected to IPF classification, which
eliminates relief valves as part of no flaring concept. To be regarded as the
ultimate layer of defence.
TIV Technical Integrity Verification
TRM Total Reliability Management. A concept involves a structured approach for
carrying out business activities from design through operations, maintenance
and abandonment/disposal. This is achieved through a process of critical data
monitoring, analysing and decision making for any asset.
TÜV Technischer Überwachungsverein (Technical Inspection Agency)
TVP True Vapour Pressure
UEFS Utility Engineering Flow Scheme
VAC Valve Automation Centre
VDU Video Display Unit
VFD Variable Frequency Drive
VPN Virtual Private Network
WAN Wide Area Network
WITSML Wellsite Information Transfer Specification (web based and built on XML
Technology). WITSML is an industry initiative to provide open, non-proprietary
standard interfaces for technology and software that monitor and manage
wells; completions and workovers.
WRM Wells & Reservoirs Management

13.3 References
In this document, reference is made to the following main publications: A number of other
related standards, specifications and procedures referred in these publications are also
applicable.
NOTE : Unless specifically designated by date, the latest edition of each publication shall be used,
together with any amendments/supplements/revisions thereto.

DOCUMENT NAME DOCUMENT NO.

PDO STANDARDS
Obsolescence Strategy for Control & Automation Systems GU-662
Process Control Narratives SP-2307
Guideline for Procurement of Transmitters/Gauges using GU-876
Standard SAP Numbers.
Project C&A Deliverables Guideline. GU-889
Guideline for the Implementation of Remote Test and GU-936
Inspection of C&A Equipment
Automation Systems Software Management Procedure PR-1023
Metering Flow Factor Update Procedure PR-1099
Change Management Procedure (IM&T) PR-1371
Control and Automation Instrument Maintenance Management GU-895
Guideline
Information Security Incident Management PR-2001

Page 62 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

Security Log Monitoring PR-2197

C & A Standard Drawings SP-1206
Standard Specification For Basic Process Control System SP-1245
(BPCS)
SmartPlant Instrumentation Specification SP-2098
Password Management Specification SP-2119
Information Systems Physical Access Management SP-2125
Information Systems Logical Access Management SP-2126
Specification for Tagging Philosophy and FLOC Level 5 SP-2152
Building Services Specifications SP-2155
Technical Standard Selection and Challenge procedure SP-2194
(Note : Covers all other PDO standards referred in this document)

Design Class Selection for PDO Projects SP-2199

Corporate Principles for Real-Time Operations SP-2201
RTO Specification Design Document SP-2203
Corporate Alarm Management Philosophy SP-2239
PCD Cyber Security requirements within project life cycle. SP-2253
Specification for Quality Intervention for Provision of Products SP-2269
SIL Assessments and Implementation Specification SP-2316

SHELL STANDARDS (Shell Standards not referred in SP-2194)

Operational tagging requirements 01.00.09.10
IACS SECURITY 32.01.20.12
Instruments for Measurement and Control 32.31.00.32
Electrical engineering design 33.64.10.10
Instrument Signal Lines. 32.37.20.10
INTERNATIONAL STANDARDS
Control networking standard ANSI/EIA 709-1
Specification for Pipeline and Piping Valves API 6D
Multi-Element Metallic Cables for Analogue and Digital EN 50288-7
Communication and Control Systems
Electromagnetic compatibility for industrial process IEC 801
measurement and control equipment
Electrical Apparatus for Explosive Atmosphere IEC 60079
Low-voltage electrical installations – Selection and erection of IEC 60364-5-54
electrical equipment – Earthing arrangements and protective
conductors
IP code for Degree of protection provided by enclosures IEC 60529
Fieldbus standard for use in Industrial control systems IEC 61158
Generic standard on “Functional safety of Electric/ Electronic IEC 61508
Programmable (E/E/PES) safety related systems”
Specific standard for the Petrochemical industry on “Functional IEC 61511
safety of Electric/ Electronic Programmable (E/E/PES) safety
related systems”
Tests for electric cables under fire conditions IEC 60331
Fieldbus standard for use in Industrial control systems ISA S50
Environmental Conditions for Process Measurement and ISA 71.04
Control Systems
Industrial valves — Pressure testing of metallic valves ISO 5208
U.S Military Handbook. Reliability prediction of electronic MIL-HDBK-217
equipment

Page 63 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

13.4 User Comment Form

SP-1243: CORPORATE PHILOSOPHY FOR CONTROL & AUTOMATION

Any user who identifies an inaccuracy, error or ambiguity is requested to notify the
custodian so that appropriate action can be taken. The user is requested to return this
page fully completed, indicating precisely the amendment(s) recommended.
Name:
Ref ID Date:

Page Ref: Brief Description of Change Required and Reasons

Page 64 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

Appendix A - Fire & Gas Detection & Voting Philosophy

Fire & Gas Detection and Voting Philosophy
Below is the Fire & Gas detection philosophy and voting schemes for alarm, executive action and detector fault in process areas. Projects to follow the below
table. However, for new expansions projects shall propose the best and more beneficial design approach. Whether to follow the existing philosophy or revamp
the whole station to this philosophy. This table simplifies the philosophy. However, projects Shall follow the DEP 32.30.20.11 for further details.

CR/HMI Alarm in Executive Action

Single Zone Remarks
Alarm Field as per C&E

1 Detector FAULT FAULT Alarm NO NO

FAULT Alarm - Provided N>2.
=2 Detectors FAULT NO NO
- If N=2. There shall be an executive action & Alarm.
>2 Detectors FAULT FAULT Alarm YES YES Note 8.

1 Detector ALARM LEVEL 1 Alarm Level 1 NO NO

≥2 Detectors ALARM LEVEL 1 Alarm Level 1 YES NO

1 Detector ALARM LEVEL 2 Alarm Level 2 YES NO Note 12.
≥ 2 Detectors ALARM LEVEL 2 Alarm Level 2 YES YES
1 Detector ALARM 1 + 1 Detector Alarm Level 1 +
NO NO - If N=<2. There shall be field Alarm.
FAULT FAULT Alarm

1 Detector ALARM LEVEL 2 + 1 Alarm Level 2 + - If N=2. There shall be an executive action.
YES NO
Detector FAULT FAULT Alarm

1 Detector ALARM LEVEL 2 + 1 Alarm Level 1 +

YES NO Note 10.
Detector ALARM LEVEL 1 Alarm Level 2
Fire Alarm/ MCP
BGU/MCP Activation YES NO Note 11.
Activated

Page 65 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.
 Revision: 4.0
Petroleum Development Oman LLC Effective: Jan. 2020

General Notes
1. Fire detection corresponds to the gas detection level 2.
2. Detectors in 2ooN; N shall be ≥ 3
3. All F&G single and voted alarms shall be announced in the HMI.
4. Voting shall be alarmed as a separate alarm in the HMI.
5. Field Alarm; is the activation of Sounder & Beacon in the entire facility
6. Refer to DEP 32.30.20.11 table 7.1 for Alarm level 1 & 2 settings.
7. ALDs (Acoustic Leak Detector) can vote together or with other types to activate executive action. However, mixed technologies shall be deployed within the
same voted zone.
8. When more than two detectors in the vote are in fault, this shall cause trip in line with DEP requirement. However, field annunciation and executive action
shall be associated with 72 hours time delay, CR annunciation shall not be delayed. MOS detectors shall not contribute to trip voting.
9. All Executive actions shall be associated with alarms.
10. Applicable only to gas detection.
11. Activation of Manual call point can be used to trigger an action if deemed necessary, e.g. in case operators could be all at field & no one in the CR to activate
and prevent the hazard.
12. Single Heat detector leads to confirmed fire and leads to executive action.
13. In all cases where detection/voting is degraded due to faulty or inhibited detectors, operation shall take all safety & operational measures to monitor the
concerned zone until it is brought back to normal state.

Page 66 / 66 SP-1243 - Corporate Philosophy for Control & Automation Printed 03/02/20

The controlled version of this CMF Document resides online in Livelink®. Printed copies are UNCONTROLLED.