Page 150 - Pipeline Risk Management Manual Ideas, Techniques, and Resources
P. 150
Operation 61127
paths such as telephone lines, satellite transmission links, fiber of a SCADA system would ideally involve an examination of
optic cables, radio waves, or microwaves. So, a SCADA system the entire reporting process, from first indication of an abnor-
is normally composed of all of these components: measuring mal condition, all the way to the final actions and associated
instrumentation (for flow, pressure, temperature, density, etc.), system response. This assessment would therefore involve an
transmitters, control equipment, RTUs, communication path- evaluation ofthe following aspects:
ways. and a central computer. Control logic exists either in local
equipment (programmable logic controllers, PLCs) or in the Detection of abnormal conditions; for instance, what types
central computer. of events can be detected? What is the detection sensitivity
SCADA systems usually are designed to provide an overall and reliability in terms of 100% of event type A occurrences
view of the entire pipeline from one location. In so doing, being found, 72% of event type B occurrences being found,
system diagnosis, leak detection, transient analysis, and work etc.? This includes assessment of redundant detection oppor-
coordination can be enhanced. tunities (by pressure loss and flow increase, for instance),
The main contribution of SCADA to human error avoid- instrument calibration and sensitivities, etc.
ance is the fact that another set of eyes is watching pipeline 0 Speed, error rate, and outage rate of the communications
operations and is hopefully consulted prior to field opera- pathways; number of points of failure; weather sensitivity;
tions. A possible detractor is the possibility of errors emerg- third-party services; average refresh time for data; amount of
ing from the pipeline control center. More humans involved error checking during transmission; report-by-exception
may imply more error potential, both from the field and protocols
from the control center. The emphasis should therefore be 0 Redundancy in communication pathways; outage time until
placed on how well the two locations are cooperating and backup system in engaged
cross-checking each other. 0 Type and adequacy of automatic logic control; local (PLCs)
Protocol may specify the procedures in which both locations versus central computer; ability to handle complex input sce-
are involved. For example, the operating discipline could narios
require communication between technicians in the field and the Human response, if required as a function of time to recog-
control center immediately before nize problem, ability to set alarms limits, effectiveness of
madmachine interface (MMI); operator training: support
0 Valves opened or closed from logic, graphic, and tabular tools
0 Pumps and compressors started or stopped 0 Adequacy of remote andor automatic control actions; valve
Vendor flows started or stopped closing or opening; instrument power supply.
0 Instruments taken out of service
Any maintenance that may affect the pipeline operation. A list of characteristics that could be used to assess a specific
SCADA system can be created. These characteristics are
Two-way communications between the field site and the thought to provide a representative indication of the effective-
control center should be a minimum condition to justify points ness in reducing risks:
in this section. Strictly for purposes of scoring this variable, a
control center need not employ a SCADA system. The impor- 0 Local automatic control
tant aspect is that another source is consulted prior to any 0 Local remote control (on-site control room)
potentially upsetting actions. Telephone or radio communica- 0 Remote control as primary system
tions, when properly applied can also be effective in preventing Remote control as backup to local control
human error. 0 Automatic backup communications with indication of
Maximum points should be awarded when the cross-check- switchover
ing is seen to be properly performed. 24-hour-per-day monitoring
0 Regular testing and calibration per formal procedures
Alternative approach 0 Remote, on-site monitoring and control of all critical activi-
ties
This subsection describes an alternative approach to evaluating 0 Remote, off-site monitoring and control of all critical activi-
the role of SCADA in human error avoidance. In this approach, ties
a more detailed assessment of SCADA capabilities is made part Enforced protocol requiring real-time interface between
of the risk assessment. Choice of approaches may be at least field operations and control room; two sources involved in
partially impacted by the perceived value of SCADA capabili- critical activities; an adequate real-time communications
ties in error prevention. system is assumed
A SCADA system can impact risk in several ways: Interlocks or logic constraints that prevent incorrect opera-
tions; critical operations are linked to pressure, flow. temper-
Human error avoidance ature, etc., indications, which are set as “permissives” before
Leak detection the action can occur
0 Emergency response Coverage of data points; density appropriate to complexity
Operational efficiencies. of operations
Number of independent opportunities to detect incidents
As with any system, the SCADA system is only as effective Diagnostics capabilities including data retrieval, trending
and reliable as its weakest component. A thorough assessment charts. temporary alarms, correlations, etc.
