The availability of a system (or group of systems) is the ‘up time’ and may be expressed as a percentage of time for which the system is able to correctly perform its functions. The availability of a system may be improved by adding redundancy or utilising higher quality components.

The Application Software running in a PCS or SIS is the software specific to the user application. In general, it contains logic sequences, permissives, limits and expressions that control the appropriate input, output, calculations, and decisions necessary to meet the functional requirements.

Bad Quality is indication that a signal from a field device is unavailable, in-error, out of the calibrated range, or not in communication with the PCS or SIS.

The CCR is located in the Unit or Vessel accommodation area and is a permanently manned area. The Unit or Vessel Control and Safety System is operated and monitored from within the CCR.

The opposite of remote I/O: the location of PCS or SIS I/O modules in the same location as the processor.

A closed network shall carry data traffic associated with the control, HMI and data acquisition functions (SCADA) of the process being controlled. Any network that carries any additional data other than these data types is defined as an Open Network.

A failure, which is the result of one or more events, causing failures of two or more separate channels in a multiple channel system, leading to system failure.

A system which responds to input signals from the process or from an operator and generates output signals causing the process to operate in the desired manner. The control system includes input devices and final elements and may be either a process control or safety system.

A logical signal used to bring a secondary device to a state that is consistent with a shutdown state of the primary device. Failure of these signals will not affect the interlock function and will not have safety or business-interruption implications. A typical application involves a control valve solenoid that is tripped in a shutdown layer. This trip signal is then used to force the associated PID controller to manual and set the controller valve output to minimum. The purpose of this convenience trip is to aid the operator by aligning the plant for restart and to prevent controller windup.

A condition where a protective instrumented system may be able to perform its intended functions correctly, but may have major components or channels in a failed condition. Systems with a high degree of redundancy are capable of safe operation in some degraded states.

The ratio of the detected failure rate to the total failure rate of the component or subsystem as detected by diagnostic tests. Diagnostic coverage does not include any faults detected by proof tests.

Software that is part of the PCS or SIS system supplied by the manufacturer and is not accessible for modification by the end-user. Embedded software is also referred to as firmware or system software.

ESD functions are primarily for hazard mitigation, usually effected via shutting down process, production and non-essential utilities.

Necessary hardware and utility software designed to perform Programmable Electronic System (PCS) configuration; typically is a based on a PC platform.

The capability to go to a predetermined safe state in the event of a specific malfunction.

The opposite of fail-safe: the capability to ensure that the plant continues to run despite a component of the ICSS or a system variable failing.

The ability to continuously correct execution of the assigned function in presence of a limited number of hardware and software faults. A redundant system is fault tolerant such that if unit A fails, a bumpless transfer when unit B takes over.

A set of predefined procedures typically conducted after the system has been assembled, and before the system ships to site. A FAT may include both the hardware and system checkout and the application software or HMI performance tests.

The loop powering of 4-20mA instruments from the instrument; i.e. where the instrument is current sourcing.

That part of a protective instrumented function that implements the physical action necessary to achieve a safe state. Examples include valves, switchgear, motors, etc.

The Fire and Gas system, as a term in this document, encompasses the fire and gas detection equipment, signal processing, monitoring, alarming and voting. The FGS system’s function is to generate confirmed fire initiators for ESD functions and mitigate hazards such as initiating deluge etc.

A graphical programming language (for application software) using function block diagrams for representing the application programme for a PLC-system.

Chemical or physical condition that has the potential for causing casualty (injury, death, contamination) to the people or the environment.

Area in which an explosive gas atmosphere is present, or may be expected to be present, in quantities such as to require special precautions for the construction, installation and use of apparatus.

Action of safety devices of a system to reduce the frequency of occurrence of a hazardous event, for example via the execution of a unit shutdown or process shutdown.

Action of safety devices of a system to reduce the consequences of a hazardous event, e.g. ESD shutdown initiation, extinguishing release, electrical isolation, firewater controls etc.

A graphical display on the HMI which allows the operator to view historical data from before the display was opened, along with real-time data.

The means by which information is communicated between human operator(s) and the Process Control and Safety system (for example, monitors, indicating lights, push-buttons, horns, alarms). The HMI is also known as the operator interface.

The combined safety and process control systems which incorporates a HMI, Process Control System (PCS), a Safety Instrumented System (SIS) and any Packaged Unit Systems.

Inputs and Outputs to a PCS, SIS or ICSS. Some typical I/O types include 4–20 mA analogue inputs or outputs, 24 VDC discrete inputs or outputs and are to or from the field instrumentation or other systems.

The communications highway between the PCS or SIS processor and its associated I/O modules. This may be a local bus (within a cabinet) for centralised or local I/O or an extended bus for remote I/O.

A graphical programming language using ladder diagrams for representing the application program for a PCS or SIS system as defined in IEC61131-3

That portion of either a PCS or SIS that performs one or more logic functions. This includes electrical, electronic and Programmable Electronic systems.

Long term archive is the storing of historical process data, usually to a separate server within the network. The amount of storage is only limited to the physical capacity of the storage device being used. With the long term archive are historian tools which can query and analyse the data for production reports, fault analysis and operational excellence improvement strategies.

Lower limit of flammability or explosibility of a gas or vapour at ordinary ambient temperatures expressed in percent of the gas vapour in air by volume.

Voting function of safety instrumented system made up of “N” independent channels or inputs, which are so connected, that “M” channels or inputs are sufficient to perform the safety instrumented function, i.e. initiating a trip or shutdown signal. May have suffix D to denote diagnostics capability.

The OPC Specification is a open technical specification that defines a set of standard interfaces based upon Microsoft’s OLE COM technology. The application of the OPC standard interface makes possible interoperability between automation and control applications, field systems or devices. Typically an OPC server accesses data from other PCS or SIS systems providing an interface with the main ICSS.

Temporary deactivation of some part of a shutdown loop. There are two types of overrides: maintenance overrides and operational overrides. Maintenance overrides involve the override of trip initiators (transmitters) for maintenance reasons. Operational overrides involve the override of the trip action for operational reasons, such as overriding high vibration trips on a large rotating machine start up.

Communications between two PCS or SIS processors via the system’s data highway or communications link (Serial, Modbus Ethernet etc.)

A process shutdown results in the shutdown of the topsides oil and gas production process, without affecting the utilities.

Otherwise known as Basic Process Control System, a system that responds to input signals from equipment under control or from an operator and generates output signals, causing the equipment under control to operate in the desired manner, i.e. within its operating envelope.

A graphical display on the SCADA or HMI which allows the operator to view real-time data commencing from when the display was opened.

Use of multiple elements or systems to perform the same function; redundancy can be implemented by identical elements (identical redundancy) or by diverse elements (diverse redundancy)

Reliability is the probability that an operational component or system will perform its required functions when called upon to do so. This applies to functions required to be performed occasionally (e.g. trip functions) or continuously (e.g. motor running). The reliability of a system may be improved by using higher quality components or adding redundancy.

A manual operator action to unlatch a trip condition, normally the tripped device (e.g. motor or shutdown valve).

The opposite of centralised I/O: a system where the I/O modules are located remotely to the processor, usually in the field close to the process elements being controlled or monitored.

Combination of the frequency of occurrence of harm and the severity of that harm

Average probability of a safety instrumented system to satisfactory perform the required safety function under all stated design conditions within a stated period of time.

Discrete level (one out of four), defined in IEC61508, for specifying the safety integrity requirements of the safety instrumented functions to be allocated to the safety instrumented systems. Safety integrity level 4 has the highest level of safety integrity; safety integrity level 1 has the lowest. Safety integrity is the average probability of a safety instrumented system satisfactorily performing the required safety instrumented functions under all the stated conditions within a stated period of time.

A safety critical loop is one required to be executed in the SIS not the PCS.

System composed of initiating devices, logic solvers, and output devices designed to prevent or mitigate hazard conditions. In this document the SIS is taken to be the whole safety system executing all levels of shutdown functions: USD, PSD and ESD.

The use of single (as opposed to redundant) I/O modules in a PCS or SIS.

A set of predefined procedures conducted at a job site after the system has been reassembled, and usually following some modifications to the software tested at FAT.

Short term archive is the storing of historical process data, usually local to the operator stations. The data is cyclic and will normally be overwritten by new data once the storage capacity is reached. The retrieval is simple and is used to verify alarms and events typically within 30 days date stamping. The short term archive data is transferred to long term archive for permanent storage.

The loop powering of 4-20mA instruments from the ICSS; i.e. where the instrument is current sinking.

TCP is one of the core protocols of the Internet protocol suite. TCP provides reliable, in-order delivery of a stream of bytes, making it suitable for applications like file transfer and E-mail. It is so important in the Internet protocol suite that sometimes the entire suite is referred to as "the TCP/IP protocol suite."

Safety actions to prevent possible to hazardous fluid loss of containment, or to prevent possible initiation to hazard fluid release, or to prevent possible equipment damage through shutdown of specific equipment where an abnormal condition is detected.

Software tools for the creation, modification, and documentation of application software running in the PCS or SIS.

UDP is one of the core protocols of the Internet protocol suite. Using UDP, programs on networked computers can send short messages sometimes known as datagrams (using Datagram Sockets) to one another. UDP is sometimes called the Universal Datagram Protocol.