Thursday, 28 August 2008

Part 1 update latest.

According to the latest Posting on the Part 5 blog, S88 part 1 has now been made 'Stronger' and has resolved all the outstanding comments except for one
The committee is alleged to be feeling confident it can be ready for the whole ISA88 committee before the year is out.
Apparently, the latest face2face had some of the original framers of the approved ISA88.00.01 standard present and the group worked well together in clarification of several contentious parts of the standard, creating what all felt was a greatly improved document that is easier to understand.
Sorry, but from this side of the Atlantic Ocean I beg to differ.
Why? Well, for a start my European contacts are far from sure that the new version improves on the old one. For a start it needs to be made simpler, not more complex.
Many comments were somehow removed from the commenting process, in meetings that were attended by just a few people.
The 'the original framers' were largely not present, some were but most (those from my side of the pond) were not. And let's face it, it all started in Europe, probably with Namur, in Germany.
The blog also states "While there are some in the community who claim the update work is diluting the batch standard to address other industries, I would challenge them to take a good look at the work and identify through constructive comments exactly how this is occurring. As I view the state of the work I only see a stronger “BATCH” standard that is now even more capable of being leveraged in other industries."
Well, In part I hope this blog actually does comment constructively.
I also have no problem and have not had for years in relating the 'batch' S88.01 to continuous and discrete production. There is always a batch, Save the Batch.
What do Y0u think?
PS I would like the Part 5 blog to link to my blog, as I do to theirs.

Tuesday, 26 August 2008

Equipment Heavy,Recipe 'Lite'

A friend commented privately about my blog that it is equipment heavy. 

I take that as a compliment, it is my hope that this blog, and my software will help to improve Equipment Control.

I think he also means that the blog is Recipe 'Lite', so it's time to talk more about how I view the Recipe and Procedural side of Control.

I am sure that good equipment control makes recipes simpler. And Recipes Can Be Simple (or Lite). 
And intrinsically I think they are and I think that the S88 originators (and it goes back long before S88) knew that.

A recipe describes how to make stuff given some equipment.

A recipe does not care how to control equipment, it does not even need to define the chemistry, which means that it can be described very easily. And as Part 1 says, a Procedure should be essentially an Ordered Set - or sequence.

It is the sort of thing that operators have done for many decades.

Please readers, when you see anything that claims S88 compliance or benefits or profits or whatever, remember that S88 is not about how to program a control system.

Thursday, 21 August 2008

Show us your graphics

The next WBF meeting will be in Barcelona. That is a great place worth visiting even without the Meeting of Minds the forum promises. I have been to many WBF – and before that EBF meetings, and have always enjoyed them, sometimes too much. Perhaps I really should not have gone sampling all the strongest Belgian Trappist beers with the Irish and the Danes in Brussels. Making beer is of course something that S88 can describe perfectly, whether it is the largely manual processes used by small scale brewers or the highly automated ones used by the biggest. And how you make beer is interesting, but we don’t get paid for being interested. More to the point especially for a control engineer trying to justify a ‘WBF Jolly’ is to be able to learn how others automate making beer – or chemicals – or ice cream, or any manufactured product.
For control engineers the problems that are the same whatever you make are interesting - beer makers can learn from chemical makers how each solves the same problems.
Now, S88 did a good initial job of separating the product (the recipes) from the control of equipment . And it covers both.
So, looking at the agenda for the next WBF, where is the equipment control? (Apart from Part 5! )
I can’t see anyone on the agenda talking about how they control their plants. How do they handle their equipment - from simple things like agitators, to CIP and multi-purpose flexible plants. What standard objects do they use. How do their operators interact with the processes, their levels of manual control, and so on. How they deploy the great products that are available from the majors?

The WBF Charter says
WBF - The Forum for Automation and Manufacturing Professionals, is an association of end-users, vendors, consultants and academics with a strict, non-commercial agenda.
But is it really non-commercial?
I remember fondly the days of the European Batch Forum, it’s agenda was 50% commercial and 50% open. That is half of the presentation time was commercial suppliers demonstrating their wares, the other half was generally independent of the suppliers. The richer suppliers paid for (sponsored) most of it.
I found that this worked very well. There were for example many supplier presentations that were far more illuminating than most of non commercial ones. DCS and PLC suppliers and Systems Integrators could demonstrate how they had solved control problems - believe me you can learn far more from watching live demonstrations that you can from PowerPoint. But you are not allowed to do that at the WBF. It makes it much more boring. And yet even as it is the WBF is still used by most presenters as a marketing vessel and is actually highly commercial in it’s dealings – it now uses sponsorship in different ways. Fair enough, a different model. But where is the Control?

Thursday, 14 August 2008

Hacking Safety Systems

I don't normally comment on this area, but I do track what is going on.
Walt Boyes has written on his 'blog' about a demonstration of compromised Safety System, read it all here
I have resp0nded, not least because many year ago I was delegated the job of checking out alarming reports about Y2K faults that might blow by up refineries. I had a free hand to investigate the truth about such tales, and invariably I found bad science.
The dialog so far follows.

When you say things like “blow up a refinery” it suggests that some software fault (eg caused by some hacker) might have the capability of doing that. But as you know the ultimate protection, and a great deal of effort goes into it, is at the lowest physical level possible, relief valves for example. And hard wired logic, high integrity safety systems etc. I had this argument over Y2K many years ago. Don’t you think you may be feeding the trolls? Francis

Comment by FrancisL Posted on August 12, 2008 @ 11:26 am

No, I am not feeding trolls. Francis, I saw a live demonstration of a hack against an SIS system last week. It took 26 seconds to cause the valves to fail open. The danger is in fact real.
Comment by
waltboyes Posted on August 12, 2008 @ 12:01 pm

More details please Walt. My mind boggles that anyone could engineer an SIS to permit such a hack, and how such an SIS could be even called a safety system. And does the situation not imply that a failure in the SIS (hacked or not) could open the valves? So how can it be called an SIS? Francis
Comment by FrancisL Posted on August 13, 2008 @ 11:47 am

Your guess is as good as mine. Fact remains, this product is being sold as a SIS. I do not know the vendor. Anytime a SIS is connected to the plant network, it becomes open to an attack. Nearly all PLCs, including safety PLCs are vulnerable to DoS attacks unless properly firewalled. I have not much more information, because the demonstrator was unwilling to share too many.

Thursday, 7 August 2008

More on Common Resources

Good old Anonymous has made some good comments about Common Resources.
Anonymous people are founts of infinite wisdom, if only you could meet them over a pint!
Read the whole comment - at the end Anon says
By your definition, these EMs would be common resources. I am not sure I agree with that, as their primary function is with the parent unit (Reactor), plus all the problems which would be associated with P&IDs, tagging etc.What about the concept of expanding and shrinking Units? How would this fit in with the concepts of common resources?
Great point, but what are these Units that expand and Contract? The comment explains it well, We do need expanding and contracting Units, for example after a mixing vessel has been filled and closed the inlet valve, what happens on the other side of that valve no longer matters. So long of course as it does not fail but that's another story.
One way of handling this is to have 'Virtual Units'. These are Units that the recipe can see, in it's view of the physical model, but that do not exist in the physical plant. These can expand and contract. (Also you can use them to point to selected equipment so the recipe does nto care wich equipment it is using - more later)
Good PLC and DCS programmers can easily construct them by the way, provided that they are prepared to use indexing and a little logic. It might help to have that rare thing, an object oriented PCS, so for example the equipment could inherit the current batch formula.

Another solution may be to eliminate Units and Equipment Modules completely and just have
Equipment Procedural Entities - EPE's. Then the recipes that are running (for example several batches and several cleans running simultaneously) can acquire the equipment that is required dynamically, using only the EPE's needed at any one point.
You can call the EPE's Units, EM's or Common Resources if you like, I don't care. The EPE's can be very small or quite large, it just depends on equipment the batch occupies.

Now, where all this gets hard is the fact that equipment control has to be fast and safe, and can be complex. Of course the safety aspect can normally be handling by simple logic that is close to the IO. The fast aspect is also easy - but not with a transaction based batch manager running on a busy PC on a busy network- this sort of performance needs controller software.

Tuesday, 5 August 2008


I am going to Australia again. I first went at the age of 1, in 1951, but returned to England in 1955. I think my mum found it particularly hard there.
Back then it was somewhat behind the times for a woman, especially one who considered herself (as she is) equal to men. But it may also have been something to do with the weather, and pining for the English countryside. And having small children.
My dad was a teacher and engineer, sadly he has gone, 10 years ago, at the age of 84, Mum is still fine, at the age of 94. Let me know if you would like her email address, she is still totally with it, but hates spam. I have not got her into blogging yet!
Anyway, I arrived back in England at the age of 5 , and ever since then I wanted to return. I did it 4 years ago for 3 weeks or so. I saw more than my mum did in her 4 years there! But 3 weeks is not enough, so I am coming back for 6 weeks.
Wherever I go I like to meet the engineers, so if you are in Australia and working with process automation, please contact me, to chat or for a fee I can do a great S88 tutorial.
I look forward to meeting you Oz