Vous êtes sur la page 1sur 2

Environment, Health & Safety Recommendations

Corporate Technical Alert (CTA) - Header Recommendations


___________________________________________________________________________________________________
Notification no:
600032077
--------------------------------------------------------------- ------------------------------------------------------------------------ -----------------------------

General Electric (GE) / Bently Nevada (BN) 3500/33 16-channel relay module and contacts in Vibration Monitoring System
(VMS) were recently discovered as incompliance with Saudi Aramco standards. The module and contacts do not comply
with the intent of the company standards which call for #Fail Safe stratergy#. Paragraph 5.4.1.8.9 of 34-SAMSS-625
request #The alarm and shutdown contacts shall be wired fail safe#. It also explains that #the alarm and shutdown contacts
shall be closed during normal operation and shall open when the alarm or shutdown condition is reached#. However
corresponding contacts of the BN3500/33 relay module are found still energized and closed, in the event of a main card
faults or is removed. Subsequently, P&CSD had requested GE to modify the BN3500/33 relay module in accordance to
34-SAMSS-625. The modified version of the BN3500/33 relay module was successfully tested and shall be utilized in Saudi
Aramco facilities.

Findings / Recommendations Details


Finding : 1. P&CSD had growing concerns over the()
Status

Open

P&CSD had growing concerns over the behavior and operation of the BN3500/33 16 channel relay module and contacts,
particularly in the application for process critical equipment. For these equipment, redundant relay modules shall be used
for shutdown contacts and shall be hardwired to Emergency Shutdown System (ESD). Dual voting logic (2oo2
configuration) shall be used in the ESD for these shutdown contacts. The requirements are according to paragraphs 5.3.4
and 5.3.5 of SAES-J-604.
Saudi Aramco has many installations based on the above configuration. It has been recently noticed that when one
BN3500/33 relay module fails or is removed, the corresponding relay contacts will stay energized and closed. Hence, the
ESD will never perform its expected function when a high-high or danger signal is received. Due to this scenario, P&CSD
had various technical discussions with GE and a letter was issued for them to urgently find a suitable remedy to restore the
expected functionality. As part of the expected remedy, P&CSD also requested GE to address upgrade requirements of the
existing installed base of the BN3500/33 relay modules installed at various Saudi Aramco facilities.
By August 2013, GE had efficaciously modified the BN3500/33 relay module to comply with the #Fail Safe# behaviour. The
prototype relay module was sucessfully tested where the relay contacts were de-energized and opened when the main
card was removed. The modified version of the relay module is currently readily available and shall be utilized in Saudi
Aramco facilities.
Recommendation : 1 - P&CSD recommends that only the #Fail
##P&CSD recommends that only the #Fail Safe# BN3500/33 relay module shall be utilized in any future grass root and
upgrading projects in order to comply with SAES-J-604 and 34-SAMSS-625. In the new revision of 34-SAMMS-625 (7 July
2013), the requirement of the #Fail Safe# relay module in the process critical equipment is further enhanced as stipulated in
paragraph 5.4.1.8.13.##P&CSD also recommends to upgrade or replace relay modules in the existing BN3500 systems
installations to the #Fail Safe# BN3500/33 in order to meet the #Fail Safe# behavior. There will be cost incurred here,
however P&CSD believes the upgrading or replacement is important in order to increase the protection and reliability of the
plants machinery.