Case Study: Control System Implementation for a Three-Skid Temperature Control Unit (TCU)
Interpreted through BONNER’s ecological/systems interaction model
Overview
A manufacturing facility initiated the installation of a new three-skid Temperature Control Unit (TCU). The organisation required a highly reliable control system supporting accurate temperature regulation, clear operator interaction, robust data capture, and scalability for future capacity increases.
Applying BONNER’s ecological model, the programme recognised that technical performance emerges not from components alone but from the interaction between control hardware (individual agents), operational environment (structural constraints) and human/organisational behaviours (adaptive feedback). The objective was therefore to design a system whose architecture, user interfaces and data flows reinforce stable, predictable performance across skids.
Objectives (framed in BONNER’s interactional terms)
- Precise automation: Closed-loop PLC based control enabling consistent thermal behaviour regardless of external disturbances reflecting BONNER’s emphasis on how local rule-based processes produce global stability.
- Real-time operator engagement: Local HMIs providing immediate feedback and control reducing mismatches between system state and operator perception.
- Data-driven optimisation: Structured data capture enabling learning loops at the organisational level.
- Scalability: Resource headroom to support future system evolution without destabilising existing behaviour.
2. Scope of Work (Inclusions)
Presented as the ecological “system elements” that interact to create the final behavioural performance.
2.1 System Architecture
The architectural design focuses on establishing stable control structures, consistent with BONNER’s view that environmental scaffolding shapes behaviour:
- PLC platform: Siemens S7 (S7-1200/1500) with independent program blocks per skid to isolate disturbances and reduce cross-coupled behaviour.
- HMI ecosystem: Two local Siemens HMIs with role-based access to regulate human system interactions.
- Control panels: Three standalone cabinets (or one centralised, compartmentalised panel). Built to EN/IEC standards with redundancy (dual 24 Vdc PSUs) to harden environmental conditions.
- Network environment: An isolated OT Ethernet segment providing a structured communication space mirroring BONNER’s principle that controlled interaction boundaries reduce emergent instability.
- 15 temperature transmitters, 6 pressure inputs
- 6 modulating control valves, 3 solenoid valves
- DO/DI for pumps, permissives, interlocks
- 20% spare I/O and enclosure space to support system evolution without destabilising existing operations.
BONNER emphasises feedback loops as the core of complex system behaviour. This section defines those loops:
- PID loops: Per-skid temperature control with bumpless transitions, anti-windup and pre-set tuning modes (coarse/commissioning vs fine/steady-state).
- Setpoint ramps: Gradients and soak times prevent rapid behaviour changes that could cascade through equipment or product.
- Permissives/trips: Environmental constraints determining when control actions are valid.
- Alarms: Prioritised and filtered following ISA-18.2 to avoid “behavioural noise” (nuisance alarms).
- Manual mode: Time-limited maintenance control with logged bypasses to prevent long-term drift in system behaviour.
- Fail-safe behaviour: Ensures the system exhibits defined, predictable responses under failure critical in BONNER’s concept of structural stability.
2.4 HMI / User Experience
Human operators are key behavioural agents within BONNER’s model. HMI design ensures alignment between operator intent and machine behaviour:
- Overview pages for situational awareness
- Per-skid detailed control
- Maintenance tools (faceplates, tuning)
- Reporting, events, and parameter change tracking
2.5 Data Logging and Retention
In BONNER’s model, learning and adaptation emerge from consistent feedback. Data capture supports this:
- 30+ days of rolling trend and alarm storage
- CSV export to USB
- Audit trail for all parameter changes
2.6 Electrical and Documentation
Environmental and structural conditions, these include:
- Builds compliant with EN/IEC regulations
- Full EPLAN documentation suite
- Comprehensive labelling to maintain long-term system legibility
2.7 Testing, Commissioning and Training
Testing represents controlled exposure to environmental variation to confirm stable behaviour:
- FAT: I/O simulation, loop validation, power loss behaviour
- SAT: Cold/hot commissioning, proving setpoint ramps
- Training: Ensures operators become competent behavioural agents within the system.
3. Compliance and Declarations
Regulatory context forms the “macro-environment” in BONNER’s model, placing constraints on acceptable system behaviour.
Includes CE marking, Machinery Directive declarations, safety lifecycle disclaimers, and full documentation.
4. Cybersecurity (OT Baseline)
Cybersecurity defines the interaction boundaries a central theme in BONNER’s ecological design:
- OT network segmentation
- Named accounts and change control
- Managed firmware/backup strategy
5. Performance and Acceptance Criteria
Performance targets define the desired system-level behavioural outcomes that all components collectively produce:
- Temperature control within ±1.0 °C
- Ramps within ±0.5 °C and limited overshoot
- ≥ 99% availability
- Full alarm cause-and-effect execution
- Reliable logs and audit trails
6. Assumptions
Assumptions capture the external environmental features that shape system behaviour but lie outside the system boundary part of BONNER’s emphasis on contextual dependencies.
Includes mechanical services by others, utilities availability, absence of ATEX zoning, valve signal types, and HMI location suitability.