Fail-Safe in the Field: Redundant Controls for a Hazardous-Environment Pumping Facility
How CSI designed, built, and commissioned a fully redundant safety control system for a Zone-2 multiphase pumping facility in the Middle East — delivering high-availability automation for one of the most demanding environments in oil and gas.
Industry
Oil & Gas
Service
Full System Design & Integration
Platform
Siemens S7-400H-F
Classification
Zone 2 Hazardous Area
A global pump manufacturer was supplying twin-screw multiphase pump packages for a green field oil development project in the Middle East. Each package needed a complete control system capable of operating independently in a Zone-2 hazardous environment — where flammable gases may be present and equipment failure isn’t an option. The system had to manage pump startup and shutdown sequences, auxiliary systems including lube oil and seal oil circuits, and interface with the plant’s existing DCS, vibration monitoring, and emergency shutdown infrastructure. Redundancy wasn’t a nice-to-have — it was a contractual and safety requirement across every layer of the architecture.
CSI delivered the complete controls package for two independent multiphase pump systems — from electrical design through panel build, software development, and commissioning. The design started from supplied P&IDs, with CSI producing a full set of electrical drawings in EPLAN, sourcing all Siemens and panel components, and building the PLC and remote I/O panels to ESA Zone 2 certification standards.
At the core of each system is a Siemens S7-400H-F redundant fail-safe controller with dual CPUs on separate racks, connected to three ET200M remote I/O racks via redundant Profibus DP. A Sinamics GM150 drive controls the main pump motor through a Profibus Y-Link adapter, while Ethernet connections link the PLC to a 19-inch WinCC Flexible HMI, the plant’s Yokogawa DCS, and a Bentley Nevada vibration and temperature monitoring system.
CSI developed the full software package — PLC logic, HMI screens, safety programming, and all communication interfaces — based on detailed start-up and shutdown narratives provided by the customer. The system supports local, remote, manual, and automatic modes of operation, with extensive alarm management, maintenance overrides, cause-and-effect matrices, and graphic process displays for each pump package.
The project scope ran from initial design through to on-site commissioning at the facility in the Middle East. CSI’s engineering team worked closely with the pump manufacturer to translate process requirements into a controls architecture that met both the operational demands of multiphase pumping and the safety standards required for a Zone-2 classified installation. Every aspect of the system — from startup sequencing to emergency shutdown behavior — was developed against the customer’s operational narratives and validated through factory acceptance testing before shipment.
Years after the original delivery, CSI was brought back to implement logic modifications to the seal oil system — updating safety interlocks, PLC programming, HMI displays, and cause-and-effect logic, all validated through simulation testing before deployment. That ongoing relationship speaks to the quality of the original design and CSI’s ability to support complex systems long after commissioning.
The control system has been operating reliably in the field since its original commissioning, managing two independent multiphase pump packages in a demanding desert environment. The redundant architecture has delivered the high availability the application demands — no single point of failure exists in the control layer. CSI’s continued involvement through post-commissioning modifications demonstrates the system’s adaptability and the strength of the long-term engineering relationship.
Independent pump systems
Years of operational support
Single points of failure
Tell us about your project, and we’ll walk you through how we’d approach it