Increasing Diagnostic Coverage in Safety Instrumented Functions

Two very knowledgeable people in safety instrumented systems (SIS), Mike Boudreaux and Riyaz Ali, shared with me the story behind the recent news about the DVC6000 SIS digital valve controller (operated by 4-20mA) being certified to be compliant with IEC 61508 for use up to SIL 3 safety instrumented functions (SIF).

With this certification, DeltaV SIS logic solver‘s HART two-state, 4-20mA output and the Fisher DVC6000 SIS without any additional solenoids or other auxiliary devices can be used for SIL 3 applications. This configuration provides capturing trip events during safety demand, which provides crucial data for reliability and analysis by safety engineers of event. It’s also helpful information for regulatory audits.

Now, I used my trusty friend Google to learn more about the HART two-state channel and found this page in DeltaV Books On-Line on the function block in the logic solver that helps make this happen. Basically:

…DeltaV SIS Logic Solver Digital Valve Controller (LSDVC) function block provides an interface to the DVC6000 SIS for safety shutdown and for partial stroke testing. The HART Two-state Output Channel provides the control signal and the HART communications path to the digital valve controller. You can configure the output channel to have an OFF_CURRENT of 0 mA or 4 mA. The control signal can command the valve controller to the tripped state regardless of the configured OFF_CURRENT value. Using an OFF_CURRENT value of 4 mA allows HART communication between the Logic Solver and the valve controller whether the valve controller is in the normal or the trip state. When the OFF_CURRENT is 0 mA, the power is removed entirely when the LSDVC function block drives the channel Off.

Mike noted that continuous diagnostics is possible because the valve closes when delivered a 4 mA signal. The DVC6000 SIS records the results of a demand event by logging all the results of travel and pressure data points in the microprocessor memory. This event log is critical for plant personnel, reliability engineers, and auditing authority to understand the final element status before and after the trip or demand event. Before the new certification was obtained, diagnostics would be lost on shutdown because the signal to the DVC would be 0 mA.

These on-line diagnostics coupled with partial stroke testing can be automatically initiated from the DeltaV SIS logic solver. This means that the final control element is periodically checked to help protect against spurious trips and to test for demand availability. The operator can also manually initiate these partial stroke tests from operator faceplates. The DVC6000 provides pass/fail status back via HART digital communications for alarming and historical event recording.

Riyaz pointed out that Type B devices (generally microprocessor-based) the IEC 61508 international safety standard (part 2, table 3) mandates redundancy in SIL 3 applications. This means the DVC6000 SIS connected to the DeltaV SIS HART two-state channel is suitable for SIL 1 and SIL 2 applications without redundancy, but for SIL 3 SIFs, IEC61508 mandates a full redundancy or hardware fault tolerance of one.

Achieving this certification helps reduce the components in these SIFs and increase the diagnostic coverage and capture of historical SIS information on demand.

Posted Friday, August 8th, 2008 under Abnormal Situation Prevention, Final Control Element, Safety.