I received an email last week with some questions to an earlier post, Checking Your Safety Solenoid Valves. While protecting the emailer’s anonymity, I thought I’d share the questions and answers provided by Emerson’s Riyaz Ali with you.
The first question was about the assertion, “What the technology team found through extensive research and development is that the solenoid valve can be pulsed for a split second by smart SIS logic solvers like the DeltaV SIS system.” The question was:
The apparent assumption here is that the DVC6000 SIS is added to the solenoid valve installation but does not replace it. This raises the question of what benefit the DVC6000 SIS has over other versions.
Riyaz responded:
The digital valve controller (DVC) is used as a diagnostics device to initiate partial stroke tests (PST) and to continuously monitor the health of valve, even if there is no change in input signal to the DVC. The DVC6000 SIS is certified for use in Safety Instrumented Function loop without solenoid-operated valves (SOV). Applications which require faster stroking speed and where a process manufacturer is more concerned about “safety availability” and would like to have either or device pneumatically in series to take the final element to a safe state, will employ DVC and SOV.
It is true that physically the DVC6000 and DVC6000 SIS have the same components (except sticker on cover and different firmware in microprocessor) but unlike the general DVC used for process control, the DVC6000 SIS for safety has built in:
- safe guard against spurious trip during PST
- PST on line in service without change of input signal
- configurable stroking speed to ramp (rather than step) slowly of fast during partial stroke test
- capture the PST test results and store in the non volatile memory of device
- using associated software allows the analyzed test results of health of the final Element
- audit documentation (comparisons and storage)
- returns the valve to its normal state after completion of test
- manual reset feature
- automate PST without any other user interface
A second question arose about what value there is if the DVC6000 goes to zero mA and loses power and thus losing its diagnostic:
Again, it doesn’t appear that the SIS version is bringing anything to the party. If configured in the 0-20mA or 0-24 volt DC scheme and used as part of the safety trip, communications are lost during the trip and the feature described does not apply. If it is not used to trip the valve, why use the SIS derivative?
Riyaz answered:
When DVC is used with 0-20mA or 0-24VDC, it only loses its capability to trigger the event in the case of “Safety Demand”. It otherwise has all other capabilities of a DVC6000 SIS operated by 4mA. When used with 0ma or 0VDC, DVC does take an active part in “Safety Shutdown” and makes “Final Element” to attain “Safe State”. The DVC6000 SIS, when operated with 4-20mA, can capture and store the results in the nonvolatile memory for study and understanding of event which could provide vital clues of the event and also could provide learning lessons for the future. This provides the opportunity for safety reliability engineers to access and evaluate the “Demand Condition”. Also, the details obtained can be used with regulatory bodies who would like to have audit of device in the case of demand.
The whole purpose of migrating from discrete on-off switch contacts to analog input (sensors) / output (final element) for logic solvers have evolved use of microprocessor-based field devices in safety instrumented systems. If one uses microprocessor-based devices then why should they not use 4-20mA instead of 0-20mA? I am still in the opinion that the analog signal for field device provides continuous monitoring by logic solver for its input and output. If one decides to use microprocessor-based devices, it makes sense to use 4-20mA rather than 0-20mA for the DVC, which does not offer any advantages. On top of it, the DVC6000 SIS when used with 4-20mA is certified for its compliance to IEC 61508.
The final question came up when I wrote, “One final point Riyaz emphasized is the DVC6000 SIS spurious trip protection which provides maximum output pressure to the solenoid at minimum input signal in a case where the 4-20mA signal between the smart logic solver and digital valve controller is lost or severed.” The question was:
Here the SIS is driven by a 4-20 mA signal but, amazingly, it is configured to fail to danger on loss of the control signal. I still don’t see the benefit of the DVC6000SIS over its siblings.
Riyaz responded:
This is typically ETT (Energize to Trip) scenario, where during normal operation customer will use 4mA (because plant availability is highest) and upon Safety Demand customer would like to provide 20mA to DVC so that DVC can trip the valve.
In fact, one of the major oil and gas producers has already used this same scenario in their plant. They are using SOV to trip the valve and DVC for diagnostics, partial stroke test and SOV health test and uses DVC with reverse relay. Even if someone cuts the power to input signal of DVC, it still supplies full pressure to avoid any spurious trips.
I thought sharing this email exchange might provide answers for your IEC 61511 compliance efforts if you had similar questions when reading the earlier post.