Emerson’s Riyaz Ali, whom you may recall from earlier posts, wrote an Inside Functional Safety article recently titled, Digital Technology: A remedy for sick shutdown valves in Safety Instrumented System (SIS) applications. The paper is available for purchase from Inside Functional Safety, so I can’t upload or link to it, but I’ll highlight a few points Riyaz makes. Here’s a portion of the abstract:
In the event of a safety demand, the final control element of a safety instrumented function (SIF) loop is a key component to a process going to a safe state. Unlike the logic solver or sensors (analog transmitters), the final control element requires a total shutdown to check the mechanical integrity. With the invention of the digital valve controller, a final control element’s mechanical movement can be tested online by moving a span of 10% or 15% without disrupting the process.
IEC61511 is an industry specific version, specifically dealing with process industries in the “Functional Safety: Safety Instrumented Systems for the Process Industry Sector.” IEC61511 provides clarity to the use of IEC61508 in automation protection systems for the process industries by using industry specific vocabulary, specific examples, and tailored requirements.
As mentioned in the abstract, the final control element is a critical portion of the safety instrumented function or safety loop to take the process to a safe state. It could be an emergency shutdown valve, blow down valve, emergency isolation valve, emergency venting valve, or on/off valve. These valves may remain dormant for long periods, so they must be tested periodically to make sure they will operate properly upon a safety demand situation.
Riyaz notes that conventional testing requires either process shutdowns or bypasses, the latter which add complexity and risk to the process flow. Completely testing the final control element’s performance requires “…an in-line test that strokes the valve for full travel.”
Without bypasses, the loss of production means process manufacturers want to extend these full stroke tests as long as possible, until the plant is shutdown for turnaround maintenance.
Riyaz describes ways developed to extend the time intervals for the final control element testing by partially stroking the valves. He writes:
It was recognized that the most likely failure mode of a discrete shutoff valve is to remain stuck in its normal position. To test for this type of failure, it is not necessary to completely stroke the valve to test its functionality. A large percentage of covert valve failures can be detected if a limited form of testing can determine that the valve is not stuck and will begin to move. Furthermore, if this type of test could be performed online without shutting down the process, improvements in the PFDavg could possibly be obtained without the loss of production.
Methods to perform this partial stroke testing include mechanical limiting devices and more recently logic solver-based testing:
…which sends fixed pulsations to the solenoid valve to monitor the subsequent movement of the valve. The pulse duration is set to allow slightly more than the required 10-15% movement. The feedback to valve movement is provided by an analog limit switch.
Whichever method is used, written safety procedures are important to make sure plant trips don’t occur and proper documentation and maintenance is performed by properly trained personnel.
Riyaz shares how a digital valve controller is a good solution for these partial stroke tests because it:
…receives a control signal from the logic solver. It incorporates travel feedback of the valve position plus supply and actuator pneumatic pressures. This allows the smart positioner to diagnose not only itself, but also the health of the valve and actuator.
Since the process is not shutdown, the tests can be run more frequently and initiated by the logic solver, HART handheld communicator, panel, and/or PC. The tests are also automatically documented and can provide comparisons between tests. In the event of a safety demand, the digital valve controller can also provide a log to help understand the sequence of events for post-event analysis.
He clarifies that partial stroke tests, “…do not eliminate the need for full stroke test; however, it does extend the proof test interval.” This extension is often long enough to reach the plant turnaround where all the final control elements can have full stroke testing performed.
If you are unfamiliar with some of these ways of partial stroke testing, you may want to purchase the paper or review some of the past blog posts in which I’ve featured Riyaz.