InTech magazine has a web exclusive on the importance of safety valves in a safety instrumented system. The article, Valve failure: Not an Option, describes methods of implementing partial stroke testing (PST) to reduce the probability of failure upon demand, average (PFDavg).
For those not familiar with a partial stroke test, I found this definition:
This test checks for valve movement without fully stroking the valve. Many applications will allow 10% movements to verify valve response without upsetting the critical process line. Diagnostic data is collected and an alert is given if the valve is stuck.
The purpose of this test is to improve PFDavg to possibly increase the safety integrity level (SIL) rating of the safety valve in a safety instrumented function (SIF), to extend the proof test interval, or a combination of both. Extending the proof test interval may allow process operators to avoid additional downtime by scheduling proof tests during turnarounds.
The author enumerates four methods of performing the PST: by the emergency shutdown system (ESD), by a positioner-based device, by a 2-out-of-2 (2oo2) or 2-out-of-3 (2oo3) redundant device, and by a 2-out-of-4-
doubled diagnostic (2oo4D) redundant device.
The part of the article that jumped out for me, which I needed to ask Emerson’s Riyaz Ali about was:
Using a positioner-based device is perhaps the worst option, as it is a complete misapplication of technology. Positioners should modulate control valves, whose movement is very small. ESD valves on the other hand are fully open or fully closed, and go from one state to the other as quickly as possible. Because positioners have a very small Flow Factor (Cv), they cannot vent a valve diaphragm quickly as required to satisfy the process safety time, and are suitable only for smaller valves. To compensate for this deficiency, an interposing SOV can vent the valve diaphragm. This SOV is not tested during the PST and remains in an open position for an extended period of time. As such, it may not be able to close (vent) upon demand and is itself a source of both dangerous failures and spurious trips.
In addition to the interposing SOV, positioners use a pneumatic valve-nozzle arrangement, which operates independently of the positioner electronics. Given the nozzle orifice plugs up (often by a tiny spec of dirt or water in the air supply), shutting off the electronics will not vent the valve diaphragm. This is a dangerous failure mode, as venting the diaphragm (closing the valve) is critical to achieving the safe state. Unfortunately, most positioner product safety evaluations do not address this dangerous failure mode.
Riyaz offers some counterpoints. Advanced positioners or digital valve controllers such as the Fisher DVC6000 SIS have been designed specifically to operate safety shutdown valves and has gone through the rigorous design, testing and certification process defined in the IEC 61508 international safety standard for use up to SIL 3 applications. This design, testing and certification process was developed to ensure the applicability of the technology for this process safety application.
Riyaz notes that it is true that a very few applications do require shorter process safety times. He points out that it is not necessary to use a solenoid valve (SOV) to improve the stroking speed. Positioners can use pneumatic devices to achieve faster stroking time. I discussed a quick-exhaust example in an earlier post. For process manufacturers who still would like to use an SOV in the SIF loop, these SOVs have different capacities to meet the stroking speed requirements. Also, some of the more modern positioners like the DVC6000 SIS can also monitor the health of the SOV when it’s used with a single-acting actuator. It performs checks for the dangerous failures of SOVs on-line without affecting the process.
Some digital valve controllers, like the DVC6000 SIS, are suitable for use in a SIL3 SIF in standalone mode. When used in standalone mode or in pneumatic series with SOV or other pneumatic accessories, it continuously checks the pneumatic integrity (functioning of I/P and pneumatic relay) to ensure that these components are working and ready to drive the valves upon a safety demand (see figure 13). If, during normal operation, any abnormality is noted, an alert is sent to the HOST system.
Riyaz also provides clarification that air quality requirements are always specified in each product bulletin for pneumatically operated valves and specifically, the safety manual of a field device always recommends to follow the ISA S7.0.01 air quality standard, which specifies the air be clean, dry, without oil, water or any particulate contaminates.
For your IEC 61511 process safety risk mitigation efforts, partial stroke testing performed by digital valve controllers can help you reduce the PFDavg on your safety shutdown valves.
Update: Welcome, Plant Engineering Live blog readers! Jack, I appreciate the great recap of this post!
Update 2: Thanks to Dr. Beckman for pointing out my error on 2004D in the comment section of this post. It is “diagnostic” and not “double” as I’d originally written. I’ve also shown Dr. Beckman’s comments to Riyaz and asked if he’d like to add a comment… stay tuned!