Safety instrumented functions (SIFs), also known as safety loops, are comprised of a sensor to sense the process condition, a logic solver to decide the safety action to take, and a final element to perform the action. Emerson’s Riyaz Ali and I & C Specialist’s C B Chakradhaar gave a presentation at the 2010 Emerson Exchange focusing on the final element in the loop. Their presentation, SIS “Final Element” Diagnostics Including The SOV, Using A Digital Valve Controller, explored the safety functions that rely on valves as their final element. These must operate on demand to make the process safe.
Desmond Lee and Andy Crosland, members of Emerson’s process safety systems team, provided me their notes from this presentation as background for this post. You may recall them from some of the process safety-related posts on this blog.
Riyaz opened the session with a discussion of why there is a need to test safety valves–as studies have shown that they contribute up to 50% of SIS failures. The problem is that these valves usually sit there wide open for months on end, which can lead to mechanical failures–so how do you know it will move when you need it to?
He explained the traditional ways of testing these safety valves such as pneumatic local panels, pin retainers, and bypassing, etc. These conventional methods are difficult to operate and maintain. They also do not have “safety availability”, or the ability to perform a safety demand, during the test. These tests also lack embedded intelligence and logging capabilities. Problems associated with these test methods led to the development for a means to test these safety valves and receive health status reports.
The result of this development was the Fisher FIELDVUE DVC6000 SIS digital valve controllers that provide online, partial stroke testing (PST) of safety valves. This testing reduces the probability of failure on demand (PFD), which can increase the safety integrity level (SIL) where the safety valve is applied. These tests also improve validation of the safety instrumented function and extend the time between turnarounds, when a full-stroke test is required. The PST results are documented and stored in an audit trail, in support of the process manufacturer’s IEC 61511 safety lifecycle audit documentation requirements.
Some of the diagnostic alerts that help reduce PFD include stuck valve indication, low supply pressure, valve travel, shaft integrity, and travel and pressure deviation. Special safeguards are build into the DVC6000 SIS such as safety demand automatic override of a PST and write protection to deter local, unauthorized access to calibration or configuration parameters.
The DVC6000 SIS also provides a means to check the integrity of the solenoid valve (SOV) plunger (which can remain dangerously undetected) to monitor the SOV’s health. By pulsing the SOV in a fraction of a second, the ability of the SOV to close on demand is tested. This pulse is long enough for SOV to vent and short enough to so that the actuator doesn’t bleed enough pressure to make the safety valve move and possibly shutdown the process. See slides 24-27 in the embedded presentation for a visual display of how this testing works.
One of the key takeaways is to capture the trigger event in case of a demand when using the microprocessor-based intelligent device analog output (AO) 4-20mA signals on the mechanical shut down valves. This data resides in nonvolatile memory in the digital valve controller’s microprocessor, providing reliability and giving a functional safety engineer the opportunity to review the cause of the event to help avoid such an incident in the future.
Also, take a look at the presentation to see some actual partial stoke test results, valve signatures, SOV tests, and valve step responses at a major Middle East production facility.