Sometimes an email exchange turns up something developed years ago that still has great value. So is this case with an article I received as an attachment on final control elements and their suitability in safety instrumented functions (SIFs), a.k.a. safety loops.The article, When SIL suitability is required for final control elements, was written by Emerson’s Riyaz Ali back in 2011 for EngineerIT magazine.
The final control element is critical in a SIF since it takes the action to drive the process to a safe state. Riyaz opens noting:
Final control elements (control valves or safety shut down valves) are the key components of any closed loop control system, whether used for a basic process control system (BPCS) or for a safety instrumented system (SIS).
Riyaz describes key terms used in SILs:
…a quantifiable measurement of risk used as a way to establish safety performance targets of SIS [safety instrumented system] systems. A SIL level can be expressed in terms of probability of failure on demand (PFD) or risk reduction factor (RRF). Risk reduction factor is simply a reciprocal of PFD (1/PFD). SIL levels are designated in terms of PFD or RRF as a range of numbers.
To determine the suitability rating for a SIF:
…a PFD value needs to be computed for components of the loop (SIF loop consists of sensor, logic solver, final element). To calculate PFD, an equipment failure rate number is required.
ISA-84 defines two failure modes—physical (random) failures and functional (system) failures.
…result from the degradation of one or more hardware mechanisms. It is often permanent and attributable to some component or module. For example, when a control valve is at the end of travel and not moving with the change in the control signal due to a broken shaft, the failure has occurred because of a physical failure of the component in the valve.
…are failures related in a deterministic way to a certain cause, which can be eliminated by a modification of the design or manufacturing process, operational procedures, or other relevant factors. For example, a computer program has crashed and there is no physical damage, but the system has failed. The end result is that the program is not working and a failure has occurred due to a systematic error in programming code.
Riyaz highlights the difference between control valves used in basic process control systems (BPCS) and safety instrumented systems:
…a BPCS is any system that has a SIL<1. Therefore, SIS systems employing safety instrumented functions with a specified safety integrity level, which is necessary to achieve safety function, need to have a SIL rating equal to or above 1.
Control valves can be used in safety applications:
…due to reliability attributes of control valves, especially on smaller sizes…
You want to read the article to see three cases and calculations that Riyaz explains where control valves can possibly be used as safety shut down valves:
- Case 1: Control valves which are used only as an on/off single final element
- Case 2: Control valves which are used in a dual purpose context (both for control and safety)
- Case 3: Control valves which are used in a dual purpose context in addition (redundancy) to an on/off valve
If a control valve is designated to carry out a safety function then it should meet the SIL level of the safety instrumented system function loop. In this case, failure rate numbers will be required to compute the total PFDavg of the loop. The end user may possibly ask for third party certification to comply with IEC 61508 requirements to meet certain SIL suitability. However, if a control valve is designated for normal process control then as per IEC61511-3 part 1, section 3.2.3, basic process control system, the definition does not designate control valves to have SIL suitability.
You can connect and interact with other safety professionals in the Safety Instrumented Systems group in the Emerson Exchange 365 community