When asked recently, he shared an ISA Safety Division newsletter from the fall of 2007. Unfortunately, I couldn’t find the newsletter in my Google searches. His article in this newsletter, When is a Safety Integrity Level (SIL) Rating of a Valve Required?, explored safety integrity level (SIL) suitability ratings for control valves.
He shared this definition from the IEC 61511 global safety standard:
Basic Process Control System (BPCS)
A system which responds to input signals from the process, its associated equipment, other programmable systems and/or an operator and generates output signals causing the process and its associated equipment to operate in the desired manner but which does not perform any safety instrumented functions with a claimed SIL = 1.
This definition leads us to conclude that a BPCS is any system that has a SIL<1. Therefore, SIS systems employing Safety Instrumented Functions with a specified safety integrity level, which is necessary to achieve safety function, need to have a SIL rating equal to or above 1.
Based on this definition, Riyaz posed these questions [hyperlinks added for safety terms]:
- Why are control valves that are used in a BPCS required to be SIL certified?
As per IEC definition, a SIL rating is not required but it is possible that reliability data for a valve may be required. Industry or end user may require failure rate data of equipment or in loose term MTBF (Mean Time Between Failure).
Essentially MTTF (mean time to fail) is the right term to define product reliability. It is usually furnished in units of hours. This is more common for electronic components, but trends are seen even for mechanical items.
- How can MTTF provide useful data for the calculation of PFDavg (probability of failure upon demand)?
MTTF can be simplified to 1/(sum of all failure rates) or equal to 1/λ… (Note: Riyaz shows the equations and components of detected and undetected failures and whether the failures lead to safe or dangerous conditions. For more, see the whitepaper Riyaz wrote for the Kuwait ISA section.)
MTTFs calculations provide plant availability, which is a very important measurement of process plant up-time capability. A spurious trip that is considered a safe but unplanned trip may be too strenuous for piping and other equipment. Not only are production and quality affected, profits may be as well. Also, it is important to consider the higher risk associated with plant start up. IEC 61508 stresses more on “safety event”, in case of demands, which relates to dangerous undetected failures and are used to compute PFDavg.
As such, mechanical equipment like valve bodies and actuators do not have any diagnostics capabilities. According to IEC 61508 part 2, table 2, with a hardware fault tolerance (HFT) of zero, with a single valve without additional diagnostics, only SIL 1 is achievable per IEC 61508. A digital valve controller mounted on a “Final Control Element” improves the diagnostic coverage factor, which in turn improves the SFF number, allowing the possible use of higher SIL rated applications (Per IEC 61508 part 2, table 3) by use of the Partial Stroke Test.
If control valve is designated to carry out a safety function then it should meet the SIL level of the Safety Instrumented Function loop. In this case, failure rate numbers will be required to compute the total PFDavg of the loop. The end user may possibly ask for third party certification to comply with IEC 61508 requirements to meet certain SIL suitability.
Visit our earlier post, Control Valves in Process Safety Applications for more on Riyaz’ thoughts on the use of control valves in safety instrumented functions.
You can also connect and interact with other process safety experts in the Safety Instrumented Systems group in the Emerson Exchange 365 community.