isa s84.01 on esd valve testing[1]
TRANSCRIPT
ISA S84.01Application of Safety
Instrumented Systems for the Process Industry
Testing of SIS Valves
ISA SP84.01 Origins / Direction
• Grew out of OSHA (1910.119) and EPA (40CFR Part 68) mandates
• ISA specification will be superseded by IEC 61511, Functional safety of Safety Instrumented Systems for the Process Industry Sector
• IEC 61511 imposes additional redundancy requirements to achieve high SIL rating; these can be mitigated where diagnostics are shown to be used to provide predictive maintenance.
ISA SP84-01 Requirements• 1.1.2 The SIS includes all elements from sensor to the final
element, including inputs, outputs, power supply and logic solvers. SIS user interface may be in the SIS.
• 1.1.3 Other interfaces to the SIS are considered part of the SIS if they have potential impact on its safety function.
• 7.9.3 a) SIS shall be designed in accordance with the maintenance and testing requirements defined in the Safety Requirement Specifications.
• 7.9.1 Where the interval between scheduled process downtime is greater than the functional test interval, then on-line testing facilities are required.
ISA SP84-01 Requirements• 9.7 Functional testing - Not all system faults are self
revealing. Covert faults that may inhibit SIS action, this can only be detected by testing the entire system
• 9.7.1 Periodic functional tests shall be conducted using a documented procedure to detect covert faults that prevent the SIS from operating as per the Safety Requirement Specifications.
• 9.7.2 The entire SIS shall be tested including the sensor(s), the logic solver, and the final element(s) (e.g. shutdown valves, motors)
• Integral (entire system) testing not required except for pre-startup acceptance
ISA SP84-01 Requirements (cont’d)
• 7.9.3 b) The operator shall be alerted to the bypass of any portion of the SIS via an alarm and/or operating procedure. (ISA S84.01)
• 7.9.3 c) Bypassing of any portion of the SIS shall not result in the loss of detection and/or annunciation of the condition being monitored. (ISA S84.01)
ISA SP84-01 Requirements (cont’d)
• The PFD for the entire SIS is the sum of the PFD for each element.
• Low complexity Field devices contribute most to total PFD.
• “85% of the PFD is allocated to the field devices and the remaining 15% to the Programmable Electronic System. Any safety system design that does not fully comprehend the effect of the field devices (sensor and final control elements) is woefully incomplete and consequently inadequate.”
(ISA S84.01)
Probability of Failure (PFD)PFD = (λD) * TI/2
Where
λD = component dangerous failure rate (1)
TI = testing interval
PFD = DCpt(λD) * TIpt/2 + (1- DCpt)(λD) * TIft/2
Where
DCpt = Diagnostic Coverage Factor
TIpt = testing interval, partial stroke
TIft = testing interval, full stroke(1) See OREDA, 1997
Safety Integrity Level (SIL)
• SIL 1, 10-1 < PFD < 10-2
• SIL 2, 10-2 < PFD < 10-3
• SIL 3, 10-3 < PFD < 10-4
Graph of PFD against time
10%10%
Ope
ratio
nal u
nava
ilabi
lity
Ope
ratio
nal u
nava
ilabi
lity
1010--33
1010--22
1010--11
t = 0t = 0
90%90%50%50%
Test interval timeTest interval time
Graph of PFD against timeto achieve SIL level
Ope
ratio
nal u
nava
ilabi
lity
Ope
ratio
nal u
nava
ilabi
lity
1010--33
1010--22
1010--11
t = 0t = 0
SIL 1SIL 1
SIL 2SIL 2
SIL 3SIL 3TestTest
TestTest
TestTest
Graph of PFD against time to achieve SIL 2O
pera
tiona
l una
vaila
bilit
yO
pera
tiona
l una
vaila
bilit
y
1010--33
1010--22
1010--11
t = 0t = 0
SIL 1SIL 1
SIL 2SIL 2
SIL 3SIL 3TestTest
TestTest
TestTest
TestTest
TestTest
TestTest
Factors Effecting Testing Frequency
• SIL Level• Failure rate of valve in intended service• Valve manufacturer’s recommendation• Operational constraints• Level of redundancy• Good engineering practice
On-Line SIS Valve Testing Alternatives
• Bypass Valves• Partial Stroke Testing
Bypass Valves
• Pros• “Complete” diagnostic
coverage factor• Can allow for ESD
Valve removal / repair with unit running
• Cons• Expensive• May limit process
throughput unless full size bypass used
Partial Stroke Testing
• Allows more flexible testing intervals• Diagnostic coverage credit varies from
50% - 70% credit (vs. full stroke test) for detecting valves dangerous failure modes; DCpt a function of the specific partial stroke mechanism used
Partial Stroke Testing
Mechanical / Jammers
Pros• High Diagnostic
Coverage• Simple• Generally inexpensive
Cons• Labor intensive• Require tight
administrative procedures• Added risk of spurious
trip• No diagnostics• Valve unavailable during
test
Partial Stroke Testing (Cont’d)
SIS Logic SolverPros
• High Diagnostic Coverage• Can provide diagnostics• Testing can be automated• Valve available during test
Cons
• Generally expensive• Added software in logic
solver• Added risk of spurious
trip• Violates principle of using
separate technology / hardware between DCS, SIS and testing
Partial Stroke Testing (Cont’d)
Proportional Control
Pros• Can provide
diagnostics• Testing can be
automated• Valve available during
test
Cons• Requires addition of
digital valve positioner (adds to system PFD)
• Higher wiring costs• May not have high
diagnostic coverage• Doesn’t test valve at
actual speed of operation• Increased spurious trip
rate
Partial Stroke Testing (Cont’d)Manufacturer “D”
Pros• Provides diagnostics• High diagnostic coverage• Testing can be automated• Valve available during test• Tests valve in real time
operating speed• Does not increase PFD of
system• Available feature to allow
data capture during trip
Cons• Higher wiring costs• Slightly increased
spurious trip rate
Conclusion
• Testing of SIS valves represents a significant challenge, involving safety and operational constraints
• Partial stroke testing can:– Provide improvement in PFD over full stroke
testing alone– Provide diagnostic capability about current
valve operation and future potential failures
The The DrallimDrallim LMT SystemLMT System
And International/Company And International/Company Standards on Safety Related Standards on Safety Related
Systems.Systems.
D.M.EssamD.M.Essam DrallimDrallim Industries LtdIndustries Ltd