Institute of Hazard Prevention
Processing plants contain many valves that perform safety functions (e.g. (BD)). We always hope that these valves need never be used in earnest. Such use means that something has gone wrong and, at least, one plant system has to be shut down, with its associated disruption of oper- ations. However, if ESD valves are called into use, they have to work reliably, because the consequences of failure will be far more serious than the disruption, when they work.
Long experience has shown that, if valves are not exercised, they can stick in one posi- tion. In fact, the general perception is that sticking is the main failure mode of safety related valves. Sticking may be caused by several factors (e.g. dirt or corrosion). Movement of the valves can reduce dirt build-up and can give an indication if corro- sion is present (e.g. because the stroking time is longer than specified). An examina- tion of OREDA 1997 shows that in a popu- lation 552 valves used in ESD/PSD applica- tions, there were 125 critical failures. Of these 125 - 46 involved the valve failing to move; 75 involved leaks of various types; and 1 was a delayed operation. The balance involved a plugged valve and 2 spurious operations. So, on the basis of objective evi- dence, sticking is second to leakage as the main failure mode, but it is still significant.
If safety related valves are fully exercised, it is inevitable that the affected system is shut down. Thus, it is only possible to fully test these valves at scheduled shutdowns and turnarounds. This may mean interval of one, two or more years between valves tests. Given the trend in the process industry to follow the requirements of IEC 61508 and 61511 to preserve safety integrity levels (SIL), these long intervals between tests are often too long to show an adequately low probability of failure on demand (PFD).
Partial stroke testing of the valves can mitigate some of these problems.
The main advantage of partial stroke testing is that it will provide a measure of confi- dence that a valve is not stuck in one position and it will do so at short intervals, if required. This has both a pre- ventive and corrective aspect. The valve movement can dis- lodge any dirt build-up to help prevent sticking. If the valve is already stuck, the test will detect it and corrective measures can be taken. The system can either be brought to an orderly shut down to perform repairs, or, if repairs can be completed quickly, the shut down valve may be temporarily by-passed.
Partial stroke testing can also be automated. PLC-based safety systems are quite capable of being programmed to perform the partial stroke tests, as well as record the results and alarm failures on a given schedule. Similarly, with appropriate instrumentation on the valve, it is possible to determine speed of response and predict stroking times. These variables can be used to determine any dete- riorating trends in the valves. This serves to increase the diagnostic coverage on the valve.
An examination of the equations for pre- dicting PFD, (as per IEC 61508), will show that the most influential variables are: failure rate; proof testing interval and diagnostic coverage. Partial stroke testing serves to improve two of these variables. Figure 1 and the following analyses illustrate this situation.
This simple system has a safety function. If the pressure in the vessel goes high, for any reason, the pressure switch signals the basic process control system (BPCS), which, in turn, signals the actuator to close the inlet valve. If we assume that the system has a turnaround every two years, and the safety function is only tested at that time, and the components have no diagnostic coverage, then using some typical failure data from OREDA and a proven IEC compliant SIL software tool, like SilCoreTM, we can calcu- late a PFD for the safety function:
It is relatively easy to apply automated diagnostic coverage to a computerized con- trol system. So using the same failure rate and MTTR values, if we assume that the diagnostic coverage for the BPCS is 90% (i.e. 90% of failures are discovered and fixed while still incipient), the PFD calculation yields:
It is also relatively easy to proof test the sensors and the BPCS at shorter intervals than the turnaround. So if we assume a proof-testing interval of six months for the sensors, the PFD calculation yields:
Now let us apply partial stroke testing to the valve. Earlier we said 46 of 125 valve failures were due to sticking. Therefore the failure rate for the sticking failure mode is (46/125)* 10.94 = 4.03 failures/106 hours and the failure rate that will not yield to par- tial stroke testing is 10.94 - 4.03 = 6.91 fail- ures/106 hours. Now the diagnostic coverage for sticking valves is much higher (say 90%) and the test can be automated to happen (say every three months).
So, having taken advantage of the “easy” options to reduce PFD first, performing a partial stroke test on the valve, every three months, reduces the PFD by a further 28%. This may be a significant gain when a plant is trying to reach a SIL 1 or SIL 2 rated safe- ty function with basic architecture as shown. Partial stroke testing does have some disad- vantages. If tight shut-off is a requirement for a valve, then this requirement can still only be tested at scheduled shutdowns and turnarounds. However, partial stroking is still better than nothing at all as a safeguard against sticking.
There is also a disadvantage to more fre- quent testing. The moving parts of the valves will be subject to increased wear, par- ticularly the stem and packing. This can lead to leaks. Therefore, whoever is responsible for determining the test interval has to choose, judiciously, between protection against sticking and protection against leaks.
The actual movement of an ESD or a blow down valve may also cause a minor disrup- tion in the process. The length of the partial stroke and the time that the valve is away from its nominal position has to be carefully designed and controlled.
Where partial stroke tests are automated, there is always the possibility that the instru- mentation can fail. However, given the self- test capability of PLC based safety systems, this is both unlikely and, usually, easily detectable.
Partial stroke testing is not a panacea for failures in safety related valves. Nevertheless, it is worthwhile for the protection it gives against the most prevalent failure modes of these valves. It is particularly advantageous where the testing can be automated.
Readers can contact the author, Ken Bingham of ACM Facility Safety a division of ACM Automation Inc. for more information by email: email@example.com and by phone 403-264-9637