You are on page 1of 21

ISA S84.

01 Application of Safety Instrumented Systems for the Process Industry


Testing of SIS Valves

ISA SP84.01 Origins / Direction


Grew out of OSHA (1910.119) and EPA (40CFR Part 68) mandates ISA specification will be superseded by IEC 61511, Functional safety of Safety Instrumented Systems for the Process Industry Sector IEC 61511 imposes additional redundancy requirements to achieve high SIL rating; these can be mitigated where diagnostics are shown to be used to provide predictive maintenance.

ISA SP84-01 Requirements


1.1.2 The SIS includes all elements from sensor to the final element, including inputs, outputs, power supply and logic solvers. SIS user interface may be in the SIS. 1.1.3 Other interfaces to the SIS are considered part of the SIS if they have potential impact on its safety function. 7.9.3 a) SIS shall be designed in accordance with the maintenance and testing requirements defined in the Safety Requirement Specifications. 7.9.1 Where the interval between scheduled process downtime is greater than the functional test interval, then on-line testing facilities are required.

ISA SP84-01 Requirements


9.7 Functional testing - Not all system faults are self revealing. Covert faults that may inhibit SIS action, this can only be detected by testing the entire system 9.7.1 Periodic functional tests shall be conducted using a documented procedure to detect covert faults that prevent the SIS from operating as per the Safety Requirement Specifications. 9.7.2 The entire SIS shall be tested including the sensor(s), the logic solver, and the final element(s) (e.g. shutdown valves, motors) Integral (entire system) testing not required except for prestartup acceptance

ISA SP84-01 Requirements (contd)


7.9.3 b) The operator shall be alerted to the bypass of any portion of the SIS via an alarm and/or operating procedure. (ISA S84.01) 7.9.3 c) Bypassing of any portion of the SIS shall not result in the loss of detection and/or annunciation of the condition being monitored. (ISA S84.01)

ISA SP84-01 Requirements (contd)


The PFD for the entire SIS is the sum of the PFD for each element. Low complexity Field devices contribute most to total PFD. 85% of the PFD is allocated to the field devices and the remaining 15% to the Programmable Electronic System. Any safety system design that does not fully comprehend the effect of the field devices (sensor and final control elements) is woefully incomplete and consequently inadequate.
(ISA S84.01)

Probability of Failure (PFD)


PFD = (D) * TI/2 Where D = component dangerous failure rate (1) TI = testing interval PFD = DCpt(D) * TIpt/2 + (1- DCpt)(D) * TIft/2 Where DCpt = Diagnostic Coverage Factor TIpt = testing interval, partial stroke TIft = testing interval, full stroke
(1) See OREDA, 1997

Safety Integrity Level (SIL)


SIL 1, 10-1 < PFD < 10-2 SIL 2, 10-2 < PFD < 10-3 SIL 3, 10-3 < PFD < 10-4

Graph of PFD against time


Operational unavailability

10-1

90% 50% 10%

10-2

10-3 Test interval time t=0

Graph of PFD against time to achieve SIL level


Operational unavailability

10-1

SIL 1

10-2

SIL 2

10-3 Test Test Test

SIL 3

t=0

Graph of PFD against time to achieve SIL 2


Operational unavailability

10-1

SIL 1

10-2

SIL 2

10-3 Test t=0 Test Test Test Test Test

SIL 3

Factors Effecting Testing Frequency


SIL Level Failure rate of valve in intended service Valve manufacturers recommendation Operational constraints Level of redundancy Good engineering practice

On-Line SIS Valve Testing Alternatives


Bypass Valves Partial Stroke Testing

Bypass Valves
Pros Complete diagnostic coverage factor Can allow for ESD Valve removal / repair with unit running Cons Expensive May limit process throughput unless full size bypass used

Partial Stroke Testing


Allows more flexible testing intervals Diagnostic coverage credit varies from 50% - 70% credit (vs. full stroke test) for detecting valves dangerous failure modes; DCpt a function of the specific partial stroke mechanism used

Partial Stroke Testing


Mechanical / Jammers

Pros High Diagnostic Coverage Simple Generally inexpensive

Cons Labor intensive Require tight administrative procedures Added risk of spurious trip No diagnostics Valve unavailable during test

Partial Stroke Testing (Contd)


SIS Logic Solver
Pros Cons

High Diagnostic Coverage Can provide diagnostics Testing can be automated Valve available during test

Generally expensive Added software in logic solver Added risk of spurious trip Violates principle of using separate technology / hardware between DCS, SIS and testing

Partial Stroke Testing (Contd)


Proportional Control Cons Pros Requires addition of Can provide digital valve positioner (adds to system PFD) diagnostics Higher wiring costs Testing can be May not have high automated diagnostic coverage Valve available during Doesnt test valve at actual speed of operation test Increased spurious trip rate

Partial Stroke Testing (Contd)


Manufacturer D Pros Cons Provides diagnostics Higher wiring costs High diagnostic coverage Testing can be automated Slightly increased spurious trip rate Valve available during test Tests valve in real time operating speed Does not increase PFD of system Available feature to allow data capture during trip

Conclusion
Testing of SIS valves represents a significant challenge, involving safety and operational constraints Partial stroke testing can:
Provide improvement in PFD over full stroke testing alone Provide diagnostic capability about current valve operation and future potential failures

Presentation facilitated by Process Safety Systems in conjunction with

The Drallim LMT System


And International/Company Standards on Safety Related Systems.

D.M.Essam Drallim Industries Ltd