contents

Presented to ISA-EXPO 2005 - Chicago

Safety and Reliability: Two Faces

of the same Coin for Ammonia Plant ESD System
Muhammad Al-Humaidi, Mufeed Al-Ghumgham,
Partha Sinha, and Angelito Hermoso
Industrial Safety and Security & Technical Support Departments,
Saudi Arabian Fertilizer Company (SAFCO),
P.O. Box 11044, Jubail 31961, KSA
Tel: +96633406508, +96633406680, Fax: +96633410147
Email 1: MHumaidi@safco.net & MGhumgham@safco.net
Email 2: PSinha@safco.net & AHermoso@safco.net

Keywords:

Emergency Shutdown System, Solenoid Valves, Safety and Reliability, IEC-61508 Standard, Failure
Incident, Test Bench, Lock-up Valve, Control System, Component Failure Analysis

1.0 Abstract
SAFCO3 had experienced three years ago an incident in which the air coil feeding to the
Secondary Reformer had burst. This was followed by a limited explosion. The reason for this
incident was attributed to air ingression to secondary reformer through air feeding valves, which
did not close as per Emergency Shutdown logic (ESD). Therefore, a study was initiated to study
all ESD valves in NH3 plant, and to identify better ways of quantifying Reliability and
improving Safety.
2.0 Introduction
In today’s world, industry leaders in petroleum refining, petrochemicals, power generation, and
space ships typically design and install systems that are both safe and reliable by following
safety and design standards. ESD vendors design Safety system hardware to meet safety
classification. Spurious trips, however, are not adequately modeled during system design or
often they are ignored. Certification Bodies like TUV do not provide system certification for
system spurious trips because their certification does not include this type of failure category.
Reliability does not mean a system remains constantly on without experiencing any spurious
trips, but it means that a system can remain on, and during system operations, it can tolerate
some failures, and still be capable of shutting down the plant safely, and until the failures are
detected and repaired [1].

Well-designed instrumented system shall seek a compromise balance between safety and
reliability by considering appropriate voting, high self-diagnostic coverage in field sensors, logic
solvers, and final elements. This paper will focus attention on Emergency Shutdown System
design aspect for a typical Ammonia plant, review spurious lock-up valve failure of 21FV110,
and its consequences. Furthermore, the paper also deals with what international standards state
about ESD reliability, assess standard adequacy to quantify field ESD components, introduce
alternate methods to quantify reliability of ESD components, establishment of component failure
analysis to investigate hardware malfunction, and implementation of chemical process plants.

Copyright 2005 by ISA.

Presented at ISA EXPO 2005, 25-27 October 2005
McCormick Place Lakeside Center, Chicago, Illinois, www.isa.org
 3.0 Emergency Shutdown System Design Aspects for an Ammonia Plant

Ammonia Chemical Plant is a process gas plant. The process dynamics are quite fast, and during
any upset, the plant may be tripped in a few seconds if operator or the regulation system was not
able to properly respond. The Emergency Shutdown System for an older Ammonia plant was
based on a relay pneumatic system. Across the years of development, vendors have improved
and upgraded ESD to use the latest Programmable Logic Controllers. The design consideration
has focused on the following: -

- Sensing element redundancy (sensors and final elements)

- Use of Analogue devices
- Understanding of Human Errors
- Utilize high integrity reliable logic solver
- Separate the ESD system from the Process Control Layer.
- Design effective Alarm Systems
- Understand the Failure Modes
- Use known and proven Technology.
- Test Safety system Periodically
- Ensure Management control of changes and system bypasses

The result of the above development is the introduction of two latest standards namely IEC-
61508, and IEC-61511, which have presented a typical ESD design that can be implemented for
Industrial application. The ESD system design has to start with the following elements: Field
Input measurements, interlock Logic Solver, and ESD Field activation elements. Figure 1 shows
a presentation of ESD Elements

Field Output
Inputs Logic Activation
Measurement Solver Elements

Figure 1: ESD General Block Diagram

A. Field inputs Measurements

Accurate, repeatable and reliable measurements are vital to safe and efficient Ammonia plant
operation (Refer to Figure 1). Modern measurement technologies typically boast excellent
accuracy and repeatability under “reference” or “controlled” conditions. Unfortunately,
measurements are rarely made under controlled conditions – as a result, performance is always
worse in the “real plant”. A typical example that may be given is a DP-flow meter. This

Copyright 2005 by ISA.

Presented at ISA EXPO 2005, 25-27 October 2005
McCormick Place Lakeside Center, Chicago, Illinois, www.isa.org
instrument is typically connected to an orifice plate to measure differential pressure across the
line. The sources of measurement errors are ambient temperature variation, High static line
pressure, Drift/Stability, pipe friction, barometric variation, and transmission of heat [2].

In order to improve and select best measurement instrument, hardware performance has to be
evaluated under two criteria predicted operating conditions, and uncontrollable operating
conditions. For details, please refer to Table 1.

Table 1: Hardware Transmitter selection Criteria

STATUS Positive limit Criteria Performance Limitation Criteria

Running Conditions Choose a transmitter which has a better Identify or predict the set of
performance under a given set of conditions when the transmitter
conditions performance will be degraded.
Pressure Consider if Pressure and Temperature What will be the accuracy impact if
Temperature compensation was used for accuracy Pressure and Temperature weren’t
Compensation improvement. used ?
Transmitter Frequently Calibrate Transmitter Don’t calibrate Transmitter
Calibration
DP Flowmeter Size the primary element for high DP Size the primary element for Low DP
for better Accuracy. to identify inaccuracy.

B. Logic Solver

The Logic solver represents the main framework of ESD. Several Standards have been
developed and later revised due to technology evolution. In this regard, the following is
mentioned: -

1. ANSI/ISA-84.01 is one of the first standards that has highlighted to industry the physical
separation of regulation layer from ESD Logic Solver Layer. This means both layers shall be
independent, and they may exchange data for the purpose of awareness only. Furthermore, ISA-
TR84.00.04 standard defines extensive requirements when process control and safety functions
are combined in one application.

2. IEC-61508 is the revised standard of IEC1508. This standard has been widely accepted as the
basis for specification, design, and operations of Safety Instrumented Systems (SIS). “SIS”
represents a new design outlook of ESD system that takes into consideration risk-based approach
for deciding the Safety Integrity Level (SIL) for systems performing safety functions. In parallel
with this, IEC-61511 is another IEC Safety Standard that was written for implementation of SIS
for process sector. In addition, the IEC-61511 is aimed to define the safety requirements which
have to be satisfied for ESD subsystems. Furthermore, ISA adapted a revised standard IS-
S84.00.01-2004 that was a combination of IEC6511 and S84 standards. The later standard
details to system integrators how the subsystem software programming development, testing and
verification shall be performed..

C. Final Activation Element

The final output element of an ESD represents the activation command device that will execute
ESD order to shutdown the plant and bring it to a safe state. The final element can be a solenoid

Copyright 2005 by ISA.

Presented at ISA EXPO 2005, 25-27 October 2005
McCormick Place Lakeside Center, Chicago, Illinois, www.isa.org
valve, circuit breakers, fire doors or dampers. In the next section, a detail failure review for
Solenoid valve failure shall be presented.

4.0 Review of ESD Component Failure

As indicated earlier, the consequences of spurious or component faults of ESD or process
interlocking system are not only expensive, but in most cases are dangerous and catastrophic.
Some examples of nuisance or component faults are failure of a pressure switch, solenoid valve,
pneumatic lockup valve, failure of input/output modules of a PLC, failure of microprocessor, or
failure of any electronic components in a device. The above types of failures [4] can be
classified as abrupt faults that will lead to spurious trips. In order to enhance safety and
reliability theme, technologies, system models, and measurement, modelling and estimation
methods need to be used for critical incidents that occur in the process industry. The results are
applied for the development of safety and the life-cycle Management of ESD System.

In order to establish an understanding of the ESD reliability and safety aspect, few incident
examples will be reviewed in this section.

4.1 21FV110 Lockup Air valve Failure Incident

Problem
21-FV-110 is an Air Flow control valve (Fail-Close) that is used to Feed air to Secondary
Reformer Reactor in Ammonia Plant. The reaction is used to complete steam reforming of
Natural Gas to maximize Hydrogen production and to introduce Nitrogen required for Ammonia
synthesis. In 2003, the Ammonia plant was subjected to an emergency shutdown, and all ESD
actions took place except 21FV110 valve closing. The plant was shutdown for one day to rectify
this problem.

SOLENOID VALVE

LOCK-UP VALVE
FILTER
REGULATOR POSITIONER
VALVE ACTUATOR
AIR S V1
SUPPLY B
IN V2 C
CONTROL C1
SIGNAL B1

CHECK VALVE

VOLUME

Figure 2: 21FV110 Air Flow Control valve Failure Schematic Diagram

Copyright 2005 by ISA.
Presented at ISA EXPO 2005, 25-27 October 2005
McCormick Place Lakeside Center, Chicago, Illinois, www.isa.org
 Analysis
The Control Valve 21-FV-110 is a globe valve, equipped with a solenoid valve, lock-up valve, and
a set of pneumatic components. An Emergency Shutdown isolation valve has been provided down
stream of 21FV110. The provision of both valves has been made to separate regulation function
from ESD function as per ISA-TR84.00.04 standard. During any process shutdown, the
downstream isolation valve will be closed by ESD, and 21FV110 will be closed through process
interlocking system. Control Valve Schematic Diagram is shown in Figure 2. The various
pneumatic elements have been connected to achieve FAIL-CLOSE logic for the valve. During
normal operation, Actuator of the valve is connected to ports B & B1 of the Airlock and in-turn
receives control signal from the Positioner. However, under failure condition or process interlock
command, the Airlock plunger acts and changes Actuator connectivity to ports C & C1, thereby
making the valve to move to closed position with the aid of Volume Tank & vent port C1.

The modeled failure scenarios are:

¾ Valve fail-close position on loss of air supply
¾ Valve fail-close position on process interlocking command
¾ Valve fail-close position on loss of electrical supply to SOV

During the Plant shutdown, the solenoid valve was de-energized, but the control valve remained
open. The control valve was checked later, and the reason for valve malfunction was attributed
to lock-up valve failure.

Countermeasure S
New Lock-up valve was installed, and all remaining items were checked thoroughly, and then
valve was fixed again.

4.2 Literature Review for ESD Solenoid valve Failures:

A few examples of solenoid operated valves failures will be presented.

A. Operating Problem with solenoid valves in a Nuclear Power Plant [5]:

This is a summary of a Nuclear Regulatory Commission (NRC) report that was issued in 1986,
involving failures of certain valves that are actuated by solenoid-operated valves. These failures
have adversely affected the intended functions of the main steam isolation system, pressure
relief, and fluid control systems. The solenoid valves failures have been attributed to the
following:
1. High temperature ambient conditions. The temperature is not closely monitored.
2. Hydrocarbon contaminants, because air system is not clean.
3. Chloride contaminants causing open circuit in solenoid coil, probably this was due to
handling, packaging, and storage.
4. An active replacement of internal parts that will spoil quickly
5. Lubricants have been used excessively during maintenance.

Copyright 2005 by ISA.

Presented at ISA EXPO 2005, 25-27 October 2005
McCormick Place Lakeside Center, Chicago, Illinois, www.isa.org
 B Remote Turbine Trip Valve stuck-up due to 125 VDC Solenoid valve failure Incident [6]:

Event Description:
In 1998, at Dresden Nuclear Power station, a solenoid valve accident was reported. During the
performance of Dresden Operating Surveillance (DOS) 2300-03, High Pressure Coolant Injection
(HPCI) System Operability Verification, the HPCI turbine stop valve could not be remotely tripped
closed from the control room. The HPCI turbine stop valve was manually tripped closed locally and
the HPCI system was declared inoperable.

Cause Of Event:
Failure of the Unit 2 HPCI turbine stop valve to trip closed by operation of the control room
"Remote Turbine Trip" push-button was caused by a failed internal 125 VDC solder connection on
the turbine trip solenoid valve (2-2303SV1 2). This failed connection was due to an improper solder
connection resulting from poor workmanship during manufacture of the solenoid valve (NRC cause
code B).

B. Qualification Life Assessment Of Solenoid Valves [6 & 7]:

The incident that will be reviewed is also from an NRC Information Notice to alert addressees to a
potential failure in control valves that is caused due to ESD solenoid valve malfunction. The
operators of Grand Gulf unit 1 power plant, closed main steam line isolation valves (MSIVs)
manually from control room, and they noticed that the MSIV closing time had taken 15 minutes,
which was quite unusual. Upon analysis of this event, it was found that there was one elastomer
piece had been lodged in the solenoid valve internals, which had momentarily prevented solenoid
valve from venting the air to close the MSIV. After 15 minutes had elapsed, the internal piece had
dislodged, and the solenoid valve was able to vent air again, and hence the MSIV valve was closed.
The solenoid valve vendor had investigated all 8 MSIVs solenoid valves, and he found that all eight
solenoid valves had degraded seats. The seat degradation couldn’t be spotted thru visual inspection,
but it was detected thru microscopic examination. The material for the seat was made from ethylene
propylene dimer. The original lifetime for solenoid valve was reported to be 5.9 years. After review
for this incident, the actual lifetime was re-calculated based on the site high temperature data, and
the new life figure came to be 2.9 years. These solenoid valves were in service for about 4.5 years.
Table 2 summarizes the solenoid life assessment data.

Table 2: Solenoid Valve Lifetime Assessment

S/N Seat Solenoid SOV Lifetime- SOV in Field
Material Valve High Service
Factory Temperature
Lifetime condition
1 Ethylene 5.9 years 2.9 years 4.5 years (Grand
propylene Gulf)
dimmer
2 Viton ~ 4 years 2 years SOV is being
replaced at every
refueling outage at
Perry

Copyright 2005 by ISA.

Presented at ISA EXPO 2005, 25-27 October 2005
McCormick Place Lakeside Center, Chicago, Illinois, www.isa.org
 5.0 ESD System Safety and Reliability Measures
Reliability and Safety are mandatory requirements for ESD system. For any New ESD system, it
is required to follow latest applicable standards such as IEC6511/IEC61508 to obtain a certified
safety system. To have an effective design, the following steps needs to be followed:

1. Define Scope of the ESD system

2. Conduct Hazards and Risk Analysis: this has to be in a continuous and iterative manner
3. Specify Safety- Related System
4. Assign Safety Function for inputs/outputs
5. Develop Safety- Related System
6. Installation and Validation
7. Operations and Maintenance
8. Periodic Testing of ESD Elements & Effective Life Determination

The above requirements will ensure that the new system will be safely certified, and it can work
in the plant. However, there is one question that needs an answer, how will the new system’s
reliability, performance, and safety be impacted and gauged during spurious trip incidents?
Spurious trip data plays an integral part of any real ESD reliability assessment. This evaluation
process will check the reliability of (1) Field initiating Device, (2) Logic Solver, and (3) Final
activation element. Applying reliability in this way will provide adequate satisfaction to the
process industry. Thus, the real world definition of Reliability shall include also the following
items:

1. Evaluate spurious trips impact on ESD. This process will be very important to find how the
ESD system will react if there is a failure of one Digital output and one Digital input?
2. Evaluate Human interaction with ESD. The interaction between Personnel and ESD is a
very important reliability concern. Every year, many production plants are tripped due to
human errors. This is a very difficult and challenging task. This is because most plant trips
happen very fast across small window of time, and it is expected that either plant will be
tripped or saved, and this depends greatly on the availability of a good Panel Operator.
3. Evaluate how effective is the Alarm System, and is every alarm message direct and clear?
4. Evaluate provision of ESD/Process Simulator to help operator to train on plant transient
upset scenarios that can lead to plant shutdown. The simulator has to take real plant data to
improve accuracy of the process Model.
5. Study and analyze whether the alarm/trip settings are adequate. In this regard, the threshold
setting has to be selected and optimized so that when Operator receives an alarm, he will
have adequate time to react positively to bring the process back to steady-state.
6. Study and review adequacy of ESD components Preventive Maintenance checks that are
performed at regular intervals.

Copyright 2005 by ISA.

Presented at ISA EXPO 2005, 25-27 October 2005
McCormick Place Lakeside Center, Chicago, Illinois, www.isa.org
7. Study and analyze what sort of component failures technique is used in industrial plants,
and how it can reduce human errors.
8. Gather field data to develop a quantitative measure to Evaluate ESD components
reliability.
9. Provide an assessment for ESD Field components lifetime cycle. This is required to ensure
that the vendor service life match the plant conditions.
10. Review plant PM jobs that are done to take care of plant ESD components. Ensure that
during such PM, no foreign material, or oil lubricants be used to keep solenoid valve
healthy and clean.

6.0 A Quantitative Measure to Assess Reliability of ESD

ESD represents a very important layer that is needed for Safety and Reliability of the plant. To
check the quality of an ESD layer, the following is suggested: -

1. Before every plant start-up, Plant Operations simulate interlocks starting from front, mid,
and back end sections of the plant. These checks focus on whether the plant is ready to start
or not. The tests of ESD interlocks activate ESD output devices namely solenoid valves to
ensure of their workability (This checks can also test pneumatic lock-up valve if it is part of
control valve accessories).
2. During every plant Turnaround, which is normally programmed every three years, some
plants replace solenoid valves part of the T/A program. This practice is considered a good
practice to reduce ESD nuisance trips.
3. Another activities that normally added to the T/A, is to check complete assembly of critical
valves, and this normally done in control valve workshop near to the plant.

The life cycle of new solenoid valve’s basic components is subjected to rigorous switching and
testing during manufacturing stage before certifying it. Furthermore, during operations of
solenoid valve in the real plants, they are subjected to few switching operations by plant ESD.
Although, the latest checks are necessary to ensure of ESD reliability, additional checks are
further required to guarantee reliability of solenoid valves and to enhance their performance.

In order to quantify and manage solenoid valve rigorous testing, a special computer based test
bench is proposed, as below.

Computer Based Test Bench [8]

Control valves are equipped with various pneumatic devices, which are assembled and
connected in a way to achieve fail-safe action for the valve in two scenarios:

1. Loss of control signal

2. Loss of supply air

Various pneumatic devices found in control valves are solenoid-operated valves (SOV), air lock
valves, Quick Exhaust Valve (QEV) and 3-way valves. Since, these devices form an integral
part of fail-safe design of a control valves, their performance and reliability is of utmost

Copyright 2005 by ISA.

Presented at ISA EXPO 2005, 25-27 October 2005
McCormick Place Lakeside Center, Chicago, Illinois, www.isa.org
importance. Failure of any single element can jeopardize process safety and plant reliability.
Hence, it is very important to have a rigorous inspection and testing of these pneumatic devices
to ensure adequacy of functionality and response. Driven by the need of having a mechanism to
test the pneumatic devices, a Computer Test Bench has been devised. This test bench is a ready-
to-test mechanism to check the performance of the devices and helps in determining if the device
would really function, as desired, when emergency occurs.

As can be seen from figure 3, the test bench consists of following items:

1. Four sets of solenoid valves; actuator, isolation valves, pressure sensor, and flow sensor
2. Three solenoid valves can be tested on-line and the fourth solenoid valve is used to test lock-
up valve.
3. Data Interface board, power unit, and air supply source.
4. A man-machine interface (MMI) Computer Program.

The function of computer program is as below:

1. Computer is used for sequencing the test for a specific device, which is selected by the user.
2. During Solenoid valves testing, feedback from pressure sensors at the inlet and outlet of each
solenoid valves tubing shall be logged by the computer.
3. Test sequence controls the air supply and control signal SOVs to generate action on the test
device.
4. The Programming unit consists of a stable signal generator with frequency setting, which
varies between 0-4 pulses/minute. It also contains a timer to set desired period for the test.
Therefore, a selection of 1 min. timer with a stable frequency of 2 pulse/min. would mean a
test cycle of 1 min. consisting of 2 pulses test.
5. Device selection, testing method, and setting of sequence parameters can be fixed using
GUIs. Sequence can be started or aborted any time by the user. On completion, user can
generate a detailed report of test that will include test results with device serial #, model #
and tag #.

7.0 ESD Component Failure Analysis Procedure

Most plants have established a methodology that is used to repair or replace failed components. If
the component that has had a failure of a critical nature, then it is recommended to adapt the
following procedure to enhance ESD fault detection and analysis.

1. The purpose of this procedure is to provide a methodology to analyze component Failure that
happens in plant ESD System. Component Failure has and will occur in random fashion, and
this makes failure occurrence a very complex process to predict.
2. The objective of this procedure is to document available data on past failure, and to empower
our knowledge of failures that will help to predict and may prevent future failure incidents in
the plants. This can be achievable if Maintenance, Operations, and Engineering cooperate in
applying this policy.
3. The benefit of this procedure is to establish a follow-up system that will have an objective
approach to question and demand close coordination to implement incident
recommendations.

Copyright 2005 by ISA.

Presented at ISA EXPO 2005, 25-27 October 2005
McCormick Place Lakeside Center, Chicago, Illinois, www.isa.org
4. The component failure that happens in a system “X”, shall be isolated and removed. If the
Failure has caused a Plant Shutdown, then a new certified component shall be installed to
manage and speedup plant start-up activities. The new component certificate shall be issued
by OEM (Original Equipment Manufacturer).

5. The Faulty component shall be tagged clearly, and the physical and environmental state shall
be recorded. A typical form is shown in figure 4. Then, it shall be shipped to OEM by the
concerned Maintenance Department. This is required to analyze the faulty component and
issue a failure report. OEM shall be asked to issue the inspection report within 2 weeks.

6. Maintenance Department shall issue a copy of the inspection report to Operations, and
Engineering.

7. If the Inspection report contains serious recommendations, then Operations shall call for an
overview meeting to discuss the same, and prepare action plan.

8. Examples of Component Failures can be tabulated for the past two-years. This Table can be
updated every 6 months, and Maintenance will review and insert the right updated
information, with target date to complete each activity.

9. Random regular site visits shall be made to ensure that regular Preventive Maintenance has
been done. The team should be led by Operations.

8.0 Implementation of Computer Based Test Bench to carry Plant T/A Jobs
The computer test bench can play a major role in design and checks during plant turnaround (T/A),
and short shutdown jobs. The following work methodology may be used:
1. Before Plant T/A, a critical list of solenoid valves should be generated by Plant Operations.
2. Maintenance shall prepare the test bench tool, and they should list the items required in the
operation list. Minimum checks shall cover solenoid valves, and pneumatic lock-up valve.
3. The tag of each device has to be inserted with date and time.
4. It is preferable to test the solenoid valve in the field to simulate real plant conditions.
5. Establish the maximum switching no. for each solenoid valve.
6. Compute 5% of maximum switching no. and insert into the test computer. The 5% value is an
arbitrary figure. The user may use what is suitable for him.
7. Plan to do the test for one solenoid, by letting the computer switch the ports back and forth,
while the solenoid is being monitored. The pressure upstream, and down stream of the solenoid
valve shall be measured during the test.
8. A report shall be generated after the test. The solenoid valve shall pass the 5% switching cycle
test. If the solenoid valve fails during the test, then it is suggested that the valve is declared as
failed. It can also be desirable to repeat the test, but in this case, a bigger switching cycle shall
be selected (10%, or 15%).
9. As discussed in section 6.0, the computer test bench is able to measure actual life of a solenoid
valves based on the data made available.

Copyright 2005 by ISA.

Presented at ISA EXPO 2005, 25-27 October 2005
McCormick Place Lakeside Center, Chicago, Illinois, www.isa.org
 9.0 Conclusions

This paper has analyzed Reliability and Safety of ESD thru step by step process of reviewing ESD
design aspects, and evaluating spurious trips and components failures on ESD. It is always
desirable to conduct frequent tests to confirm reliability and safety of ESD. Simulation of Plant
ESD Interlock logic alone will not be adequate to eliminate spurious trips. The utilization of a
computer test bench method will ensure rigorous testing of ESD Components, and shall reduce
frequency of spurious trips. Furthermore, the test bench method will provide a reliability value for
each ESD solenoid valve. The proposed testing can be used during a Plant turnaround. The
computer test Bench can also be used for on-line testing, and this will be applicable for redundant
Dual Solenoid Valves configuration.

10. Acknowledgment
The authors wish to thank SAFCO Management, for their support and help to publish this paper and Dr.
R.S. V. Sampath for paper review.

11. Cited Literature & References

1) Robert S. Adamski, “Design Critical Control or Emergency Shutdown Systems for Safety and
Reliability”, http://www.idc-online.com/assets/files/SS.pdf.

2) Mark Menezes, ..et all, “Measurement Best Practices For improved Refinery Safety,
Availability & Efficiency”, presented to Calgary Petroleum Show.

3) ANSI/ISA-S84.01-1996, "Application of Safety Instrumented Systems for the Process

Industries", Instrument Society of America S84.01 Standard, Research Triangle Park, NC,

4) Al-Ghumgham MA, “On A Neural Network-Based Fault Decoction Algorithm”; Chapter 4 of

Master Research Thesis in fulfillment of Master Degree program on Control System Engineering,
KFUPM 1992.

5) Information Notice no. 86-57, “Operating Problems with Solenoid Operated Valves at Nuclear
Power Plants”, United States Regulatory Commission Office of Inspection and Enforcement
Washington DC, July 11, 1986. Site address: http://www.nrc.gov.

6) Information Accession # 9809080095, “High Pressure Coolant Injection System Inoperable Due
to Turbine Stop Valve Remote Trip Failure Caused by a Failed 125 VDC Electrical Solder
Connection to the Turbine Trip valve”, United States Regulatory Commission Office of Inspection
and Enforcement Washington DC, August 31, 1998. Site address: http://www.nrc.gov.

7) Information Notice no. 89-66, “Qualification Life of Solenoid Valves”, United States
Regulatory Commission Office of Inspection and Enforcement Washington DC, September 11,
1989. Site address: http://www.nrc.gov.

8) Ishtiaq A. Malik, “Techno Commercial Proposal for Design, Engineering, Procumbent &
Supply of Solenoid Valve Test Bench”, M/S. Olayan Descon Company, Proposal date June 2,
2005.

Copyright 2005 by ISA.

Presented at ISA EXPO 2005, 25-27 October 2005
McCormick Place Lakeside Center, Chicago, Illinois, www.isa.org
 AI DO
CPU

01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 01 02 03 04 05 06 07 08

MMI

P P
S
P P

F
F

P
P
S P
P

F
F

P P
P
S P

F
F

P
P PP P
S P

F
F

P
P

F
F
MAINS

P
P

F
F
LOCK-UP VALVE

AIR SUPPLY

VALVE ACTUATOR
B P
P
C
C1 PP
B1

VOLUME TANK
:Used for Lock-up Valve Testing

Figure 3: Computer Based Test Bench

Copyright 2005 by ISA.

Presented at ISA EXPO 2005, 25-27 October 2005
McCormick Place Lakeside Center, Chicago, Illinois, www.isa.org
 Figure 4 : Component Failure Analysis Form

COMPONET SYSTEM FAILURE ANALYSIS - REQUEST FORM

Plant / Unit ______________________________________________

Assist Name ______________________________________________

Time of Failure ______________________________________________

_____________________________________________
Fault Comments
_____________________________________________

Unit Operations ______________ __________ ___________________

Approval Name ID Signature

Email:
_____________________________________________
Name:
OEM Address _____________________________________________
Fax / Tel :
_____________________________________________

_____________________________________________

_____________________________________________
Surrounding Status
Record _____________________________________________

Copyright 2005 by ISA.

Presented at ISA EXPO 2005, 25-27 October 2005
McCormick Place Lakeside Center, Chicago, Illinois, www.isa.org