SIL 4 – Am I Safe now?
Author: Ville Kähkönen, Oil & Gas business manager, Metso Flow Control Inc.
Figure 1 ESD valve selection
Figure 2 Closed and open seat design
Figure 3 Nelprof SIL tool
Figure 4 Testing interval
Figure 5 Metso ESD valve
An emergency shutdown (ESD) valve is part of a safety instrumented system (SIS). It is a vital part of the safety system and often described as the final element. Normally, the term ESD valve refers to all types of safety system valves, such as shutdown, emergency shutdown, emergency ventilation or blowdown valves. There is much confusion in the functional safety area when it comes to what should be considered with regards to safety valves to make a plant safe. There are different aspects to think about and evaluate in the case of a safety valve. Excellent probability of failure on demand (PFD) and safety integrity level (SIL) – but am I safe now?
There is much more than the SIL certification that is needed. We can go through the 3 main steps for ESD valves.
Valve selection
The most important step in the selection of an ESD valve is to use the applicationbased valve selection process. This step has not been observed often enough in recent years, while the functional safety calculations have attracted excessive attention.
ESD valves have the same application challenges as normal on-off valves. Correct valve selection includes valve type, pressure class, temperature, materials and other details. If the selection does not match to the application in question, valve failure will be systematic, and we cannot take any advantage of the functional safety calculations of the SIL and PFD value. Systematic error in valve selection will make the valve fail every time in the same way, and random error rate will no longer be the main source of failure.
A very good example of systematic error is incorrect seat selection. We can use the example of polymer service to demonstrate systematic error. There are a number of different types of valves and seats in the market, but only some of those can be used in polymer service. After we know the correct pressure class, materials and temperature range, we must consider other details to make the valve work in a real process. A rough categorization could include seat types that have contact between the sealing elements all along the stroke and seat types that lose the contact while operating like plug and rising stem valves. The problem with seat types that lose contact is the polymer accumulation between the surfaces. The valve does not fully work or starts to jam after that. This problem can be solved by selecting a rotary ball-type valve with a scraping seat that wipes the sealing surface clean while stroking the valve. This solves one problem, but after selecting the ball-type valve, there are still multiple different seats. The so-called open-seat design (Figure 2) will get jammed when the polymer enters the seat cavity. This problem can be solved by using a closed-seat design in which the functional feature of the seat is protected. This type of seat is an excellent selection in processes that have impurities. For the ESD valve, it would be disaster if the valve seat is jammed when the valve needs to operate. The previous example highlights the importance of application-based valve selection. Even for an incorrect seat type, it would be possible to calculate a high SIL and a good PFD value. If we look at the PFD value alone, it cannot guarantee plant safety.
Following the international standard IEC 61508 and 61511, we typically have a safety integrity level to match based on the hazard and operability analysis (Hazop) and safety integrity level assessment. The final elements are a critical part of the safety loop. If devices, such as valves, are not working properly, the safety instrumented function is not available. In recent years, there have been a number of announcements of manufacturers publishing SIL certification and advertising SIL 3 valves. The certification is good document to prove that the valve is capable of working in a SIL 3 loop, but it does not guarantee that the function is SIL 3. The final element is part of the safety loop, and therefore, component certificates are not enough to assure the safety integrity level of the loop. The complete final element as an assembly must be calculated, taking into account all components that are needed for the safety function.
In the final element assembly, typical components are the valve body, actuator and intelligent safety solenoid. All these components have their own component SIL certification and PFD value, which can be calculated according to the testing intervals.
From the example, it is easy to notice the effect of the testing intervals. Even if the SIL 2 capability is achieved in both examples, the PFD value will change. Only by calculating the complete system is it possible to know the final safety system capability.
Testing & maintenance
Service and testing make up a large part of the ESD valve’s life cycle. ESD valves should not be so-called “install and forget” devices. The only way to maintain the safety integrity is to have a test plan and follow that plan. In the example above, the testing interval for full stroke testing was 48 or 36 months; for partial stroke testing, it was 3 months. If the testing according to plan is not done, the safety integrity level is not maintained. Using the Nelprof SIL tool, it is also easy to see what the testing intervals should be, and if the testing is not possible at that interval, then what the effect will be on the PFD value. A partial stroke test Example of Metso Flow Control SIL tool (Nelprof 6) (PST) interval of one to three months is quite often and typically done with an intelligent safety solenoid, such as Neles ValvGuard, to automate the testing routine and documentation.
ESD valve testing is typically categorized in two different types. A partial stroke test (PST) can be done while the plant is operating, and a proof test happens during shutdowns. The difference between the testing types is that while the full stroke of a valve in proof test will have impact on the operation of the plant, the partial stroke test can be done without causing any harm to the process. During the PST, the valve is moved just few percents of the full stroke to analyze its condition. In proof tests, the full stroke test will complete a 100% stroke. The advantage of carrying out the PST is that the full stroke test then does not have to be done so often and will help to match the turnaround period of the plant.
From the graph above, it is easy to notice the advantage of the PST. The green colored line reached the SIL 2 level much faster than the blue colored line with PST. We can also notice that it is not possible to completely avoid the proof testing by doing the PST, but the interval for the full stroke testing can be longer.
Summary
ESD valve selection is not just calculating the PFD and safety integrity level. The basic work of the application-based valve selection is still a very important part of the ESD valve selection process. After the valve is capable of working in the application, we can take full advantage of functional safety calculations. After these steps are completed to ensure the plant safety during the full life cycle, the testing and maintenance of the valves are important to make sure the ESD valve will work when it needs to work.
Metso Automation Ltd
Tel: 0870 606 1478
Email: uk.sales@metso.com
Web: www.metso.com
Telephone: | 0116 284 9900 |
Email: | Sales@oem.co.uk |
Website: | www.oem.co.uk |
More information on the OEM Automatic Ltd BVAA Member Directory Page |
Search related articles: OEM Automatic LtdIssue 35SILsMaster Class