Fully Operational Automated Partial-Stroke Testing Enhances Process Reliability and System Availability
An effective method is now available for testing safety shutdown valves, which does not interrupt ongoing operations. Integration of the testing function into the process control system can make the technique even simpler, safer and more cost-effective. This article presents a solution which has a proven track record.
Emergency shutdown (ESD) valves are generally regarded as at the weakest link in a Safety Instrumented System (SIS) which consists of a controller, I/O modules, sensors and actuators. The reference values which characterize the reliability of a safety system are Hardware Fault Tolerance (HFT) and Probability of Failure on Demand (PFD). Both give an indication of the probability that the protection system will not operate properly when it is needed. PFD is based on device failure rates and inspection intervals.
ESD valves normally have to be checked once a year manually on site (full stroke test). In some cases, the valves have to be removed so that they can be checked offline. That is not so easy to do during ongoing operations. The valves have to be tested when the process is stopped to perform maintenance, or a bypass has to be installed.
Testing on the fly
The solution is to perform testing on the fly. Partial Stroke Testing (PST) allows functional testing on On-Off valve during plant operations. For this the valve is moved by about 5–15% during operation, which demonstrates that the valve is operational, thus preventing the most common passiv faults. PFD can be reduced, which in turn means that test intervals can be extended without affecting the safety level. Reducing maintenance and downtime cuts down the cost and effort involved.
A range of choices
Siemens has developed a range of Partial Stroke Test application solutions for integrating valve testing into the control system to meet different customer needs.
For simple testing (without additional diagnostic capability), the user can install a switch box which is mounted on the valve positioner. A binary signal opens the circuit to the solenoid valve and automatically closes the circuit when the test stroke has been completed. This redundant, purely electromechanical (no electronics) test setup limits the stroke and ensures plant shut down does not occur during testing.
The Siemens Sipart PS2 positioner enables users to conduct partial stroke testing independently of the control system, and it also offers comprehensive diagnostic functions, for example comparative analysis of PST reaction curves. The need for maintenance is displayed in a user-friendly format on the local console or at the control system using the NE107 3-level alarm scheme. Hart, Profibus PA or Foundation Fieldbus (FF) can provide connectivity between the positioner and the control and asset management systems. Testing can take place independently of the positioner which is installed on the valve, with the PST procedure integrated into the safety instrumented system Simatic S7-400 F/FH. These solutions support fully automatic partial stroke testing including the appropriate documentation (ranging from a message to evidence of verification for an approval body).
The two-phase test can be started manually, automatically or on demand. During the first phase (the actual PST), the added positioner moves an emergency shut down device from the fully open or operating position to a defined setpoint under the control of the S7-400 F/FH system. The closing operation, with hysteresis factored in, must take place within a predetermined time. When the test time has expired, the shut down device is returned to the normal operating position.
In the optional second phase, the solenoid valve can also be tested. The fail-safe control circuit is de-energized briefly (e.g. 200 ms), and the delayed change in the analog position feedback signal is analyzed. In the event that this type of testing is not advisable, for example due to pressure fluctuations in the air supply line, a solenoid test similar to the switch box test can be performed using a Sipart PS2 with a positioner adapter card. Two limit switches prevent unintended plant shut down. All of this takes place independently of the controller.
Successful field testing
The results of testing carried out at Ineos Paraform show that the Siemens solution with PST integrated into the safety system performs well in an industrial environment. Ineos Paraform has been producing organic chemicals for more than 150 years. With the support of German TÜV Süd Industrie Service, the company tested the PST solution in a pilot application between October and December 2006.
Testing was performed on an ESD valve for a hexa dilution tank. The valve is controlled by a Simatic PCS7 process control system and a safety logic solver. Two solenoids are installed in series. The existing CPU Simatic S7-400 CPU was replaced with a S7-400H CPU for the pilot test to enable the PST logic in the safety program. A Sipart PS2 positioner was mounted on the ESD valve which was connected to the controller via Profibus PA.
Incidentally, if safety valves are supplied with positioners already installed, there is no need for the user to carry out subsequent safety valve certification.
Pre-configured logic and modifications for the Simatic PCS7 OS operating and monitoring system, including the archiving and logging module and the appropriate settings, were added to the existing user application.
To provide a representative sample during normal operation, the operators manually initiated a partial stroke test from the control station several times a day. The PST results were displayed in graphics format on the operator station, and reports were available for printing. During live production, there are various situations where partial stroke testing is not allowed. Pre-defined test scenarios were executed to verify that testing cannot be started and that error conditions are detected.
The following situations in which testing must be inhibited were checked: “Position feedback simulation mode”, “Valve closed”, “Not enabled” and “Invalid parameters”. As expected, the system did not start the test in all four of these scenarios, and the events were reported and logged. This demonstrated that the system reacted properly in real situations when PST testing is not allowed. PST did not run when the ESD valve was closed, when testing had not been enabled by the process system or when there was something wrong with the parameters.
Three scenarios were repeatedly simulated to verify the system’s error detection capabilities:
- 1. Valve reaction time too long: test time was reduced from 90 seconds to 40 seconds. Less that half the time was available for the valve stroke, so the valve did not meet the test criteria.
- 2. Valve stuck: the time in which valve movement must be detected was reduced from 30 seconds to 5 seconds. This caused the test to abort, because the actuator air chamber had not depressurized sufficiently. In a real life situation, it is very important to abort the test if the valve has stucked. If depressurization continues, the resulting force could, for example, cause encrustation to break off the valve shaft, causing overshoot. Aborting the test prevents the valve from exceeding the allowable limit and having a negative impact on the process.
- 3. Solenoid failure: the solenoid test runs successfully if the system detects a change in the positioner feedback signal. A failure scenario is simulated by increasing the feedback signal change threshold from 2% to 10% to ensure that the solenoid test threshold is not reached.
The system detected the failure scenarios in every single test and generated a reliable message and log.
The tests conducted at Ineos Paraform also met applicable safety criteria. German TÜV Süd Industrie Service gave a very positive assessment. On-site observation of the partial stroke test showed that the system always detected a condition where the safety valve was stuck in the open position, and it also detected solenoid valve malfunction.
Conclusion: Users can conduct partial stroke tests which are built right into the safety system, and they can increase full stroke test intervals without taking any safety risks.