September 2005

DVC6000 SIS Training Course 2

Digital Valve Controllers for Safety Instrumented Systems (SIS)

D Overview D Present methods for testing Final Control Element in SIS D Problems and concerns of conventional methods D How a digital valve controller solves testing problems D Installation of digital valve controller D Quiz

Overview
Why is it important to test the Final Control Element of a Safety Instrumented Function (SIF) loop? Safety Instrumented Systems (SIS), commonly known as Emergency Shutdown (ESD), Emergency Venting (ESV) or Safety Interlock Systems, are required by standards IEC61508/ISA S84.01 (Replaced by ISA 84.00.012004) to be tested at a periodic interval based on HAZOP (Hazard Operation Analysis) design to achieve and meet required Safety Integrity Level (SIL). Traditionally, Safety Instrumented Systems are functionally tested during turnarounds on a yearly, or every two year basis. Present economies and pressure to maximize production are forcing process industries to extend shutdown intervals to 3, or in some cases, 5 years. This presents difficulties for the final control element, which remains untested for a longer time. Unfortunately, Final Control Elements represent a significant failure contribution in an SIS loop. If offline testing is not possible, then how do we test dormant valves that remain in one position (by nature of the application) without any mechanical movement? Using digital valve controllers on Safety Shutdown valves provides local and remote testing capabilities while the plant is running, along with important diagnostic information on the valve, documentation, and storage of valve test data. This course shows how using digital valve controllers to perform a partial stroke test to detect dangerous failures can help to solve problems in testing final control elements in Safety Instrumented Function (SIF) loops.

www.Fisher.com

DVC6000 SIS Training Course 2

September 2005

Figure 1. Accident Caused by SIF Failure

Present on line testing methods for final element in SIS

The typical valve testing approach has been to install a bypass valve around each safety valve. By placing the bypass in service, the safety valve can be fullstroke tested without shutting down the process. In an attempt to eliminate the operational and economic problems associated with bypass testing, other methods were developed. Mechanical limiting travel methods involve the use of some mechanical device, such as a pin, a valve stem collar, a valve hand jack, etc. that will limit the valve travel to 15% or less of the valve stroke (see figure 2).

Figure 2. Mechanically Limiting Valve Travel by Retaining Rod

September 2005

DVC6000 SIS Training Course 2

Pneumatic Test panels method also uses a pin to engage before partial travel test could be initiated (see figure 3).

Figure 3. Depicts a Typical Test Panel for Partial Stroke Test

Problems and concerns of conventional methods

Present on-line testing approaches have a number of disadvantages. A major drawback to these methods is that the safety shutdown function is not available during the test period. In fact, the process is left totally unprotected while the test is in progress. Also of concern is the possibility of the safety valve being inadvertently left in the bypass position after testing or the mechanical lock or pin is not removed after testing is complete. This would leave the process totally unprotected until such time as the error is discovered. In addition, these test methods all have a definite risk of spurious shutdown trips caused by testing. Another drawback is that the testing process must be manually initiated in the field and the tests themselves are extremely manpower intensive and subject to error.

How a digital valve controller solves testing problems

So-called smart positioners (digital valve controllers) have grown in popularity in recent years. These digital valve controllers are communicating, microprocessor-based current-to-pneumatic instruments with internal logic capability. In addition to the traditional function of converting a current signal to a pressure signal to operate the valve, these digital valve controllers use HARTR communications protocol to give easy access to information critical to safety testing. The digital valve controller receives feedback of the valve travel position plus supply and actuator pneumatic pressures. This allows the digital valve controller to diagnose the health and operation of itself and the valve and actuator to which it is mounted.

Simple Automated Test eliminates Human Errors

Partial-stroke testing confirms the valve is working without disturbing the process. Since the entire test procedure can be programmed into the digital valve controller partial-stroke testing can be performed automatically with no operator attention required. This allows the test interval to be as short as necessary (hourly, daily, weekly, etc.) to meet the target SIL values. The operator initiates testing by a simple button push, however the testing sequence itself is completely automatic, thereby eliminating any errors and possible nuisance trips, and the labor capital cost of conventional testing schemes. Typically the partial-stroke test moves the valve 10% from its original position but can be up to 30% if allowed by plant safety guidelines. Although partial-stroke testing does not eliminate the need for full-stroke testing (full-stroke testing is required to check valve seating, etc.) it does reduce the required full-stroke testing frequency to the point where it can most likely be tested during plant turnaround.

DVC6000 SIS Training Course 2

September 2005

Figure 4. ValveLink Scheduler to Automate Partial Stroke Test

Because the positioner communicates via HART protocol, the partial stroke test can be initiated from a HART hand-held communicator, from AMS ValveLink Software, or from a panel-mounted pushbutton hardwired to the positioner terminals. AMS ValveLink Software is a PC based software used for the calibration, configuration and diagnostics of FisherR digital valve controllers (DVC). By using ValveLink Scheduler, a customer can also schedule tests automatically on a daily, weekly or monthly basis (see figure 4).

Benefits of using a digital valve controller in a SIS

Adding a digital valve controller to a Safety Instrumented System reduces base equipment cost, testing time, and manpower requirements by eliminating the need for expensive pneumatic test panels and skilled personnel for testing. Adding a digital valve controller also permits remote testing, thus saving time by reducing the requirement for maintenance inspection trips to the field. Adding a digital valve controller also increases the safety of plant personnel by eliminating the need for plant personnel to go to the field for testing. Because the DVC6000 SIS provides diagnostic as well as positioning information, the valve status and response time can be monitored by AMS ValveLink Software during the test. Valve performance trends are monitored by AMS ValveLink Software (see figure 5) and automatically analyzed after each partial-stroke test so that potentially failing valves can be identified long before they become unavailable. A cycle counter and travel accumulator will show the extent of valve movement.

Figure 5. Valve Performance Trending

September 2005

DVC6000 SIS Training Course 2

Diagnostics Results & Documentation

The results of a signature test (see figure 6) can be used to easily determine packing problems (through friction data), leakage in the pressurized pneumatic path to the actuator, valve sticking, actuator spring rate, and bench set. The digital valve controller can save the results of this data for proof of testing for printout or later use by maintenance personnel for valve maintenance. Overlaying the results of the current signature test with those of tests run in the past can indicate if valve response has degraded over time. This increases valve availability and ensures that the valve responds upon demand. It also reduces the amount of scheduled maintenance on the valve, because the tests can be used to predict when the valve needs maintenance.

Figure 6. Valve Signature Test and Analysis

DVC6000 SIS has the capability to alert the operator if a valve is stuck (see figure 7) by using AMS ValveLink Software. As the positioner begins the partial stroke, it continually checks the valve travel to see if it is responding properly. This is important to reduce false trips. Conventional positioners, which do not see travel feedback, may exhaust actuator pressure trying to move a sticking valve. If the spring force frees the stuck valve after air is depleted, a false trip could occur. However, the digital valve controller has configurable minimum partial stroke air pressure in microprocessor memory. Should the valve be in the stuck position, the digital valve controller will abort the test before pressure drops enough to cause a false trip, and alert the operator that the valve is stuck. This will prevent the valve from slamming shut if the valve does eventually break loose.

DVC6000 SIS Training Course 2

September 2005

Figure 7. Valve Stuck Alert

In summary, a digital valve controller can provide complete diagnostic health information on the final control element, including the positioner itself. In addition, the digital valve controller can provide complete documentation of any emergency event as well as documentation of all testing. Logic Systems DeltaV SIS (see figure 8) can initiate a partial stroke test and store test results, which could be made available to insurance companies as proof of testing. The testing and documentation can be completely automated so that expensive operator time is not required.

Figure 8. Logic System, Like DeltaVt, When Used with DVC6000 SIS, Can Initiate Partial Stroke Test

Finally, should an emergency shutdown demand occur during testing, the digital valve controller will override the test, driving the valve to its safe position.

September 2005

DVC6000 SIS Training Course 2

Installation of Digital Valve Controllers

A digital valve controller can be added to any valve style configuration including linear sliding-stem, rotary, quarter-turn, etc. with spring and diaphragm actuators, spring-return piston actuators, or double-acting piston actuators. Digital valve controllers can be installed in place of an existing solenoid or can be mounted in series in the pneumatic path. Three broad types of installation are possible: Point to point mode with a solenoid valve Multidrop mode with a solenoid valve Point to point mode without a solenoid Valve The first two types of installations use a solenoid valve (solenoid valve is optional) and provide a redundant pneumatic path if the solenoid and the digital valve controller are used in series. This means the actuator pressure will always be able to exhaust to allow the valve to move to the safe position. If the solenoid valve fails, the actuator pressure exhausts through the pneumatic path in the digital valve controller. If the digital valve controller fails, the actuator pressure exhausts through the solenoid valve. Figure 9 shows a digital valve controller installed in a point to point mode. In this installation the logic solver provides two separate outputs: a 24 volt dc signal for the solenoid valve and a 4 to 20 milliamp dc current signal for the digital valve controller. This provides both the means to control the valve through the SIS and to monitor valve diagnostic information contained in the HART digital information superimposed on the analog signal. It also provides an independent means of sending a SIS command to the solenoid valve.

LOGIC SOLVER

SOLENOID VALVE

24 VDC

SEPARATE POWER SOURCES FOR DIGITAL VALVE CONTROLLER AND SOLENOID VALVE

420 MA DC EXHAUST

TRAVEL FEEDBACK

SUPPLY PRESSURE

DVC6000 SERIES DIGITAL VALVE CONTROLLER SIS VALVE AND ACTUATOR

Figure 9. SIS Schematic with a Digital Valve Controller in Point to Point Mode

This installation requires an additional pair of wires but it does permit the digital valve controller to continue to communicate even during emergency demand conditions. This allows the positioner to record valuable trending information through AMS ValveLink Software during the emergency shutdown. Figure 10 shows a digital valve controller installed in a multidrop mode. In this installation the logic solver provides a single 24 volt dc source to provide power for both the solenoid valve and the digital valve controller. This installation reduces wiring costs in new installations and requires no additional wiring in existing installations. It also saves an I/O point on the logic system. However, a line conditioner that will add an approximate 2 volt dc line drop and a low powered solenoid valve are required.

DVC6000 SIS Training Course 2

September 2005

SINGLE POWER SOURCE FOR BOTH THE DIGITAL VALVE CONTROLLER AND SOLENOID VALVE LOW POWER SOLENOID VALVE

LOGIC SOLVER

24 VDC

LINE CONDITIONER

EXHAUST

TRAVEL FEEDBACK

SUPPLY PRESSURE

DVC6000 SERIES DIGITAL VALVE CONTROLLER SIS VALVE AND ACTUATOR

Figure 10. SIS Schematic with Digital Valve Controller in Multidrop Mode

Figure 11 shows that the digital valve controller can be mounted in the SIF loop without a solenoid valve. This arrangement eliminates the cost of the solenoid valve. There are two considerations associated with this implementation. First, for large volume actuators, where stroking speed is a requirement, the digital valve controller may not be able to exhaust the air pressure sufficiently fast. Second, this arrangement does not provide a redundant pneumatic path for exhausting the actuator air pressure.

LOGIC SOLVER 24 VOLT DC POWER SOURCE

24 VDC

LINE CONDITIONER

TRAVEL FEEDBACK

SUPPLY PRESSURE

DVC6000 SERIES DIGITAL VALVE CONTROLLER SIS VALVE AND ACTUATOR

Figure 11. SIS Schematic with Digital Valve Controller without Solenoid Valve

September 2005

DVC6000 SIS Training Course 2

Conclusion
A digital valve controller allows testing of the safety shut down valve on-line, while the plant is in operation. It also provides crucial diagnostics with analyzed test results, enabling planned predictive maintenance rather than preventive maintenance. Microprocessor based digital valve controllers store test data in the memory and can generate automatic documentation for verification by inspection authorities. Digital valve controllers provide considerable labor savings by automating test scheduling, execution, documentation, verification, and validation. Partial stroke testing combined with predictive maintenance capability in the digital valve controller allows the time interval between scheduled shutdowns to be extended, helping the plant to meet higher availability goals and reducing expensive shutdowns. Above all, digital valve controllers have features to set minimum partial stroke pressure to avoid spurious trips, and at the same time, should a demand arise during a test, the digital valve controller will take the valve to safe condition, without any compromise.

DVC6000 SIS Training Course 2

Quiz
1. 1)Final Control Element represents significant failure contribution in SIS loop: a. True b. False

September 2005

2. Main problems for testing final control element of SIS loop, by using conventional methods are: a. b. c. d. e. a. b. c. d. a. b. c. d. e. a. b. c. d. System is not available for Demand during test The valve can accidentally be left in test mode and be not available for safety A spurious trip can occur if the locking mechanism fails Testing must be manually initiated in field All of above Can test valves more frequently to check mechanical movement & diagnostics Can improve SIL Level of existing loop Can extend turnaround period All of above Larger orifice to meet stroking speed requirement Redundant pneumatic path Improves PFD (Probability of failure upon demand) Worsens NTR (Nuisance Trip Rate) All of above Determine health of final control elements Provide valve signature data for historical record and future comparison Test valves to a pre-configure travel limit while the process in on-line All of above
Answers Key: 1) a; 2) e; 3) d; 4) e; 5) d

3. By introducing Partial Stroke test and increasing test frequency a digital valve controller:

4. Use of Solenoid valve in pneumatic tubing path provides

5. Digital valve controllers (Microprocessor based) for Safety Instrumented Function (SIF) loops

Fisher is a mark owned by Fisher Controls International LLC, a member of the Emerson Process Management business division of Emerson Electric Co. Emerson and the Emerson logo are trademarks and service marks of Emerson Electric Co. HART is a mark owned by the HART Communication Foundation. All other marks are the property of their respective owners. The contents of this publication are presented for informational purposes only, and while every effort has been made to ensure their accuracy, they are not to be construed as warranties or guarantees, express or implied, regarding the products or services described herein or their use or applicability. We reserve the right to modify or improve the designs or specifications of such products at any time without notice. Neither Emerson, Emerson Process Management, Fisher, nor any of their affiliated entities assumes responsibility for the selection, use and maintenance of any product. Responsibility for the selection, use and maintenance of any product remains with the purchaser and end-user.

Emerson Process Management Fisher Marshalltown, Iowa 50158 USA Cernay 68700 France Sao Paulo 05424 Brazil Singapore 128461 www.Fisher.com
10 EFisher Controls International LLC 2005; All Rights Reserved
Printed in USA