Achieving Safety Integrity Level (SIL) 2 with non-redundant field devices is possible, but not always easy. The key is diagnostics. There are a variety of sensors that are certified for use in SIL 2, and there are many logic solvers certified for use in SIL 2 and 3. The difficulty is usually with the valves: The primary concern with most valves is that they may be stuck. The way to detect such problems is by partially stroking the valve, and there are more than a dozen vendors with different solutions.
There are two potential benefits of partial stroking of valves:
- Achieving SIL 2 with a single valve with partial stroking is much less expensive – and takes less space – than installing two standard valves.
- Achieving SIL 1 with extended test intervals (greater than one year) is possible.
Methods for partial stroking can be classified as either manual or automatic. Manual methods usually involve a mechanical device that limits valve travel to approximately 10-15 percent. These devices are often called jammers and are usually used on quarter-turn valves. The potential drawback of these devices is that the partial stroking will probably not be done at intervals frequent enough to reap a benefit. Modeling shows that partial stroking needs to be done at intervals of less than three months to provide any real improvement in performance. Automated methods may either be manually initiated (e.g., from the control system operator interface), or initiated by the control or safety system without any operator intervention. This will allow the frequency of tests to be often enough to provide an actual benefit (e.g., typically between weekly and monthly).
However, there are a variety of problems that are simply not being publicized (for fairly obvious reasons). In some cases the solution was installed, but operations had no faith in the system due to fears that the valve might close completely and stop production. In other cases, the diagnostics reported false alarms, the user lost confidence, and the system was turned off. In still others, the system generated more information than people could interpret and the system was turned off.
If partial stroking was designed and installed, it was for one of the two reasons listed above. Yet if the functionality is never or no longer used, the safety functions will not meet the required performance. This represents a serious shortcoming.
My review of discussions at various industry forums (symposia and online) suggests that vendors can quickly identify the benefits of their systems, yet users seem hesitant to report any truly positive results. Perhaps it’s simply that users don’t want to admit what might be viewed as a technical advantage to their competitors.
What’s Your Experience?
Have you found partial stroking to be effective? Is the partial stroking being performed frequently enough (more often than quarterly)? What did you need to do to make sure the design was accepted by others within your organization?
About the Author
Paul Gruhn is a global functional safety consultant at AE Solutions and a highly respected and awarded safety expert in the industrial automation and control field. Paul is an ISA Fellow, a member of the ISA84 standards committee (on safety instrumented systems), a developer and instructor of ISA courses on safety systems, and the primary author of the ISA book Safety Instrumented Systems: Design, Analysis, and Justification. He also has contributed to several automation industry book chapters and has written more than two dozen technical articles. He developed the first commercial safety system modeling software. Paul is a licensed Professional Engineer (PE) in Texas, a certified functional safety expert (CFSE), a member of the control system engineer PE exam team, and an ISA84 expert. He earned a bachelor’s degree in mechanical engineering from the Illinois Institute of Technology. Paul is the 2018 ISA president-elect/secretary.