Safety Valve Positioners and Common Cause Failure Questions

If you work with pumps in your facility, you may be familiar with the Empowering Pumps site, a wealth of information to help you with these important assets in your plant. Founder Charli K. Matthews has launched something similar for valves, Empowering Valves.

I had the opportunity to contribute a guest post, Common Cause Failures in Safety Valve Positioners? It was based on a question I recently received. The question:

It’s unclear to me whether position feedback from a smart positioner is truly independent of the reference signal from the control system, as the positioner ostensibly uses that same information as a measurement in its own local position feedback loop (for which the reference signal is the setpoint). I’m guessing it’s not in most cases (and note that this trait is probably not unique to Emerson devices).

If you’re driving the valve to a certain position with the reference, and then using the position feedback to verify that the valve is actually at the position you drove it to, there is a potential common-cause failure in the position sensing and processing. For independence I’d think you would have to either use other means to drive the valve (e.g., a dump solenoid valve), or have position sensing distinct from that used by the positioner.

Riyaz Ali

Riyaz Ali

Emerson’s Riyaz Ali responded:

Common cause factor is a key concern when using a position transmitter within a safety valve positioner as is typically done.

Fisher FIELDVUE DVC6200 SIS digital valve controller

Fisher FIELDVUE DVC6200 SIS digital valve controller

In the case of a valve positioning transmitter designed for process safety applications, it is designed to isolate the positioning function. This design makes it completely independent of the positioner, should input signal or power to positioner fail, or any issue related to positioner cease functioning. The position transmitter continues to function to provide the valve’s position.

As part of the certification process for use in safety instrumented functions up to safety integrity level 2 (SIL 2), the position transmitter function is certified separately from the positioner.

Process manufacturers managing the safety lifecycle for their plants follow the IEC 61511 standard. They rely on the suppliers to provide technologies including safety shutdown valves, actuators, positioners, and positioning transmitters suitable for application in level of risk they are mitigating.

Read the full post over at Empowering Valves and consider joining their community of valve professionals.

5 comments

  1. ULAGANATHAN says:

    In the above passage, Emerson’s Riyaz Ali has responded regarding the common cause failure, as,
    “As part of the certification process for use in safety instrumented functions up to safety integrity level 2 (SIL 2), the position transmitter function is certified separately from the positioner”.
    Reply:
    It is not mandatory that a SIL certified position transmitter is required. It is to be noted that, while calculating “SIF response time, Feedback signals from the final control element is not taken into account”.
    Also it is to be noted that, for On-Off valves, exists only in the dormant state not as control valves.
    Further to look into the matter it is clear that, position feedback signals (i.e. either an limit switch or the position transmitter) are not necessary to be an part of the safety loop, since failure of valve to achieve safe state shall be determined in Valve failure rate calculations and it itself guarantees the safe valve operation and therefore the usage of an SIL certified transmitter is unnecessary and have only cost impact.

  2. It is seen as good engineering practice for Logic Solver to factor independent valve travel in voting arrangement of Cause /Effect matrix in the event of Safety demand. It is possible that secondary logic may be initiated by Logic system based on real travel of to shut the pump or motor, once valve reaches to its safe state.

    Though invariably all the ESD shutdown / Blowdown / EIV etc., for SIS, employs limit switch (Open / Close 2 DI’s). Once again independent SIL rated AI from Digital Valve Controller is preferred option for Safety instrumented Function (SIF) loop. However, AI (Analogue Input – 4-20mA) usage is driven based its necessity / need depending upon voting logic.

    From design prospective travel voting is must for SIS shut down logic. At least 1oo2 or 2oo3 voting while executing any logic within safety system is considered as design must. Therefore the design needs to have at least two travel feedbacks for voting.

  3. what is the price for FIELDVUE DVC6200 SIS positionar to get saudi arabia

Leave a Reply