Safety Instrumented System Solenoid-Operated Valve Approaches

Last week at the Emerson Exchange conference, I caught up with Emerson’s Riyaz Ali. You may recall Riyaz from many safety instrumented system-related posts. We discussed some of the trends in integrated positioners + solenoid valves + limit switches + valve position transmitters.

Riyaz Ali Senior Business Development Manager

Riyaz Ali
Senior Business Development Manager

Riyaz felt that this approach not in line with the safety instrumented system (SIS) general philosophy for several reasons.

For these devices with an integral solenoid-operated valve (SOV), the pneumatic path is only a single path and the requirement for a redundant path will not be met.

This will affect the PFDavg calculations as per ISA TR84.00.02-2002 part 2 using the simplified equation for a one-out-of-one (1oo1) arrangement:

λdu x T /2 (Note: λdu is dangerous undetected failure rate of equipment under control (EUC) and T is test interval.)

For solutions with external SOVs in series with smart positioners, this 1oo2 approach has a PFDavg:

λdu x T2 /3

A 1oo2 arrangement provides an improved PFDavg over a 1oo1 single box arrangement.

Riyaz notes that going to external SOV will improve safety reliability, which means either the SOV or smart positioner are capable of taking a valve to safe state. With integral SOVs with smart positioners, only one pneumatic path is available, which means there is no redundancy. Project teams may have to re-visit the HAZOP analysis to evaluate new safety integrity level (SIL) conditions.

Referring to the global safety standard, IEC 61508, Riyaz makes the following points:

  • Smart SOV (integral microprocessor based smart positioner + integral SOV) will be classified as Type B device as per IEC61508 part 2 table 3. Smart positioner plus external SOV pneumatically in series, SOV is still regarded as Type A simple device improving reliability.

    Type A and Type B definition is listed from IEC61508 part 2.

    IEC 61508 part 2 – clause 7.4.3.1.2 define Type A. A subsystem (see 7.4.2.11, note 1) can be regarded as type A if, for the components required to achieve the safety function:

    1. the failure modes of all constituent components are well defined; and
    2. the behaviour of the subsystem under fault conditions can be completely determined; and
    3. there is sufficient dependable failure data from field experience to show that the claimed rates of failure for detected and undetected dangerous failures are met (see 7.4.7.3 and 7.4.7.4).

    IEC61508 part 2 – clause 7.4.3.1.3 defines Type B as a subsystem (see 7.4.2.11, note 1) shall be regarded as type B if, for the components required to achieve the safety function:

    1. the failure mode of at least one constituent component is not well defined; or
    2. the behaviour of the subsystem under fault conditions cannot be completely determined; or
    3. there is insufficient dependable failure data from field experience to support claims for rates of failure for detected and undetected dangerous failures (see 7.4.7.3 and 7.4.7.4).

    This means that if at least one of the components of a subsystem itself satisfies the conditions for a type B subsystem then that subsystem must be regarded as type B rather than type A. See also 7.4.2.11, note 1.

  • High Common Cause factor will result, if everything is integrated in one package vs external SOV. Smart positioners for SIS and external SOV pneumatically in series providing redundancy in case of Safety demand, providing higher reliability. This is in line with IEC61511 part 3, clause 3.4 a) page 20 of 70, states, “…of probabilities and considering common cause failures. It may be necessary to use redundant architectures to achieve the required hardware safety integrity.”
  • Solenoid-Valve-TestingSOV health monitoring with physical results (pressure blip – can be seen on ValveLink) vs built in test of SOV with integral positioner have no definitive results. A smart positioner digital valve controller (DVC) can test an SOV which is externally mounted pneumatically in series. To improve MTTFs (Mean Time to Fail Spuriously), smart positioners can use reverse type relay, which will NOT contribute to MTTFs. In case of any electrical signal failure, or an input current signal to the smart positioner, this will NOT cause a spurious trip.

    Hence two devices pneumatically in series will have MTTFs for a single device (SOV Type A device only). A smart positioner and SOV mounted externally pneumatically in series will be ideal from safety reliability and plant availability.

  • Smart positioners with Integral SOVs will have high air consumption (67.8 scfh) for large orifice compare to smart positioner with external SOV will have low bleed Relay (2.1 scfh). This is because external SOVs will NOT consume any air during normal operation.
  • The Fisher DVC6200 SIS provides an SIS Trigger capability like the black box of an aircraft to provide rich data on a TRIP event for analysis by a safety engineer to help avoid future trip conditions.

You can connect and interact with other safety experts in the Safety Instrumented Systems track of the Emerson Exchange 365 community.

Leave a Reply