HART technology, partial-stroke valve testing: A powerful duo for improving plant safety
Digital valve controllers make the job of implementing partial stroke valve testing programs much simpler.
Process industry plant operators are feeling a variety of forces, from new industry standards to increased pressure from governmental agencies worldwide and lessons learned following high-profile accidents, to put SISs (safety instrumented systems) in the spotlight and give partial-stroke tests (PSTs) of emergency shutdown (ESD) valves an important role in improving SIS performance.
The introduction of HART technology for ESD valves has made PSTs more effective and easier to implement, helping plant personnel better balance their need to achieve higher plant integrity and safety with such considerations as spurious trip rate, initial investment costs, ongoing operational costs, system integration, and documentation needs.
This article illustrates how HART-enabled PST controllers can be implemented to improve SIS performance, and outlines steps to help plant personnel effectively implement this technology for ESD valves.
Functional safety design essentials
A SIS is composed of one or more safety instrumented functions (SIFs), each of which protects a specific process function. A SIF consists of three key elements – sensor(s), logic solver, and final control element(s) – and is designed in accordance with IEC 61508 and IEC 61511 to meet a desired safety integrity level (SIL).
SIL is defined in IEC 61508 and is a calculation of risk that must be eliminated to bring a process within acceptable safety levels. There are four SIL levels, with SIL 4 having the highest availability for a given safety function and SIL 1 having the least availability.
The SIL “budget” for the protection layer is determined by calculating the probability of failure on demand (PFDavg) for each SIF component and the SIF as a whole. PFDavg is an assessment of the likelihood that the safety function will not work as designed in an emergency.
Experience shows – and international literature supports – that the emergency shutdown valve is the primary source of SIF faults. The mechanical and static nature of the valve makes it the part of the system that is most susceptible to failure. It is also, however, the most important; so when striving to improve the functional safety of a plant, it only makes sense to focus efforts there.
Digital shutdown devices for PST
Key advantages of using a HART-enabled shutdown device include the ability to initiate a partial stroke test remotely and easy configuration of the parameters that determine the test pattern and the criteria for passing the test. Other technologies have offered these capabilities for decades, but are costly to implement and sustain. The introduction of the HART protocol in this application changed that.
A digital-capable device can be configured using either of two open standards: EDDL (electronic device description language) or DTM (device type manager). Both standards enable communication between HART-capable devices and software programs, providing user-friendly interfaces for setup and commissioning.
Once configured, the digital shutdown device can receive commands from a HART-capable handheld, a control system with EDDL or DTM capability, or directly from the PST device. The command will launch the preconfigured test and then precisely control the pressure inside the actuator chamber to achieve smooth and consistent back-and-forth valve movement during the test. The ESD valve is closed at the set speed until it reaches the target valve opening specified by the end user – typically between 5% and 30% of the normal state of the ESD valve – and is then opened again at the set speed. The safety function of the ESD valve remains available throughout the PST, continuing to protect the plant.
Data at your fingertips
The introduction of digital shutdown devices has made it easier and more cost-effective to systematically document the integrity of ESD valves.
Safety systems (logic solvers) are typically analog systems incapable of bi-directional communication with field devices. As a result, without the use of HART or another digital communication protocol, multiple sensors for monitoring valve position, actuator pressure, and other performance indicators must be manually installed on the valve and then individually wired to a logic controller. Test results must then be manually documented – a highly labor-intensive and cumbersome process.
A HART-enabled digital shutdown device overcomes these challenges by eliminating the need for external sensors and individual wiring. A single configurable device with multiple built-in sensors conducts the partial stroke test and transmits the results, putting ESD health information at plant personnel’s fingertips, simplifying installation and maintenance. And because HART is an open protocol, system designers have the flexibility to specify devices from multiple manufacturers based on their specific needs and preferences without the need to develop proprietary software to allow them to communicate with one another.
Recordkeeping can be streamlined and personnel can more easily access data required by the U.S. Occupational Safety & Health Administration (OSHA) and other auditing organizations. The data also gives plant personnel a clear picture of key performance indicators over time. The team can then plan appropriate predictive maintenance activities and avoid the added disruption and cost associated with reactive maintenance.
A fact-based approach
In recent years, controllers with new “second-generation” digital shutdown devices have been introduced that have powerful new diagnostic capabilities and give plant personnel access to a wealth of information that can help them make fact-based decisions.
Some digital shutdown devices maintain live digital communication during a safety-related event, allowing the process control operator to monitor the ESD valve’s operational condition continually. Such devices have become certified for use in SIL 3 applications as Type A, allowing end users to migrate from solenoid-based solutions to digital shutdown devices. Using HART, digital shutdown devices also give plant personnel access to a variety of useful information during an emergency, including the actual valve position and whether the ESD valve has closed properly.
Figure 1: “Valve stuck opened” is one of the important alarms that today’s new digital shutdown devices can transmit to plant personnel.
Additionally, a HART-enabled digital shutdown device can record the shutdown signature when the valve closes in an emergency. Functioning much like the black box on an airplane, the device captures and transmits valve performance data for later analysis. And, because the closing and resetting of the valve is documented, it can be counted as a full proof test of the valve – restarting the countdown to when the ESD valve must undergo its next full stroke test.
Figures 2 and 3 summarize the diagnostic capabilities of second-generation digital shutdown devices and the valve performance problems they can help plant personnel detect.
[Figures 2 and 3: An example of the type of diagnostic graphs that the new generation of smart valve interfaces can provide. In this case, plant personnel were assured that, in less than two seconds, the valve had completely closed.]
HART technology can also help plant personnel maintain the integrity of a SIF by providing diagnostics and PST results that can be used in identifying ESD valves that require, or soon will require, maintenance, giving the team an opportunity to address the issues before safety is impacted. Many valve performance issues will produce analytics that demonstrate a change over a period of time. Process buildup on a valve’s internal guiding surfaces, for example, will result in steadily increasing friction that will be measured and recorded during each PST. The growing friction becomes a red flag for plant personnel, as it could eventually reach the point that the valve would become stuck. Identifying this ESD valve using data and diagnostics provided using the HART protocol allows plant personnel to plan appropriate and timely maintenance.
Conversely, the analytics developed using HART data can also help plant personnel avoid performing unnecessary maintenance on an ESD valve that may otherwise be undertaken simply because a specified time interval had passed since the last maintenance was performed. This can reduce the frequency of full stroke tests that must be performed under IEC61508. (PSTs do not eliminate the need for full stroke tests.)
PSTs within an SIS
According to IEC 61508, the diagnostic coverage provided by PSTs can be utilized in calculating PFDavg as long as the following two criteria are met:
1. The test is fully automated. Automation ensures that the tests are executed at the interval that was specified in the PFDavg calculation, eliminating the risk that a potentially unsafe situation will go undetected because plant personnel inadvertently fail to complete a scheduled test.
2. The outcome of the test (pass/fail) is communicated to the user via a reliable and proven technology. (See Figure 4.) This communication is essential so that plant personnel are aware of potentially unsafe situations that will require intervention. Just like the “check engine” and “low oil pressure” lights on a car’s dashboard warn the driver of a potential problem, these notifications make plant personnel aware of potential ESD valve performance issues that must be investigated.
[Figure 4: This diagram illustrates how a PST device can be implemented and integrated with various types of shutdown signals, and shows various methods of monitoring the ESD valve's condition using HART.]
Working with legacy logic solvers…
Newer HART-enabled digital shutdown devices can easily be incorporated into older safety systems that use a 0-24 Vdc signal and, in some cases, into systems that use a 4-20 mA signal. In a 0-24 Vdc application, the PST can be launched using the built-in scheduler in the field device, using the local LCD (if available) or using HART.
If HART is to be used with a legacy system, a signal conditioner may be required to increase the impedance of the circuit and allow the digital communication signal to be superimposed over the dc current. However, with WirelessHART, it is possible to keep the wiring between the system and the ESD valve intact by installing a wireless adaptor on the digital shutdown device. The adaptor will send the HART diagnostic information wirelessly to a gateway connected to the asset monitoring software, eliminating the need for the signal conditioner and simplifying the wiring.
…and newer safety systems
Safety system manufacturers have begun offering HART-enabled analog output cards so that digital shutdown devices can be integrated into the system, enabling PSTs to be executed from a common user interface and allowing test results to be stored in a data management system automatically. In addition, most manufacturers now offer systems with SIL 3-certified analog output, allowing users to implement a 4-20 mA digital shutdown device using a single wire pair, simplifying implementation and helping reduce costs.
The ease of adopting and using HART, along with its flexibility, have helped the protocol become widely accepted by end users and one of the most common offerings of field device and control system vendors. It comes as no surprise, therefore, that these same factors have helped HART expand beyond control applications into safety systems.
For many years, the status quo for maintaining the safety integrity of a plant consisted of costly technologies that were difficult to implement and manage. The availability of user-friendly, cost-effective HART-enabled ESD shutdown controllers means that facilities no longer need to follow that status quo. Partial-stroke testing can help improve and document the performance of ESD valves, and HART-enabled digital devices can make this process easier and more effective than was previously possible.
Sandro Esposito is director of marketing and commercialization of new products for GE Energy’s Masoneilan and Consolidated product lines. A 17-year veteran of the control valve and process automation industries, he has extensive experience with emergency shutdown valve diagnostics and system integration. He can be reached at sandro.esposito(at)ge.com.