Partial stroke testing
Encyclopedia
Partial stroke testing is a technique used in a safety instrumented system
to allow the user to test a percentage of the possible failure modes of a shut down valve
without the need to physically close the valve.
standard technique and is also quantified in detail by regulatory bodies such as the International Electrotechnical Commission
(or IEC) and the Instrument Society of America (or ISA). The following are the standards appropriate to these bodies.
The Partial Stroke Test is used to check the function of the safe position of ESD (emergency shutdown) valves. The partial valve stroke prevents unexpected failure of the safety function by breaking down solid masses or the onset of corrosion, for example. Furthermore, a successfully executed partial stroke demonstrates that certain unresolved errors that would otherwise go undetected, such as spring fractures in the spring chamber of the pneumatic actuator, are not present. Consequently, the interval for testing for these undetected errors can be extended.
The test can be started both locally on the device in a time-controlled manner or from remote. The positioner evacuates output 1 until the position change defined in advance occurs. If this does not happen within the set time (timeout value), an alarm can be output.
Additionally, monitoring is performed to establish whether the valve has moved out of its end position within a defined period of time (dead time). If this has not happened, the test is cancelled as a "failed" test and an alarm is output. This behavior prevents a blocked valve from suddenly freeing itself from the end position and thereby disrupting the process.
At the end of the test, the positioner moves the valve to the last valid position and reverts to the most recently active control mode.
For documentation purposes, the test result is saved in the non-volatile memory.
Example for an electro-pneumatic positioner with partial stroke:
Manufacturer: ABB
Type:PositionMaster EDP300
approach to the management of plant safety. During the design phase of this life cycle of a safety system the required safety performance level is determined using techniques such as Markov analysis, FMEA
, Fault tree analysis
and Hazop. These techniques allow the user to determine the potential frequency and consequence of hazardous activities and to quantify the level of risk. A common method for this quantification is the Safety integrity level
. This is quantified from 1 to 4 with level 4 being the most hazardous.
Once the SIL level is determined this specifies the required performance level of the safety systems during the operational phase of the plant. The metric for measuring the performance of a safety function is called the average Probability of failure on demand (or PFDavg) and this correlates to the SIL level as follows
One method of calculating the PFDavg for a basic safety function with no redundancy
is using the formula
Where:
The diagnostic coverage is a measure of how effective the partial stroke test is and the higher the DC the great the effect the test.
Typical benefits of this type of device are as follows:
However, opinons differ whether these kind of devices are suitable for functional safety systems as the safety funciton is off-line for the duration of the test.
Modern mechanical PST devices may be automated.
Examples of this kind of device include direct interface products that mount between the valve and the actuator and may use cams fitted to the valve stem. Other methods include adjustable actuator end stops.
for use in partial stroke testing. These systems are often suitable for use on shutdown valves up to and including SIL3
These are however limited to use on pneumatically actuated valves
. In order to perform a test the timer de-energises the solenoid valve to simulate a shutdown and re-energises the soleniod when the required degree of partial stroke is reached. These systems are fundamentally a miniature PLC
dedicated to the testing of the valve.
Due to their nature these devices do not actually form part of the safety function and are therefore 100% fail safe. With the addition of a pressure sensor and/or a position sensor for feedback timer systems are also capable of providing intelligent diagnostics in order to diagnose the performance of all components including the valve, actuator and solenoid valves.
In addition timers are capable of operating with any type of fluid power actuator and can also be used with subsea valves where the solenoid valve is located top-side
Safety instrumented system
A Safety Instrumented System is a form of process control usually implemented in industrial processes, such as those of a factory or an oil refinery. The SIS performs specified functions to achieve or maintain a safe state of the process when unacceptable or dangerous process conditions are detected...
to allow the user to test a percentage of the possible failure modes of a shut down valve
Shut down valve
A shut down valve is an actuated valve designed to stop the flow of a hazarous fluid upon the detection of a dangerous event. This provides protection against possible harm to people, equipment or the environment.Shutdown valves form part of a Safety instrumented system...
without the need to physically close the valve.
Standards
Partial stroke testing is an accepted petroleum industryPetroleum industry
The petroleum industry includes the global processes of exploration, extraction, refining, transporting , and marketing petroleum products. The largest volume products of the industry are fuel oil and gasoline...
standard technique and is also quantified in detail by regulatory bodies such as the International Electrotechnical Commission
International Electrotechnical Commission
The International Electrotechnical Commission is a non-profit, non-governmental international standards organization that prepares and publishes International Standards for all electrical, electronic and related technologies – collectively known as "electrotechnology"...
(or IEC) and the Instrument Society of America (or ISA). The following are the standards appropriate to these bodies.
- IEC61508 – Functional safety of electrical/electronic/programmable electronic safety-related systems
- IEC61511 – Functional safety – Safety instrumented systems for the process industry sector
- ANSI/ISA-84.00.01 – Functional Safety: Safety instrumented systems for the process industry sector
The Partial Stroke Test is used to check the function of the safe position of ESD (emergency shutdown) valves. The partial valve stroke prevents unexpected failure of the safety function by breaking down solid masses or the onset of corrosion, for example. Furthermore, a successfully executed partial stroke demonstrates that certain unresolved errors that would otherwise go undetected, such as spring fractures in the spring chamber of the pneumatic actuator, are not present. Consequently, the interval for testing for these undetected errors can be extended.
The test can be started both locally on the device in a time-controlled manner or from remote. The positioner evacuates output 1 until the position change defined in advance occurs. If this does not happen within the set time (timeout value), an alarm can be output.
Additionally, monitoring is performed to establish whether the valve has moved out of its end position within a defined period of time (dead time). If this has not happened, the test is cancelled as a "failed" test and an alarm is output. This behavior prevents a blocked valve from suddenly freeing itself from the end position and thereby disrupting the process.
At the end of the test, the positioner moves the valve to the last valid position and reverts to the most recently active control mode.
For documentation purposes, the test result is saved in the non-volatile memory.
Example for an electro-pneumatic positioner with partial stroke:
Manufacturer: ABB
Asea Brown Boveri
ABB is a Swiss-Swedish multinational corporation headquartered in Zürich, Switzerland, and best known for its robotics. ABB operates mainly in the power and automation technology areas. It ranked 143rd in Forbes Ranking ....
Type:PositionMaster EDP300
Measuring safety performance
IEC61508 adapts a Safety life cycleSafety life cycle
The safety life cycle is the series of phases from initiation and specifications of safety requirements, covering design and development of safety features in a safety-critical system, and ending in decommissioning of that system....
approach to the management of plant safety. During the design phase of this life cycle of a safety system the required safety performance level is determined using techniques such as Markov analysis, FMEA
Failure mode and effects analysis
A failure modes and effects analysis is a procedure in product development and operations management for analysis of potential failure modes within a system for classification by the severity and likelihood of the failures...
, Fault tree analysis
Fault tree analysis
Fault tree analysis is a top down, deductive failure analysis in which an undesired state of a system is analyzed using boolean logic to combine a series of lower-level events...
and Hazop. These techniques allow the user to determine the potential frequency and consequence of hazardous activities and to quantify the level of risk. A common method for this quantification is the Safety integrity level
Safety Integrity Level
Safety Integrity Level is defined as a relative level of risk-reduction provided by a safety function, or to specify a target level of risk reduction. In simple terms, SIL is a measurement of performance required for a Safety Instrumented Function ....
. This is quantified from 1 to 4 with level 4 being the most hazardous.
Once the SIL level is determined this specifies the required performance level of the safety systems during the operational phase of the plant. The metric for measuring the performance of a safety function is called the average Probability of failure on demand (or PFDavg) and this correlates to the SIL level as follows
| SIL | PFDavg |
|---|---|
| 4 | ≥10−5 to <10−4 |
| 3 | ≥10−4 to <10−3 |
| 2 | ≥10−3 to <10−2 |
| 1 | ≥10−2 to <10−1 |
One method of calculating the PFDavg for a basic safety function with no redundancy
Redundancy (engineering)
In engineering, redundancy is the duplication of critical components or functions of a system with the intention of increasing reliability of the system, usually in the case of a backup or fail-safe....
is using the formula
- PFDavg = [(1-DC)×λD×(TIFC/2)] + [DC×λD×(TIPST/2)]
Where:
- DC = Diagnostic coverage of the partial stroke test.
- λD = The dangerous failure rate of the safety function.
- TIFC = The full closure interval, i.e. how often the valve must be full closed for testing.
- TIPST = The partial stroke test interval.
The diagnostic coverage is a measure of how effective the partial stroke test is and the higher the DC the great the effect the test.
Benefits
The benefits of using PST are not limited to simply the safety performance but gains can also be made in the production performance of a plant and the capital cost of a plant.. These are summarised as followsSafety benefits
Gains can be made in the following areas by the use of PST.- Reducing the probability of failure on demand.
- Improving the safe failure fraction (SFF).
Production benefits
There are a number of areas where production efficiency can be improved by the successful implementation of a PST system.- Extension of the time between compulsory plant shutdowns.
- Predicting potential valve failures facilitating the pre-ordering of spare parts.
- Prioritisation of maintenance tasks.
Capital cost benefits
If the gains of the SFF are of an appropriate level the need for costly redundant valves may be eliminatedTechniques
There are a number of different techniques available for partial stroke testing available and the selection of the most appropriate technique depends on the main benefits the operator is trying to gain.Mechanical jammers
Mechanical jammers are devices where a device is inserted into the valve and actuator assembly that physically prevents the valve from moving past a certain point. These are used in cases where accidentally shutting the valve would have severe consequences, or any application where the end user prefers a mechanical device.Typical benefits of this type of device are as follows:
- The devices assure metal-to-metal prevention of stroke past the specified set point.
- Unlike electronic systems, there is no need to commission and calibrate controls or continually train personnel, resulting in additional significant cost savings.
- The devices are vibration resistant, making them highly reliable.
- The risk associated with having an ESD event occur at time of manual mechanical PST may be considered statistically insignificant and allows a rational consideration of the advantages mechanical devices offer.
- Modular design allows for addition of limit switches, potentiometers, remote control operation, etc.
- When the device is tested, all the actual safety system components, controls and elements used in he ESD Valve will be tested. No bleed valves or tiny orifices slowing down stroke time.
- The system will stroke in its “real world” time sequence and speed of operation.
- The user has real information about the exact controls that will be relied upon to protect his plant and personnel.
- Cost savings can be significant.
- The system is simpler and will not cause spurious alarms due to ESD valve not performing in a repeatable manner.
- SIS control loop is kept as simple as possible
- ESD valve remains an on/off valve, not a control valve.
- Limit switches can provide indication to control room if device is engaged.
However, opinons differ whether these kind of devices are suitable for functional safety systems as the safety funciton is off-line for the duration of the test.
Modern mechanical PST devices may be automated.
Examples of this kind of device include direct interface products that mount between the valve and the actuator and may use cams fitted to the valve stem. Other methods include adjustable actuator end stops.
Pneumatic valve positioners
The basic principle behind partial stroke testing is that the valve is moved to a predetermined position in order to determine the performance of the shut down valve. This led to the adaptation of pneumatic positioners used on flow control valveFlow control valve
A flow control valve regulates the flow or pressure of a fluid. Control valves normally respond to signals generated by independent devices such as flow meters or temperature gauges.Control valves are normally fitted with actuators and positioners...
for use in partial stroke testing. These systems are often suitable for use on shutdown valves up to and including SIL3
These are however limited to use on pneumatically actuated valves
Electronic timer control systems
Timer control systems use a configurable electronic timer that connects between the supply from the ESD system and the solenoid valveSolenoid valve
A solenoid valve is an electromechanical valve for use with liquid or gas. The valve is controlled by an electric current through a solenoid: in the case of a two-port valve the flow is switched on or off; in the case of a three-port valve, the outflow is switched between the two outlet ports...
. In order to perform a test the timer de-energises the solenoid valve to simulate a shutdown and re-energises the soleniod when the required degree of partial stroke is reached. These systems are fundamentally a miniature PLC
Programmable logic controller
A programmable logic controller or programmable controller is a digital computer used for automation of electromechanical processes, such as control of machinery on factory assembly lines, amusement rides, or light fixtures. PLCs are used in many industries and machines...
dedicated to the testing of the valve.
Due to their nature these devices do not actually form part of the safety function and are therefore 100% fail safe. With the addition of a pressure sensor and/or a position sensor for feedback timer systems are also capable of providing intelligent diagnostics in order to diagnose the performance of all components including the valve, actuator and solenoid valves.
In addition timers are capable of operating with any type of fluid power actuator and can also be used with subsea valves where the solenoid valve is located top-side