Often, the difference in PFDavg for any assumed proof test
effectiveness which is lower than that which is afforded in the operating
environment, can reduce the desired target risk reduction factor.
To overcome this problem, many engineers implement ‘partial valve
stroke testing’, hoping that the additional credit given to this type of test
will improve the overall SIF PFDavg calculation. However, another dilemma arises
when this type of approach is being considered, namely whether the same value of proof
test effectiveness can be used for the valve regardless of whether the intended
Partial Valve Stroke Test (PVST) is performed or not.
A proof test is a periodic test performed to detect the dangerous
hidden faults in a SIF so that, if necessary, a repair can restore the system either
completely or as close to the ‘as new’ condition as possible.
The “hidden faults” are those faults that are not detected by operators,
inspection, automatic diagnostic tests, or Partial Valve Stroke Test (PVST). In
other words, if a device fault is detected, then the device is repaired and this
type of fault “does not exist” during a subsequent proof test – that is, it cannot
be detected again during the proof test. Although reliability calculations should
include this fact in the claimed proof test effectiveness, this is often overlooked.
Discussion
example:
The failure rates for an example valve have been taken from a relevant
SIL certificate and are shown below.
For this example, let’s assume that our process application
requires the valve to be closed on demand within three seconds. In the table
above, we can see that for ‘Control Valve Fail-Closed’ the dangerous undetected
failure rate is 574 FIT (Failures In
Time).
In the accompanying valve Failure Mode Effect Diagnostic Analysis
(FMEDA) report, we can see that it is claimed that 70% of all dangerous undetected
failures are detected by valve full stroke test. This type of test can detect
issues such as a jammed stem, some seating problems and/or external leakage. It
means that 402 (70% of 574) FIT are
detected and 172 FIT (574 - 402 =
172) cannot be detected by this full stroke test. These calculations will form
part of the required proof testing of the valve.
For PVST, Table 1 shows that 194
FIT are detected (e.g. a jammed stem can be detected by this test) so 380 FIT stays undetected after PVST
(574 - 194 = 380). The PVST coverage is therefore 34% (194/574 =>34%).
So far, so good. Let’s now analyse what happens if we implement
these two tests together by performing a proof test after PVST has occurred.
Once the PVST is completed, the jammed stem failures will no
longer be ‘dangerous undetected’ and therefore would not be targeted for
detection during the proof test.
Given the failure rates in the example:
- · After PVST, 380 FIT stays as undetected
- · After proof test, 172 FIT stays undetected
So, if the proof test is done after the PVST has been completed, this
test can detect only the 208 FIT. The effectiveness for the proof test being
done after PVST is therefore 208/380 = 55%.
Clearly this is a lot lower than the declared 70% proof test effectiveness
indicated in the device information supplied, especially because valves are
usually the greatest contributing part of the overall SIF PFDavg. This may lead
to the SIF not reaching its target PFDavg.
The table below provides a summary of the above description.
It should be noted that the same number of dangerous undetected
failures remain after proof test without PVST as after a proof test being completed
post PVST activation. It means that by performing the proof test and PVST
together we cannot detect more failures than performing the proof test alone without
PVST.
The takeaway message:
The
advantage of PVST is that some failures can be detected earlier so that the
device can receive timely repair and will be available when real process
demands occur. However, we should adjust the proof test ‘effectiveness factor’
if PVST is to be designed into the SIF and a test frequency assigned & performed.
If this is not addressed, then the calculated PFDavg will lead to overly
optimistic SIL PFDavg results, where greater risk reduction claims are made than
is necessarily provided by the devices in use.
The takeaway
question:
Do
you consider the above criterion for establishing a suitable proof test
effectiveness factor when calculating the PFDavg for your SIF’s?
0 comments :
Post a Comment