This page contains a Flash digital edition of a book.
Production • Processing • Handling


Fig. 2. One ball valve for ESD and two axial on-off valves for HIPPS. (The Netherlands)


a 1 out of 3 (1oo3) configuration for a SIL3 protection level. Only if ‘prior use’ can be justified this may be reduced to 1oo2.


Relevant changes Te new IEC 61508 Edition 2010 has more emphasis on the hardware fault tolerance reduction in general and more specific in the case of additional diagnostics. A paragraph is added indicating that the hardware fault tolerance shall be defined without applying diagnostics (ref. IEC 61508 para 7.4.4.1.1). Te new standard also defines in more detail at what intervals diagnostic tests shall be performed. Several paragraphs cover different cases such as high demand mode/low demand mode, but also depending on the hardware fault tolerance of the element (IEC 61508-2 Para 7.4.4.1.4). Te longest possible diagnostic test interval shall be shorter than the Mean Time To Repair which would normally be between 8 to 24 hours. Te shortest interval actually would be within the process time (seconds). For a final element often it is assumed that diagnostics can be performed by means of partial stroking devices mounted to the final element.


58 www.engineerlive.com


Tese are devices moving the final element approximately 10 per cent and then verifying if the actuator is still capable of moving the valve. It is impossible to perform this at an interval that complies with the standard and thus these devices cannot be considered diagnostic devices. It is also difficult to argue that partial stroke devices perform a proof test as in the definition of the standard it is stated that the target of a proof test should be to reach 100 per cent coverage (IEC61508-4 par 3.8.5 note 2). Ten it is contradictory to mount a device that is specifically designed to perform a partial proof test.


New definition of safe failure In addition to the diagnostics also the safe failure is defined much more stringent now: a safe failure is a failure of the element that brings it to the safe state (closing the valve) without a demand. For a final element this can only be a failure of the seal in the actuator. A failure of such a seal would evacuate the air or hydraulic pressure and release the spring force closing the valve. Please note that a solenoid failure or leak in the tubing is not a safe failure of the valve/ actuator but of the accessories. Dynamic forces in


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72  |  Page 73  |  Page 74