Process control systems and safety instrumented systems (SIS) typically include one or more controllers communicatively coupled to one or more field devices via a communication bus. The controllers of each of these systems use the field devices to perform a variety of control functions within the control environment. For example, the field devices may be used to open or close valves, increase or decrease fluid flow, and measure process parameters, such as temperature, pressure, or fluid flow rate.
Maintaining the process control system and the SIS of a process plant is an ongoing process that includes monitoring the operation of the field devices, periodically testing the field devices, and repairing or replacing the field devices as needed. To maintain the performance of the field device, plant personnel may periodically perform a diagnostic check on the field device. The diagnostic check may also be scheduled or automatically executed by the process control system, SIS, or field device in response to an occurrence of predetermined diagnostic event that is used as a triggering event. The predetermined diagnostic event is typically associated with the field device and may correspond to the field device reaching a pre-determined time limit of operating use, or the failure of a component of the field device to attain a specified position, for example.
One particular field device used in an SIS to maintain the safe operation of a process control system is an emergency shutdown (ESD) valve. In one example implementation, the ESD valve is an actuated valve designed to stop the flow of a fluid upon the detection of a dangerous event. Because the ESD valve is normally in an open position, there is a concern that a buildup of foreign substances may cause the ESD valve to stick or otherwise inhibit the valve's drive mechanism, preventing the ESD valve from functioning properly in an emergency situation. However, fully cycling the ESD valve to check its operability is generally not feasible because fully closing the valve will essentially shut down the process control system.
A partial stroke test (PST) is a standard automated diagnostic check commonly used by plant personnel to test a percentage of the possible failure modes of the ESD valve without having to fully close the valve. To perform the PST, an actuator is activated to partially close the ESD valve, typically by moving the valve approximately 30% of a full stroke. Thereafter, the ESD valve is returned to its fully open state. By moving the ESD valve as far as the process would safely permit, the PST can diagnose operational concerns of the ESD valve without interrupting the control process. Regular use of the PST generally provides for longer intervals between full stroke tests (which does requires a plant to be shut down), thereby reducing plant downtime. The PST is therefore considered to be a sufficient test to exercise the ESD valve during its use, thereby ensuring proper operation of the ESD valve.
There are, however, some valid concerns with using the automated PST. One significant concern is the time at which the PST is eventually executed, most notably in regard to automatically “scheduled” events, such as in response to an occurrence of a diagnostic event. The diagnostic event may correspond to a time or an event. For example, the diagnostic event can relate to a particular time, such as every Monday at 3 pm, or the diagnostic event can relate to a particular event, such as reaching a pre-established limit of operating hours or reaching a pre-established amount of time since the last PST of the ESD valve was performed. Therefore, because the time when a diagnostic event occurs may not always be known, the time when a PST executes in response to the occurrence of a diagnostic event may also not be known. This uncertainty may present a problem to plant personnel if the PST executes during a time when plant personnel are not able to sufficiently support the PST or are not able to respond to an adverse PST result. For instance, if a problem arises during a PST automatically run on an off-shift or holiday, fewer plant personnel may be available to respond if needed, which can have a severe negative impact to plant productivity and personnel safety.
There may also be times when the occurrence of a diagnostic event may not be relevant and a responsive action may therefore be unnecessary. For example, the detection of a valve's position being outside a desired range may usually be reported to plant personnel in accordance with defined protocols. However, should such a variance occur during a plant start-up when the control system is incompletely configured, automatically reporting the variation in this instance may be distracting to plant personnel. It is during plant start-up, for example, that “disabling” the reporting of an occurrence of a diagnostic event trigger would perhaps be desirable and beneficial to plant personnel.
While there are benefits to automatically executing a diagnostic check in response to detecting the occurrence of a diagnostic event, it is possible for the automated diagnostic check to adversely affect the operation of the control system. Because automated diagnostic checks can occur at indeterminate times and perhaps without much advance notice, which may unfavorably affect plant personnel's perceived sense of control with respect to managing the control system, plant personnel may therefore prefer not to use automated diagnostic checks and tests in some instances.