Safety instrument systems incorporate emergency shutdown valves which are normally in a fully opened or fully closed state and controlled by a logic solver or a Programmable Logic Controller (PLC) in an emergency situation. In order to ensure that these valves can properly function, they can be periodically tested by partially opening or closing them. Since these tests are typically performed while the process is on line or operational, it is important to perform any test reliably and then return the valve to its normal state. In this context, the term “normal state” shall refer to the position or state of the emergency shutdown valve when there is no emergency and the emergency shutdown valve is not being tested.
A disadvantage of the prior art systems is that the emergency shutdown tests are typically performed at predetermined intervals by remotely located controllers.
For example, the emergency shutdown tests may be performed only a few times each year, due to cumbersome test procedures and issues related to manpower. Also, during emergency shutdown tests, the emergency shutdown valve, or other emergency shutdown device being tested is not available for use if an actual emergency event were to arise. Limited, periodic testing is not an efficient way of verifying the operability of the emergency shutdown test system. It would thus be advantageous to develop a system where safety personnel could initiate and witness a test at any time.
It is also important that any emergency shutdown system provide the ability to activate an emergency shutdown device (a valve, for example) to its safe condition when commanded by the emergency shutdown controller, in the unlikely, but possible situation where an emergency event has occurred during an emergency shutdown device test interval, where the interval is during a shutdown test. In this context, the term “safe condition” refers to an open or closed position if the emergency shutdown device is an emergency shutdown valve, and the “safe” condition is typically, but not always, the position the valve would end up if all power is removed from the electronic components controlling the emergency shutdown valve. In such a situation, it should be possible for the emergency shutdown system to properly command the emergency shutdown device.
Conventional emergency shutdown tests are initiated by using mechanical jammers, collars, pneumatic test cabinets, process control computers, etc. These sophisticated and costly devices function by sending control signals to emergency shutdown devices, or to devices such as a digital valve controller that could command an emergency shutdown device. The conventional devices also comprise a great deal of hardware and software in bulky equipment that must be present and connected before a test can be initiated. Furthermore, the devices typically perform the same test on each emergency shutdown valve. It would thus be advantageous to eliminate the need for moving and connecting these complicated and expensive devices and to customize the test and data collected for each unique valve. None of the previous emergency shutdown systems are able to fulfill these requirements.