Safety instrument systems incorporate emergency shutdown valves which are normally in a fully opened or fully closed state and controlled by a logic solver or a Programmable Logic Controller (PLC) in an emergency situation. In order to ensure that these valves can properly function, they can be periodically tested by partially opening or closing them. Since these tests are typically performed while the process is on line, it is important to perform any test reliably and then return the valve to its normal state. In this context, the term “normal state” shall refer to theposition or state of the emergency shutdown valve when it is not in an emergency position and the emergency shutdown valve is not under test.
A disadvantage of the prior art systems is that the emergency shutdown tests are typically performed at predetermined intervals. For example, the emergency shutdown tests may be performed only a few times each year, due to cumbersome test procedures and issues related to manpower. Also, during emergency shutdown tests, the emergency shutdown valve, or other emergency shutdown device being tested is not available for use if an actual emergency event were to arise. Limited, periodic testing is not an efficient way of verifying the operablility of the emergency shutdown test system. It would thus be advantageous to develop a system where safety personnel can witness and verify the performance of an emergency shutdown valve and its controlling components by initiating a test while present.
It is also important that any emergency shutdown system provide the ability to activate an emergency shutdown device (a valve, for example) to its safe condition when commanded by the emergency shutdown controller, in the unlikely, but possible situation where an emergency event has occurred during an emergency shutdown device test interval, where the interval is during a shutdown test. In this context, the term “safe condition” refers to an open or closed position if the emergency shutdown device is an emergency shutdown valve, and the “safe” condition is typically, but not always, the position the valve would end up if all power is removed from the electronic components controlling the emergency shutdown valve. In such a situation, it should be possible for the emergency shutdown system to properly command the emergency shutdown device.
Conventional emergency shutdown tests are initiated by using mechanical jammers, collars, pneumatic test cabinets, personal computers, etc. These sophisticated and costly devices function by sending control signals to connected emergency shutdown devices, or to a device such as a digital valve controller that commands an emergency shutdown device. Some conventional devices are hardware and software in bulky equipment that must be carried around by technicians to the test site. Furthermore, the devices typically perform the same test on each emergency shutdown valve. It would thus be advantageous to eliminate the need for these complicated and expensive devices. None of the previous emergency shutdown systems are able to fulfill these requirements.