In the oil, gas, petroleum and power industries, various conditions may occur that necessitate immediate shut down or tripping of the operations, process or plant. In those industries, a majority of the final control elements of a shut-off systems are implemented with fast acting shut-off valves. In such industries, a majority of the shut-off valves remain open while the process is in a safe and controlled state. Such valves are closed only upon a plant trip rising from an out of control process or during a normal maintenance outage.
In practice, the testing of emergency shut-off valves is normally done during shut down of the process. However, there is a tendency for such valves to stick or freeze due to corrosion or other reasons, which lead to an unsafe condition. This problem is exacerbated by economic conditions which have lead to a reduction in the frequency of shut-offs. For example, in some operations, a process may run continuously for one or more years without shutting down the process for maintenance.
State of the art emergency shut-off systems, which control the shut-off valves, have a number of features to detect plant or process failures and typically include redundancies for added reliability. However, such systems may not provide for the testing of shut-off valves itself other than stroking the valve. The problem is that full stroking or completely closing the valve causes an undesirable disruption in the process.
A U.S. Pat. No. 6,155,282 of Zachary et al. discloses an arrangement for testing solenoids individually without process interruption. The arrangement operates in a two out of three manner to provide relatively high safety, low spurious tripping and a relatively low installation cost, while also enabling on-line testing of each solenoid individually without process interruption. Solenoid arrangements are preferably manifolded to facilitate maintenance on any detected failure, and to simplify installation and replacement.
A more recent U.S. Pat. No. 6,920,409 discloses an apparatus for testing operation of an emergency valve. As disclosed, the apparatus for testing an emergency valve in which a valve member is moveable by a fluid operated actuator between a normal open or closed position and an emergency position closed or open respectively. The apparatus comprises partial stroking means including means for initiating emergency movement of the valve from its normal towards its emergency position, and means for returning it from a predetermined position intermediate the normal and emergency positions at its normal operating speed. The apparatus includes means for detecting the loss of the controlling electrical signal to the valve and a means for detecting the correct operation of the valve and its associated operating components by measuring the pressure of fluid being released from or being applied to the actuator.
In addition, a U.S. Pat. No. 7,010,450 of Law et al. discloses a combination of field device operations with overrides and bypasses within a process control and safety system. The process control or safety instrumented system uses function block logic to coordinate the logic within the process control or safety instrumented system with operational states of field devices, even when these operational states are initiated externally to the process control or safety system. Logic within input or voter function blocks associated with field devices may monitor and determine when the associated field devices are being put into testing or calibration modes and may automatically initiate appropriate bypass or override functionality in response to such detected field device configuration states. Likewise, the function block logic may automatically remove the bypass or override functionality when the field devices are placed back into their normal operational configuration states. This automatic initiation of bypasses and overrides helps to prevent a safety system within a process plant from initiating a shut-down procedure as a result of a device test initiated manually by, for example, a hand-held device attached to a field device. Likewise, the automatic removal of bypasses and overrides helps to prevent a safety system within a process plant from failing to operate properly because a user forgot to manually reset a bypass or override that was suet up to allow a device test.
Recognizing that the emergency shut-off valves can be stroked partially as a safeguard against frozen or stuck valves has lead to a need for a simple, secure and reliable system for testing such valves without adversely effecting production. This approach also improves the safety of the operation.
The partial stroke testing system in accordance with my earlier invention described in my U.S. Pat. No. 6,435,022, which is incorporated herein in its entirety by reference thereto, provides a low cost, simple and reliable test for emergency shut-off valves in the oil, gas, petrochemical and power industries. Such tests do not adversely interrupt a process and will minimize or almost eliminate the risk of a “frozen” emergency shutoff valve in the event of an out of control process. Such a system is cost effective and has been designed to utilize a shut-off valve with a fast acting piston actuator. The system is also applicable to slow acting valves.
In processes in the oil, gas, petroleum, and power industries, fuel to power the heaters, boilers, or the like, is fed to the associated burners through a fuel control valve and a fuel shut-off valve. The fuel control valve regulates pressure/flow to the burners, whereas the shut-off valve is normally in a fully open state. The shut-off valve closes to cutoff fuel supply in the event of an emergency.
From the safety point of view, the shutoff action of the shutoff valve is of utmost importance. The operability of the shutoff valve can be confirmed by means of the online valve partial stroke testing. However any failure in the internals of the shut-off valve may lead to a fuel leakage to the heater. Introduction of a solenoid valve in the pneumatic circuit of the fuel control valve driven by an emergency shut-off signal is conceived as a means for supplementing the fuel shutoff action and the redundancy to achieve up to Safety Integrity Level Three (SIL-3).
In addition, the partial stroke testing system in accordance with the present invention will not interfere with a plant trip, i.e. a full shut down due to an emergency condition. Furthermore, if a partial stroke test is being conducted at the time of a plant trip, the partial stroke test will contribute to a more rapid closing of the emergency shut-off valve. Thus, the partial stroking design acts as a backup to the main trip mechanism.
Accordingly, such systems should reduce the cost of insurance or risk coverage. In essence, the system partially closes the emergency shut-off valve to a predetermined position to test and confirm its ability to function and to ensure its availability on demand in the event of a plant emergency.
The present system design can be applied to design loop instrumentation (e.g. heater or boiler fuel loops, to piping loops, or to any separation between high pressure loops and low pressure loops) to achieve up to the Safety Integrity Level Three (SIL-3) in the final element (shutoff valve) part by using a regulator control valve as supplementary of second shutoff valve, as required by IEC (International Electrical and Electronic Commission)-61508 and ISA (Instrumentation, Systems, and Automation Society) S 84.01 standards.
TABLE 1IEC 61598 Safety Integrity LevelsSafety IntegrityAverage Probability of Failure to Perform its DesignLevelFunction on DemandSIL-1>10−1 to ≦10−2(One failure in 11 to 100 demands)SIL-2>10−2 to ≦10−3(One failure in 101 to 1000 demands)SIL-3>10−3 to ≦10−4(One failure in 1001 to 10,000 demands)
There is also a widespread concern among process operators about the Probability of Failure on Demand (PFD) of final shut-down elements, such as shut-off valves used in safety applications. Partial trip testing of the final shut-off valve couples with the supplementary emergency shut-off valve according to the present invention will serve to improve the PFD of shut-off action in such systems.
      PFD    1001    ⁢      =    λ    ⁢                                                                                          du                  ⁢                                                                                        2                            Ti                        ⁢                                                          +                ⁢                                      λ        ⁢                  ⁢          dd      (                        MTTR          +                ⁢                                  =                                           T                    ⁢                      PITT            2                              PFDProbability of Failure on DemandλduUndetected Failure RateλddDetected Failure RateMTTRMean Time To RepairTPITTPITT testing IntervalTiTest Interval (Proof Test)