IET
Decrease font size
Increase font size
Topic Title: Periodic proof test
Topic Summary:
Created On: 25 March 2013 02:05 PM
Status: Read Only
Linear : Threading : Single : Branch
Search Topic Search Topic
Topic Tools Topic Tools
View similar topics View similar topics
View topic in raw text format. Print this topic.
 25 March 2013 02:05 PM
User is offline View Users Profile Print this message



Gelo86

Posts: 1
Joined: 25 March 2013

Dear All,
I have a question regarding periodic proof test required by the Standard IEC 61511.
In particular about a proof test of a valve.

It is possible monitor the movement of a process valve and consider the result of this movement as a result of the proof-test of the valve?
 25 March 2013 03:44 PM
User is offline View Users Profile Print this message



StewartTaylor

Posts: 99
Joined: 18 January 2003

Not quite sure I understand your question. It is commonplace to move a valve, either part-stroke or full stroke as part of testing. How much diagnostic cover you can claim for the action depends on how much attention you pay (measure/monitor/record/compare) to the dynamics of the movement and on what the application requires, e.g. simple full-stroke movement or tight shut-off to a particular degree

There are a various partial/full stroke testing methods, involving things from simple mechanical stops (or none) to monitoring position/pressure profile signatures.

-------------------------
Reality is that which, when you stop believing in it, doesn't go away.
 04 April 2013 03:04 PM
User is offline View Users Profile Print this message



iie63674

Posts: 79
Joined: 17 May 2006

I would say no. A proof test, by definition, will reveal all faults so that the equipment can be returned to an 'as new' condition. Unless the valve is fully cycled under full working pressure, I don't see how that can be achieved.
 05 April 2013 12:54 PM
User is offline View Users Profile Print this message



StewartTaylor

Posts: 99
Joined: 18 January 2003

That's why we consider imperfect testing. It's mostly not practical to shut the plant down often enough to do all tests as full tests under operating conditions and in a plant of any complexity you'd need to start and stop it many times to test all trips under demand conditions.

Not to mention the fact that the only way to FULLY test (following your argument) is to repeatedly take the plant to a hazardous state. So accept imperfect testing and define your mission time (effectively time to overhaul) based on the residual faults after your 'proof test'.

-------------------------
Reality is that which, when you stop believing in it, doesn't go away.
 05 April 2013 01:45 PM
User is offline View Users Profile Print this message



iie63674

Posts: 79
Joined: 17 May 2006

Well, the definition from 61508-4 is:
periodic test performed to detect dangerous hidden failures in a safety-related system so that, if necessary, a repair can restore the system to an "as new" condition or as close as practical to this condition
The standard does explain that it can be necessary to provide alternative means of ensuring safety while a proof test is perfomed. While it recognises that not all faults can be detected, it states that 100% detection should be the objective. See for example the Note:
For complex elements, an analysis may need to be performed in order to demonstrate that the probability of hidden dangerous failure not detected by proof tests is negligible over the whole life duration of the E/E/EP safety related system.
 05 April 2013 07:05 PM
User is offline View Users Profile Print this message



StewartTaylor

Posts: 99
Joined: 18 January 2003

Fine.

Whole life of the system= mission time (overhaul is to 'as new' condition either by replacement of components or complete refurbishment)

Therefore nothing in what you've cited contradicts what I said.

As a matter of interest, do you actually operate any kind of plant of any size, or are you just reading standards? If you do, what do your company say about multiple shutdowns every few months (one for every valve, contactor etc; otherwise at least some are not tested under 'real trip' conditions)? I know several members of the IEC61508 committee - they're smarter than that. They recognise the limitations of working with real-world plant and equipment.

Even if you actually do test under dangerous fault (not normal operating) conditions on a regular basis you will still not detect all possible faults - 100% cover is a fantasy; it's like an ideal gas - and there's also a perfectly good argument that says that operating under stress increases the chance of failure next time.

And testing under those conditions at regular intervals would create more hazards than it protects against. So you do the analysis, you work out your test coverage, and you limit your mission time accordingly.

-------------------------
Reality is that which, when you stop believing in it, doesn't go away.
 08 April 2013 03:23 PM
User is offline View Users Profile Print this message



iie63674

Posts: 79
Joined: 17 May 2006

Stewart, I can't disagree with your pragmatic approach, but the OP was asking about proof testing, not diagnostic coverage or periodic testing, and my intent was to reply to his question.

All too often I see sytems in which the designer has confused periodic functional testing with proof testing, and as a result claims too high a SIL.
The systems for which I have responsibility have an architecture that allows full proof testing to take place without stoppages or dangerous situations.
Statistics

See Also:



FuseTalk Standard Edition v3.2 - © 1999-2014 FuseTalk Inc. All rights reserved.