Programmable electronic systems have long been used to provide added layers of risk reduction for potentially hazardous industrial processes. But how can you ensure that your safety instrumented system (SIS)—which, by design, spends most of its time doing nothing—will respond properly when called upon? Or, nearly as frustratingly, make sure it doesn’t erode productivity and throughput with spurious shutdowns?
Instrumentation is, after all, the SIS’ middle name, notes Howard Siew, industry manager for the chemicals sector for Endress+Hauser in the U.S. Control recently caught up with Siew to discuss the range of technologies and strategies now available to make sure that instruments support productivity, while protecting workers and production assets as well as the surrounding community and environment.
Industry Manager, Chemicals, Endress+Hauser
Q: Both sensors and valves are among the field instruments responsible for the “detection and protection” actions of a SIS. With standard analog instruments, what are some of the things that can go wrong, leading to spurious trips or a failure to trip when needed?
A: The main problem is that without continuous feedback from your instrumentation, something can go wrong, and you may never know. If, for example, a sensor’s 4-20mA output is frozen, a standard analog sensor can’t say, “Something’s gone wrong with me!” And when it comes to the final control element side of the equation, the air-supply solenoid may be defective or the valve could be stuck in place. These are the worst kinds of faults—the dangerous but undetected kind.
Q. How can the self-diagnostic capabilities of smart instruments that also communicate bidirectionally help alleviate these issues?
A: More and more smart instruments are being designed in accordance with the NAMUR 107 recommendations for self-monitoring and diagnosis of field devices. Such instruments are able to communicate, for instance, basic confirmation that the device is still functioning, or a range of error conditions. Further, the instrument can send a prescriptive recommendation such as for a maintenance or calibration check. This standard is helping to standardize the types of diagnostic messages that operators receive—regardless of the instrument’s manufacturer.
Q: So, these diagnostics can help identify failures, and can really complement approaches such as voting, where the outputs of redundant sensors are compared. Further, these kind of diagnostics can makes such strategies even more robust, so that you've got even more predictability and risk reduction. Is that fair to say?
A: While that’s very true, we also hear from users the wish for a robust, reliable system for which, if an instrument detects certain faults, they get an alarm—for every point, for any failure, 24/7/365. We realize, of course, that 100% diagnostic coverage is technically not possible. But at Endress+Hauser, depending on the type of sensor, we deliver diagnostic coverage up to 98%. That means we detect most of the potential failures that can happen on the sensor side. It’s our goal to do deliver as much diagnostic capability as we possibly can.
Q: Partial-stroke testing is a methodology for periodically ensuring that SIS valves function properly. How is the frequency of testing determined and what's involved?
A: That really depends on the user. At the end of the day, you close the valve a bit, and you hope that when you meet the demand, that it closes tight. So, you answer whether it's moving—yes or no—and if the answer is “yes,” you say with a calculated probability that it will close when needed.
The same concept is valid on the sensor side, too, because nobody wants to remove a device from service and test it externally. To help reduce this need, in situ proof-testing of instruments can be activated by a single pushbutton on the instrument from a handheld device or a command, from the system software logic, or from the asset management system. Many users are moving to in situ proof-testing. Not only are they able to make sure that the device still functions properly to meet the safety function, but they also avoid the potential, systematic failure that pulling an instrument for external testing represents.
When you look at a level switch, for example, we can with the push of a button check the functionality of the forks—from electronic health to detect material build-up or corrosion. As a result, you can confirm the device is still functioning within the manufacturer’s standard and meets safety functionality.
Q: Clearly, if you can do things non-intrusively more often, you're going to end up with a lower risk in the end. What about automated proof-testing, where you maybe have some logic in the SIS that automates these procedures to do this on a prescribed basis. Is that something you're involved with?
A: Yes, we use an automated proof-testing solution especially with chemical companies in Europe. In one application, the system is set up to automatically proof-test a vessel’s level transmitter when that particular vessel is in safe state. And a big advantage of an automatic proof test is that you reduce manpower to a minimum, and you do it the same way every time. Avoiding the introduction of systematic failures is a key reason for in situ proof-testing in the first place, and automating the process advances that cause it. So, with an automated proof-test, the full procedure is stored in the logic software, which will consistently run through the entire function block. It’s going to eliminate the potential for human error.
Q: Any last things that our readers should keep in mind when it comes to keeping their instrumentation in tip-top shape?
A: First, it’s important that users embrace the entire safety lifecycle. Build the culture in your organization to follow through all the steps because without the proper procedures or proper design—you can get a good device from the market but fail to fulfill the intended safety function and risk reduction.
Remember, too, that when it comes to safety system design, it’s really important to do proper engineering calculations with respect to failure rates and proof-test intervals, and to do the tests when needed. But at the end of the day, systemic problems are public enemy one. Build-up and corrosion, for example, happen gradually. At Endress+Hauser, our goal is to be sure our customers know with confidence the status of their devices, and how modern, smart instrumentation technology can help minimize failures. Failure is minimized by the integrity of the smart instrument’s design, as well as its reliable and easy commissioning and maintenance process throughout the safety lifecycle.
