Partial stroke testing

Last updated June 30, 2021

Partial stroke testing (or PST) is a technique used in a control system to allow the user to test a percentage of the possible failure modes of a shut down valve without the need to physically close the valve. PST is used to assist in determining that the safety function will operate on demand. PST is most often used on high integrity emergency shutdown valves (ESDVs) in applications where closing the valve will have a high cost burden yet proving the integrity of the valve is essential to maintaining a safe facility. In addition to ESDVs PST is also used on high integrity pressure protection systems or HIPPS. Partial stroke testing is not a replacement for the need to fully stroke valves as proof testing is still a mandatory requirement.

Standards

Partial stroke testing is an accepted petroleum industry standard technique and is also quantified in detail by regulatory bodies such as the International Electrotechnical Commission (IEC) and the Instrument Society of Automation (ISA). The following are the standards appropriate to these bodies.

IEC61508 – Functional safety of electrical/electronic/programmable electronic safety-related systems
IEC61511 – Functional safety – Safety instrumented systems for the process industry sector
ANSI/ISA-84.00.01 – Functional safety: Safety instrumented systems for the process industry sector (an ANSI standard)

These standards define the requirements for safety related systems and describe how to quantify the performance of PST systems

Measuring safety performance

IEC61508 adapts a safety life cycle approach to the management of plant safety. During the design phase of this life cycle of a safety system the required safety performance level is determined using techniques such as Markov analysis, FMEA, fault tree analysis and Hazop. These techniques allow the user to determine the potential frequency and consequence of hazardous activities and to quantify the level of risk. A common method for this quantification is the safety integrity level. This is quantified from one to four with level four being the most hazardous.

Once the SIL level is determined this specifies the required performance level of the safety systems during the operational phase of the plant. The metric for measuring the performance of a safety function is called the average probability of failure on demand (or PFD_avg) and this correlates to the SIL level as follows

SIL	PFD_avg
4	≥10⁻⁵ to <10⁻⁴
3	≥10⁻⁴ to <10⁻³
2	≥10⁻³ to <10⁻²
1	≥10⁻² to <10⁻¹

One method of calculating the PFD_avg for a basic safety function with no redundancy is using the formula

PFD_avg = [(1-PTC)×λ_D×(TI_FC/2)] + [PTC×λ_D×(TI_PST/2)]

Where:

PTC = Proof test coverage of the partial stroke test.

λ_D = The dangerous failure rate of the safety function.

TI_FC = The full closure interval, i.e. how often the valve must be full closed for testing.

TI_PST = The partial stroke test interval.

The proof test coverage is a measure of how effective the partial stroke test is and the higher the PTC the greater the effect of the test.

Benefits

The benefits of using PST are not limited to simply the safety performance but gains can also be made in the production performance of a plant and the capital cost of a plant.^[1]^[2] These are summarised as follows

Safety benefits

Gains can be made in the following areas by the use of PST.

Reducing the probability of failure on demand.

Production benefits

There are a number of areas where production efficiency can be improved by the successful implementation of a PST system.

Extension of the time between compulsory plant shutdowns.
Predicting potential valve failures facilitating the pre-ordering of spare parts.
Prioritisation of maintenance tasks.

Drawbacks

The main drawback of all PST systems is the increased probability of causing an accidental activation of the safety system thus causing a plant shutdown, this is the primary concern of PST systems by operators and for this reason many PST system remain dormant after installation. Different techniques mitigate for this issue in different manners but all systems have an inherent risk

In addition in some cases, a PST cannot be performed due to the limitations inherent in the process or the valve being used. Further, as the PST introduces a disturbance into the process or system, it may not be appropriate for some processes or systems that are sensitive to disturbances.

Finally, a PST cannot always differentiate between different faults or failures within the valve and actuator assembly thus limiting the diagnostic capability.

Techniques

There are a number of different techniques available for partial stroke testing and the selection of the most appropriate technique depends on the main benefits the operator is trying to gain.

Mechanical Jammers

Mechanical jammers are devices where a device is inserted into the valve and actuator assembly that physically prevents the valve from moving past a certain point. These are used in cases where accidentally shutting the valve would have severe consequences, or any application where the end user prefers a mechanical device.

Typical benefits of this type of device are as follows:^[3]

The devices assure metal-to-metal prevention of stroke past the specified set point.
Unlike some electronic systems, there is no need to commission and calibrate controls or continually train personnel, resulting in additional significant cost savings.
The devices are vibration resistant, making them highly reliable.
The risk associated with having an ESD event occur at time of manual mechanical PST may be considered statistically insignificant and allows a rational consideration of the advantages mechanical devices offer.
Modular design allows for addition of limit switches, potentiometers, remote control operation, etc.
The test is a comprehensive test of the logic solver and all final elements, only the sensing elements of the safety function are not tested.
The valve is tested at the designed operating speed as it simulates an ESD event
Jammers have a very low probability of causing a spurious trip.

However, opinions differ whether these devices are suitable for functional safety systems as the safety function is offline for the duration of the test.

Modern mechanical PST devices may be automated.

Examples of this kind of device include direct interface products that mount between the valve and the actuator and may use cams fitted to the valve stem. An example of such a mechanical PST system:^[4]

Other methods include adjustable actuator end stops.

Pneumatic valve positioners

The basic principle behind partial stroke testing is that the valve is moved to a predetermined position in order to determine the performance of the shut down valve. This led to the adaptation of pneumatic positioners used on flow control valve for use in partial stroke testing. These systems are often suitable for use on shutdown valves up to and including SIL3. The main benefits are :

Elimination of the cost of manual testing
Tracking and records of the PST tests for an optimum Safety monitoring. When the positioner is connected to the Safety System, the date and result of the test are registered in the Sequence of Events, for Insurance purposes.
Remote access to valve diagnostics from the control room, with action oriented reports for predictive maintenance.

The main benefit of these systems is that positioners are common equipment on plants and thus operators are familiar with the operation of these systems, however the primary drawback is the increased risk of spurious trip caused by the introduction of additional control components that are not normally used on on/off valves. These systems are however limited to use on pneumatically actuated valves.

Electrical relay systems

These systems use an electrical switch to de-energise the solenoid valve and use an electrical relay attached to the actuator to re-energise the solenoid coil when the desired PST point is reached.

Electronic control systems

Electronic control systems use a configurable electronic module that connects between the supply from the ESD system and the solenoid valve. In order to perform a test the timer de-energises the solenoid valve to simulate a shutdown and re-energises the solenoid when the required degree of partial stroke is reached. These systems are fundamentally a miniature PLC dedicated to the testing of the valve.

Due to their nature these devices do not actually form part of the safety function and are therefore 100% fail safe. With the addition of a pressure sensor and/or a position sensor for feedback timer systems are also capable of providing intelligent diagnostics in order to diagnose the performance of all components including the valve, actuator and solenoid valves.

In addition timers are capable of operating with any type of fluid power actuator and can also be used with subsea valves where the solenoid valve is located top-side.

Integrated solenoid valve systems

Another technique is to embed the control electronics into a solenoid valve enclosure removing the need for additional control boxes. In addition there is no need to change the control schematic as no dedicated components are required.

Related Research Articles

A programmable logic controller (PLC) or programmable controller is an industrial computer that has been ruggedized and adapted for the control of manufacturing processes, such as assembly lines, machines, robotic devices, or any activity that requires high reliability, ease of programming, and process fault diagnosis. Dick Morley is considered as the father of PLC as he had invented the first PLC, the Modicon 084, for General Motors in 1968.

Safety engineering is an engineering discipline which assures that engineered systems provide acceptable levels of safety. It is strongly related to industrial engineering/systems engineering, and the subset system safety engineering. Safety engineering assures that a life-critical system behaves as needed, even when components fail.

A valve is a device or natural object that regulates, directs or controls the flow of a fluid by opening, closing, or partially obstructing various passageways. Valves are technically fittings, but are usually discussed as a separate category. In an open valve, fluid flows in a direction from higher pressure to lower pressure. The word is derived from the Latin valva, the moving part of a door, in turn from volvere, to turn, roll.

Passive nuclear safety is a design approach for safety features, implemented in a nuclear reactor, that does not require any active intervention on the part of the operator or electrical/electronic feedback in order to bring the reactor to a safe shutdown state, in the event of a particular type of emergency. Such design features tend to rely on the engineering of components such that their predicted behaviour would slow down, rather than accelerate the deterioration of the reactor state; they typically take advantage of natural forces or phenomena such as gravity, buoyancy, pressure differences, conduction or natural heat convection to accomplish safety functions without requiring an active power source. Many older common reactor designs use passive safety systems to a limited extent, rather, relying on active safety systems such as diesel powered motors. Some newer reactor designs feature more passive systems; the motivation being that they are highly reliable and reduce the cost associated with the installation and maintenance of systems that would otherwise require multiple trains of equipment and redundant safety class power supplies in order the achieve the same level of reliability. However, weak driving forces that power many passive safety features can pose significant challenges to effectiveness of a passive system, particularly in the short term following an accident.

A wax motor is a linear actuator device that converts thermal energy into mechanical energy by exploiting the phase-change behaviour of waxes. During melting, wax typically expands in volume by 5–20%.

Actuator Sensor Interface is an industrial networking solution used in PLC, DCS and PC-based automation systems. It is designed for connecting simple field I/O devices in discrete manufacturing and process applications using a single two-conductor cable.

Safety integrity level (SIL) is defined as a relative levels of risk-reduction provided by a safety function, or to specify a target level of risk reduction. In simple terms, SIL is a measurement of performance required for a safety instrumented function (SIF).

IEC 61508 is an international standard published by the International Electrotechnical Commission consisting of methods on how to apply, design, deploy and maintain automatic protection systems called safety-related systems. It is titled Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems.

A boost controller is a device to control the boost level produced in the intake manifold of a turbocharged or supercharged engine by affecting the air pressure delivered to the pneumatic and mechanical wastegate actuator.

A safety instrumented system (SIS) consists of an engineered set of hardware and software controls which are especially used on critical process systems.

A valve actuator is the mechanism for opening and closing a valve. Manually operated valves require someone in attendance to adjust them using a direct or geared mechanism attached to the valve stem. Power-operated actuators, using gas pressure, hydraulic pressure or electricity, allow a valve to be adjusted remotely, or allow rapid operation of large valves. Power-operated valve actuators may be the final elements of an automatic control loop which automatically regulates some flow, level or other process. Actuators may be only to open and close the valve, or may allow intermediate positioning; some valve actuators include switches or other ways to remotely indicate the position of the valve.

A shutdown valve is an actuated valve designed to stop the flow of a hazardous fluid upon the detection of a dangerous event. This provides protection against possible harm to people, equipment or the environment. Shutdown valves form part of a safety instrumented system. The process of providing automated safety protection upon the detection of a hazardous event is called functional safety.

Electronic Diesel Control is a diesel engine fuel injection control system for the precise metering and delivery of fuel into the combustion chamber of modern diesel engines used in trucks and cars.

A high-integrity pressure protection system (HIPPS) is a type of safety instrumented system (SIS) designed to prevent over-pressurization of a plant, such as a chemical plant or oil refinery. The HIPPS will shut off the source of the high pressure before the design pressure of the system is exceeded, thus preventing loss of containment through rupture (explosion) of a line or vessel. Therefore, a HIPPS is considered as a barrier between a high-pressure and a low-pressure section of an installation.

Spurious trip level (STL) is defined as a discrete level for specifying the spurious trip requirements of safety functions to be allocated to safety systems. An STL of 1 means that this safety function has the highest level of spurious trips. The higher the STL level the lower the number of spurious trips caused by the safety system. There is no limit to the number of spurious trip levels.

Functional safety is the part of the overall safety of a system or piece of equipment that depends on automatic protection operating correctly in response to its inputs or failure in a predictable manner (fail-safe). The automatic protection system should be designed to properly handle likely human errors, hardware failures and operational/environmental stress.

An industrial safety system is a countermeasure crucial in any hazardous plants such as oil and gas plants and nuclear plants. They are used to protect human, industrial plant, and the environment in case of the process going beyond the allowed control margins.

Instrumentation is used to monitor and control the process plant in the oil, gas and petrochemical industries. Instrumentation comprises sensor elements, signal transmitters, controllers, indicators and alarms, actuated valves, logic circuits and operator interfaces.

Failure modes, effects, and diagnostic analysis (FMEDA) is a systematic analysis technique to obtain subsystem / product level failure rates, failure modes and diagnostic capability. The FMEDA technique considers:

References

↑ Web Exclusive: Valve failure not an option Archived 2011-07-18 at the Wayback Machine . ISA (2009-01-01). Retrieved on 2011-05-30.
↑ Partial stroking. Focus-nuclear.com. Retrieved on 2011-05-30.
↑ D-Stop Partial Stroke Test Device. Manual/Local and Remote Operated Mechanical Partial Stroke Valve Testing. Cameron. Docs.google.com. Retrieved on 2011-05-30.
↑ Netherlocks mechanical PST system FAITH - known as the industry standard. Retrieved on 2013-07-14.

External links

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Web Exclusive: Valve failure not an option Archived 2011-07-18 at the Wayback Machine . ISA (2009-01-01). Retrieved on 2011-05-30.

[2] Partial stroking. Focus-nuclear.com. Retrieved on 2011-05-30.

[3] D-Stop Partial Stroke Test Device. Manual/Local and Remote Operated Mechanical Partial Stroke Valve Testing. Cameron. Docs.google.com. Retrieved on 2011-05-30.

[4] Netherlocks mechanical PST system FAITH - known as the industry standard. Retrieved on 2013-07-14.

[1]

[2]

[3]

[4]