Are you analysing your failure rate data for process safety valves?

Article published in the Regulator | Issue 1: 2017

IEC 61511 (Functional Safety – Safety instrumented systems for the process industry sector) is an international industry standard requiring the failure rate of the devices, which make up the safety instrumented functions (SIFs) on offshore facilities, to be analysed to assess whether their reliability meets the requirements defined by their respective safety integrity level (SIL). Periodically, operators should use that data to re-evaluate the testing frequency of those devices. 

Process safety valves such as Riser Emergency Shutdown Valves (RESDVs), Shutdown Valves (SDVs) and Blowdown Valves (BDVs) are found on most production facilities to minimise the impact of a loss of containment event either topsides or subsea. To be effective, IEC 61511 states that end devices, such as process safety valves, need to have a probability of failure on demand (PFD) which supports its SIL. The SIL depends on the risk the device is protecting against and what other layers of protection are in place to mitigate that risk. For a RESDV, the acceptable PFD is typically less than 1 in 100. In other words, if you tested a RESDV 100 times it shouldn’t fail more than once.

To demonstrate the PFD of a valve supports its SIL, it must be proof tested on a regular basis to reveal undetected faults, at a frequency that depends on the level of reliability required of the device. During design, the engineer estimates that reliability based on industry and manufacturer data; however this general data cannot account for the unique operating circumstances in which each valve is required to operate. Actual failure rates, specific to the installation, need to be compared against the original design assumptions. If the failure rates are higher than the original design assumptions then the test frequency should be re-evaluated.

Failures of shutdown valves during demand scenarios such as proof testing do occur; however in reviewing the operator response to these failures NOPSEMA has observed that there is a tendency to simply lubricate and cycle the valve, and then put it back into service without appropriate consideration of the overall rate of failure. Occasional valve failures are to be expected, but the most important question is whether the actual failure rates are consistent with the PFD assumed in the original design. If the failure rate is higher than expected, the testing frequency should be reevaluated.

NOPSEMA expects operators to be able to demonstrate that the facility process safety valves will be effective control measures. If the operator has adopted the international standard IEC 61511 then the requirement to analyse failure rate data and periodically re-assess testing frequency is mandatory. NOPSEMA will be inspecting operator arrangements for collecting and analysing failure rate data and periodic re-evaluation of test frequency. If any deficiencies are identified the issue will be raised directly with operator.

Safety instrumented function (SIF): A safety function to be implemented by the safety instrumented system (SIS) that consists of the initiating elements (e.g. temperature, pressure and level sensors), the final elements (e.g. shutdown valves) and the logic solver (e.g. programmable logic controller).

Safety instrumented system (SIS): Instrumented systems sued to implement one or more SIFs.

Safety integrity level (SIL): Discrete level (one to four) allocated to the SIF for specifying the safety integrity requirements to be achieved by the SIS.

Probability of failure on demand (PFD): The probability that the device will fail dangerously, such that the safety action is impeded, when placed under demand.

Demand scenario: A SIF is placed under demand when it is required to enact its safety functions, such as closing a valve on high pressure.