Emerson Exchange 365

This is Part 2 of white paper by Tom Jeansonne who is technical product manager at Emerson Process Management Valve Automation, Waller, TX.  He has more than 30 years of experience in the valve and valve automation industry with both distributors and manufacturers.  He can be reached at tom.jeansonne@emersonprocess.com

Why Focus on the Final Control Element (FCE)?

The FCE is essentially one third of a Safety Instrument Function (SIF). Often several FCEs and SIFs are contained within the Safety Instrumented System. Other components of the FCE & SIF are the various sensors and the logic solver.  The SIS creates a demand for a SIF, and the FCE‘s job is to perform that critical function.

FCEs are critical to the SIS and SIF because the FCE is what physically stops or diverts the flow.  This SIF addresses a specific hazardous event under the SIS. In the case of the process industry, including refineries and storage facilities, a current primary international standard for dealing with such hazards is IEC 61511.  The standard focuses on SIS and encompasses a scope for the plant’s SIS lifecycle – includes concept, design, operation, maintenance and ultimate facility deactivation.        

Each component of the FCE is subjected to environmental conditions which can impact its performance.

The valve is subjected to the variable nature of the fluid in the line which it controls. As such, the ability to provide its primary function (SIF), shut off or flow diversion) is subject to degradation over time. The actuator can also be impacted by environmental conditions, which could affect its ultimate performance.    One of the issues that must be addressed is stagnation or “long stand-still time”. The actuated valve package (FCE) typically remains energized in a fixed position for long periods of time.  Despite these less than ideal conditions, the FCE has to perform as designed when a SIF is required.  If the FCE fails to perform, the SIS may not be able to take the terminal to a safe state.

• It has been reported that at least one-half of all industrial malfunctions in the SIS have been attributed to the FCE.  In order to meet specific reliability criteria, the FCE must be designed for certain defined levels, or Safety Integrity Levels (SIL), SILs are a means of quantifying risk based on its frequency and consequences.  The FCE(s) need to be designed to meet a required SIL for an application (often SIL 2 minimum for tank farm receipt block valves and SIL 3 for diversion applications).
• The primary objective is to: Reduce the Probability of Failure on Demand (PFD) by meeting a pre-determined SIL requirement.

Part 3 of this series will focus on what the integrated FCE should inlcude.