8. Tests and maintenance
Test and maintenance tasks may only be performed by authorised personnel who
have been trained on functional safety.
Test and maintenance equipment has to be calibrated.
Within the lifetime of 10 years or the maximum number of cycles or modulating steps
indicated in the <Lifetime> chapter, the fail safe unit will not require any maintenance.
However, the required tests (including proof test and online diagnostics in particular)
must be performed at specified intervals and in compliance with the procedures and
intervals described in the present safety manual.
Information
Any test/maintenance must be recorded in a test/maintenance report.
Impact of testing/maintenance on relevant devices, equipment or other work must
be evaluated.
8.1. Safety equipment: check
All safety functions within a safety equipment must be checked for perfect functionality
and safety at appropriate intervals. The intervals for safety equipment checks are to
be defined by the plant operator.
The plant operator has to establish a safety schedule for the entire safety lifecycle
of the SIS to avoid systematic faults. Policies and strategies for achieving safety as
well as different activities during the safety life cycle should be defined.
8.2. Internal actuator monitoring with control via actuator controls
The device, consisting of actuator with actuator controls and integral fail safe unit
has an internal actuator monitoring.The internal actuator monitoring is automatically
executed by operating the actuator and consequently the valve from the end position
opposite the safety end position (i.e. for fail safe CLOSE from end position OPEN)
in standard operation.
1)
Internal actuator monitoring identifies most of the
safety-related actuator components of the safe fail unit. If a fault occurred, the fault
would be signalled via the output contact of the FS module (FS ready NO and
FS failure NC outputs).
To ensure the safety figures of the Safe ESD safety function, in particular PFD,
specified in the <Safety-related figures> chapter, the device has to be controlled at
least once per month via the actuator controls and additionally the output contact
assessment of the fail safe module (FS ready NO and FS failure NC outputs).
The safety PLC must monitor if the end position switch signals in the expected order
“end position -> no end position -> end position”. If it cannot be ensured that the
device is operated from the respective end position by the actuator controls at least
once per month, a suitable <Partial Valve Stroke Test (PVST)> has to be performed
instead.
The control signal and the related actuator operation must be applied for the time
required to ensure that the end position switch signals the unseating from the end
position.
Since diagnostic functions are not exclusively performed within FQM but have to be
initiated and/or evaluated by the safety PLC, other diagnostic test intervals are
possible as 1 x per month.The consequence, however, is that the safety-related
parameters and in particular the PFD will change. Furthermore, for diagnostic test
interval selection by the operator, it must be considered, that the test frequency
should amount to at least 10 times the demand rate and that – for the ESD safety
function – the test interval can never be less than 22 days (refer to next paragraph).
Internal diagnostics of the mechanical elements are designed so that they will be
executed every 22 days maximum – even in case of frequent standard operations
– thus avoiding excessive wear.To guarantee a test interval e.g. of one month, the
operator has to ensure that 22 days up to one month after the last diagnostic
operation, either standard operation or a PVST is started from the end position
opposite the safety end position (i.e. fail safe CLOSE from end position OPEN).
1)
(LSC or LSO output opens)
22
Tests and maintenance with non safety-related actuators
To Next Page
Loading...
