Automated Proof Testing

Proof testing of safety instrumented systems is not only required by safety standards such as IEC 61511, it also helps prevent unplanned plant downtime. The principle is comparable to checking the roadworthiness of a car. The tests take place at intervals that depend on the plants and devices involved and are necessary to uncover dangerous undetected faults during operation. However, such testing requires manual effort, involves numerous staff, and is time-consuming. Thanks to modern safety systems and the “digitization” of field device information, test procedures can now be automated to a large extent, which facilitates work in the field and opens up potential savings.

Extending Proof Test Cycles for Safety Equipment and Saving Resources

In the process industry, IEC 61511 requires validation before commissioning and, after modifications, proof tests to be performed during operation. This involves verifying the functions and components, checking the documentation, and performing visual inspections. All these tasks are performed under tight deadlines as shutting down production during the tests has a negative impact on earnings. The range of tasks is broad and includes a wide variety of activities: Are the right devices installed with the appropriate hardware and software versions? Have the parameter settings of field devices and the safety application remained unchanged? Do all components work reliably? Are measuring points labeled and the labels legible? Are there signs of wear or leaks? Is replacement, calibration, or overhaul required?

Optimizing Test Procedures

Going forward, a properly trained employee will still have to physically inspect the facility in order to clarify some of these questions. However, it is possible to automate a significant portion of the tests and their sequence can even be digitally synchronized with manual activities. For example, the teams in the control room and in the field must coordinate with one another, and test instructions must be devised and performed in accordance with a checklist. Subsequently, the information about the status of the plant and devices must be documented. Enormous time and resource efforts are required and the need for optimization is therefore high.

The combination of device and system status information in the safety application opens up new ways of performing tests (Figure 1). Consequently, it is possible to interpret the data from field devices that is relevant for the safety application and to control test functions from the safety application. Device status can be monitored, and alarms in the event of deviations issued or the desired response initiated. Test and diagnostic functions of field devices can be triggered and evaluated based on the plant status. This has also been recognized by NAMUR. In NA 106, it describes the flexible proof testing of field devices in safety instrumented systems and lists options for automatic detection of faults in section 6.2.3.

Safety instrumented systems (SIS) are usually implemented using safety-related PLCs. The application of such programmable systems opens up the possibility of implementing automatic diagnostic mechanisms for fault detection in field devices and using them for partial testing of the safety system. The prescribed tests of these field devices can then be performed automatically in full or in part at predefined times, for example, using test procedures stored in the safety controller, and the results can be recorded in documents suitable for approval by a certification body such as TÜV. Depending on the plant status, partial tests can also be performed during operation to avoid plant shutdowns. Such an approach not only simplifies proof testing. Using diagnostic data and internal self-tests of “intelligent” sensors and actuators, it is also possible to extend the test intervals and implement preventive maintenance measures.

Safety plus Security

As the world's leading provider of safety solutions, HIMA (see company information box) has created the prerequisites for integrating of field device data and automation of test procedures. Thanks to the data integration of field devices and the matching Smart Safety Test function, proof test procedures can now be fully or partially automated within the safety system. This can be further enhanced by using HART modules for analog inputs or outputs, which provide central access to all HART information. This data can be used to monitor the settings of field devices. It detects any parameter changes performed with a hand-held device and triggers the respective alarm (Figure 2).
The integrated HART firewall in SIL 3 quality prevents unwanted changes via an AMS (Asset Management System). The HART firewall can be set to allow read-only access to field devices and block any write commands. This not only means that the devices are secure against unauthorized tampering, but has a desirable side effect: The parameter setting of the field devices via an AMS can be activated when required, e.g., during commissioning. Manual parameter setting with a hand-held device is no longer necessary, which reduces the risk of operating errors. During safe operation, the safety controller only allows read access to the field devices.

Automated Testing

Alongside the classic programming of test procedures in the safety application, Smart Safety Test can be used to automate test procedures. Certified to T2 in accordance with IEC 61508 (Figure 3), this tool is easy to use and allows users to create test plans, define fully or partially automated procedures, and document the test results.

Smart Safety Test is part of the engineering environment and enables effortless creation of test plans. When a test plan is executed, it accesses the safety controller and writes or reads values in the sequence defined in the test plan. The results are compared to the defined setpoints and documented. As a result, it is possible to set up fully and partially automated processes for the validation of safety functions, automatic revalidation in case of changes, and automatic proof test procedures.

Which Automated Tests Are Possible?

Test procedures can be defined as part of the safety application or as a test procedure to be performed manually as part of the Smart Safety Test. Tests that should be performed partially or fully automatically during operation are usually part of the safety application whereas Smart Safety Test is used for testing during downtime.

There is a wide range of test tasks that can be automated (Figure 4): In addition to the identification of field devices, monitoring of the configuration, and evaluation of the diagnostics as described above, test scenarios can also be implemented. For comparative measurements, runtime measurements, or leak tests, for example, it is also possible to specify values, control actuators, and check their feedback signals. Integrated device diagnostics, such as with Heartbeat Technology for Endress+Hauser sensors, can also be triggered and evaluated automatically. Heartbeat Technology, developed for analyzers and flow, level, pressure, temperature, and measuring devices, can detect issues such as corrosion and deposits. It generates diagnostic, verification, and monitoring data that provides information about the status of the field devices. For actuators, a partial stroke test can be used to detect faults. The partial stroke test, which can be run during operation, reveals malfunctions and reduces the probability of failure of the safety valves. For sensors, test procedures such as simulation of different measurement states or of the 4…20 mA signal are possible, including verification of the measured values via the input of the safety controller. These are just some of the available options – depending on the sensor or actuator used, further evaluations and test scenarios can be realized.

However, since such solutions not only depend on the right hardware and software, but proper planning, installation, and testing of the overall solution, HIMA also offers the appropriate support with its Safety Services. Starting with independent consulting on standards, device selection, and suitable test procedures, through the preparation, organization, and documentation of test procedures, to the performance of visual and functional tests on the safety controller, control system, and sensors and actuators.

The combination of device and system status information in the safety application opens up new ways of performing tests automatically.

The integrated SIL 3 firewall protects against maloperation and manipulation.

Smart Safety Test is a tool for automated test procedures that is certified to T2 in accordance with IEC 61508.

It is possible to automate a significant portion of the tests and their sequence can even be digitally synchronized with manual activities performed on site.

About HIMA:

The HIMA Group is the world's leading independent provider of smart safety solutions for industrial applications. With more than 35,000 installed TÜV-certified safety systems worldwide, HIMA qualifies as the technology leader in this sector. Its expert engineers develop customized solutions that help increase safety, cyber security and profitability of plants and factories in the digital age. For over 45 years, HIMA has been a trusted partner to the world's largest oil, gas, chemical, and energy-producing companies. These rely on HIMA solutions, services and consultancy for uninterrupted plant operation and protection of assets, people and the environment. HIMA’s offering includes smart safety solutions that help increase safety and uptime by turning data into business-relevant information. HIMA also provides comprehensive solutions for the efficient control and monitoring of turbomachinery (TMC), burners and boilers (BMC) and pipelines (PMC). In the global rail industry, HIMA’s CENELEC-certified SIL4 COTS safety controllers are leading the way to increased safety, security and profitability. Founded in 1908, the family-owned company of approximately 800 employees, operates from over 50 locations worldwide with its headquarters in Bruehl, Germany. For more information, please visit: