Extending Proof Test Cycles for Safety Equipment and Saving Resources
In the process industry, IEC 61511 requires validation before commissioning and, after modifications, proof tests to be performed during operation. This involves verifying the functions and components, checking the documentation, and performing visual inspections. All these tasks are performed under tight deadlines as shutting down production during the tests has a negative impact on earnings. The range of tasks is broad and includes a wide variety of activities: Are the right devices installed with the appropriate hardware and software versions? Have the parameter settings of field devices and the safety application remained unchanged? Do all components work reliably? Are measuring points labeled and the labels legible? Are there signs of wear or leaks? Is replacement, calibration, or overhaul required?
Optimizing Test Procedures
Going forward, a properly trained employee will still have to physically inspect the facility in order to clarify some of these questions. However, it is possible to automate a significant portion of the tests and their sequence can even be digitally synchronized with manual activities. For example, the teams in the control room and in the field must coordinate with one another, and test instructions must be devised and performed in accordance with a checklist. Subsequently, the information about the status of the plant and devices must be documented. Enormous time and resource efforts are required and the need for optimization is therefore high.
The combination of device and system status information in the safety application opens up new ways of performing tests (Figure 1). Consequently, it is possible to interpret the data from field devices that is relevant for the safety application and to control test functions from the safety application. Device status can be monitored, and alarms in the event of deviations issued or the desired response initiated. Test and diagnostic functions of field devices can be triggered and evaluated based on the plant status. This has also been recognized by NAMUR. In NA 106, it describes the flexible proof testing of field devices in safety instrumented systems and lists options for automatic detection of faults in section 6.2.3.
Safety instrumented systems (SIS) are usually implemented using safety-related PLCs. The application of such programmable systems opens up the possibility of implementing automatic diagnostic mechanisms for fault detection in field devices and using them for partial testing of the safety system. The prescribed tests of these field devices can then be performed automatically in full or in part at predefined times, for example, using test procedures stored in the safety controller, and the results can be recorded in documents suitable for approval by a certification body such as TÜV. Depending on the plant status, partial tests can also be performed during operation to avoid plant shutdowns. Such an approach not only simplifies proof testing. Using diagnostic data and internal self-tests of “intelligent” sensors and actuators, it is also possible to extend the test intervals and implement preventive maintenance measures.
Safety plus Security
As the world's leading provider of safety solutions, HIMA (see company information box) has created the prerequisites for integrating of field device data and automation of test procedures. Thanks to the data integration of field devices and the matching Smart Safety Test function, proof test procedures can now be fully or partially automated within the safety system. This can be further enhanced by using HART modules for analog inputs or outputs, which provide central access to all HART information. This data can be used to monitor the settings of field devices. It detects any parameter changes performed with a hand-held device and triggers the respective alarm (Figure 2).
The integrated HART firewall in SIL 3 quality prevents unwanted changes via an AMS (Asset Management System). The HART firewall can be set to allow read-only access to field devices and block any write commands. This not only means that the devices are secure against unauthorized tampering, but has a desirable side effect: The parameter setting of the field devices via an AMS can be activated when required, e.g., during commissioning. Manual parameter setting with a hand-held device is no longer necessary, which reduces the risk of operating errors. During safe operation, the safety controller only allows read access to the field devices.
Automated Testing
Alongside the classic programming of test procedures in the safety application, Smart Safety Test can be used to automate test procedures. Certified to T2 in accordance with IEC 61508 (Figure 3), this tool is easy to use and allows users to create test plans, define fully or partially automated procedures, and document the test results.
Smart Safety Test is part of the engineering environment and enables effortless creation of test plans. When a test plan is executed, it accesses the safety controller and writes or reads values in the sequence defined in the test plan. The results are compared to the defined setpoints and documented. As a result, it is possible to set up fully and partially automated processes for the validation of safety functions, automatic revalidation in case of changes, and automatic proof test procedures.
Which Automated Tests Are Possible?
Test procedures can be defined as part of the safety application or as a test procedure to be performed manually as part of the Smart Safety Test. Tests that should be performed partially or fully automatically during operation are usually part of the safety application whereas Smart Safety Test is used for testing during downtime.
There is a wide range of test tasks that can be automated (Figure 4): In addition to the identification of field devices, monitoring of the configuration, and evaluation of the diagnostics as described above, test scenarios can also be implemented. For comparative measurements, runtime measurements, or leak tests, for example, it is also possible to specify values, control actuators, and check their feedback signals. Integrated device diagnostics, such as with Heartbeat Technology for Endress+Hauser sensors, can also be triggered and evaluated automatically. Heartbeat Technology, developed for analyzers and flow, level, pressure, temperature, and measuring devices, can detect issues such as corrosion and deposits. It generates diagnostic, verification, and monitoring data that provides information about the status of the field devices. For actuators, a partial stroke test can be used to detect faults. The partial stroke test, which can be run during operation, reveals malfunctions and reduces the probability of failure of the safety valves. For sensors, test procedures such as simulation of different measurement states or of the 4…20 mA signal are possible, including verification of the measured values via the input of the safety controller. These are just some of the available options – depending on the sensor or actuator used, further evaluations and test scenarios can be realized.
However, since such solutions not only depend on the right hardware and software, but proper planning, installation, and testing of the overall solution, HIMA also offers the appropriate support with its Safety Services. Starting with independent consulting on standards, device selection, and suitable test procedures, through the preparation, organization, and documentation of test procedures, to the performance of visual and functional tests on the safety controller, control system, and sensors and actuators.