MXPA00003741A - Method and device for verifying the workability of a safety device - Google Patents

Method and device for verifying the workability of a safety device

Info

Publication number
MXPA00003741A
MXPA00003741A MXPA/A/2000/003741A MXPA00003741A MXPA00003741A MX PA00003741 A MXPA00003741 A MX PA00003741A MX PA00003741 A MXPA00003741 A MX PA00003741A MX PA00003741 A MXPA00003741 A MX PA00003741A
Authority
MX
Mexico
Prior art keywords
safety
unit
moving parts
valve
verifying
Prior art date
Application number
MXPA/A/2000/003741A
Other languages
Spanish (es)
Inventor
John Winchcomb
Hogstrom Karlkristian
Original Assignee
Neles Controls Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Neles Controls Oy filed Critical Neles Controls Oy
Publication of MXPA00003741A publication Critical patent/MXPA00003741A/en

Links

Abstract

The invention relates to the maintenance of safety devices. Valves and similar automatic mechanical safety devices normally maintaining a fixed position are in danger of getting stuck, and consequently may not be fully operable in an emergency situation. In a system according to the invention, real-time data indicating the operability of, for example, a valve actuator, is provided. When a fault is discovered, it can be localized using online diagnostic tools. A standby state is continuously maintained, as the unit for activating the safety function is independent of the unit for monitoring the operability, and the latter is bypassed in an emergency situation.

Description

METHOD AND DEVICE FOR VERIFYING THE WORK CAPACITY OF A SAFETY DEVICE FIELD OF THE INVENTION This invention relates to the maintenance of safety devices. Particularly, the invention pertains to the verification of the correct functioning of safety devices controlled by an actuator comprising moving parts, especially the so-called emergency interruption valves and their control devices, in such a way that the continuity of the production is not damaged. nor the waiting status of the devices.
BACKGROUND OF THE INVENTION In industry, particularly in the petrochemical process industry, systems are used where the process equipment possibly produces risks after a failure with the valves and other mechanical means designed to bring the process quickly to a safe state if they exceed the limits of the pre-established process parameters. For example, such a system usually includes valves with single-action actuators, the opening or closing of which releases an accumulated overpressure, diverts the hazardous process vapor into a holding tank, or the like. Here later, such valves are referred to as shut-off valves (with emergency valves having a closing or opening function). These valves normally always maintain the same position, as do other corresponding mechanical safety devices, and are consequently at risk of being blocked if situations that force an interruption, as expected, are very frequent. The general safety of the shut-off valves is not considered satisfactory when the equipment and methods of the prior art are used. The biggest disadvantage in current systems is that an existing fault - for example, the blocking of a mechanical component - is not necessarily observed when the system is in a standby state, and in an emergency situation the system can be damaged or not. operate. To verify proper operation, it is common to test, for example, the interruption valves simulating in some way a real emergency situation. This practice can, in fact, produce enormous risks, since the working capacity of the interruption valve system is temporarily blocked, and if the device is not activated properly, the situation can remain permanent. One method for testing an interruption valve is to mechanically limit its displacement, thereby preventing it from having a significant effect on the process, and verifying the mobility of the valve within certain limits. This procedure requires the use of, for example, a physical key, and activation of the emergency system is prevented during the test procedure, at least as long as the relevant unit is involved. The test is carried out at established intervals, for example, twice a year, but the test only proves that the devices can work at the time of the test. A failure may develop immediately after the test and persist until the next test. This way of carrying out the test is not a reliable way to verify the operating capacity of the system. The diagnosis of the valve using a present sensor and digital technology is a field that is developing rapidly. For example, in the Finnish patent application 96 2406 and the European patent application 95 306546, methods for studying the control conditions of valves using sensors in the actuator and the valve control means and the signal analysis are described. of such sensors in a microprocessor to analyze the working capacity of the valve unit as a whole. As described above, studying the conditions of a valve or other mechanical device that is part of a safety system involves certain requirements. In the Norwegian patent 152314, a method and a device for testing the operation of safety devices are described. According to such patent, an emergency interruption valve or control relay of an electric motor is tested periodically without affecting the process to which the safety system is adapted. For example, by temporarily cutting the signal from a solenoid pilot valve that affects an interruption valve, the interruption valve is bypassed, for example, 10 degrees, and the position of the interruption valve is verified by a sensor or a switch of limit. If a malfunction is observed, the safety function is activated. The test sequence is controlled by a logic circuit placed outside the field, and implemented by means of timers and standard logic elements.
DESCRIPTION OF THE INVENTION General description A method has been invented according to claim 1, which provides the verification of the error-free operation of a mechanical safety device, for example an interruption valve, while the state of operation is constantly maintained. wait for the security system, without deterioration. In such a method, the safety function and the safety or diagnostic function are combined in real time, the safety function nevertheless has a higher priority than the diagnostic function. In a method according to the invention, a component adapted directly to the safety device to activate the safety function is controlled by the high level safety system of the plant, which is responsible for safety operations, or alternatively by a logic unit integrated into the device according to the invention, a diagnostic unit being adapted to the activation component. The diagnostics unit is allowed to perform diagnostics without disturbing the process functions as long as the process is in a normal state. In an emergency situation, the diagnostic unit is ignored, so, for example, neither a failure or disturbance in the diagnostic test nor a routine test in progress can impair the safety function. The scope and periodicity of the diagnostics can be programmed in the system to achieve a desirable level of reliability. According to one embodiment of the present invention, a device is provided that allows the verification of the undisturbed operation of a mechanical safety device, while the waiting state of the safety system is fully maintained. The field unit of a security system according to the invention comprises a microprocessor which provides automatic, pre-established diagnostic and testing procedures. The field unit also includes a control unit that provides control of an actuator. By means of appropriate communication means, the control unit is connected to, on the one hand, the high-level security system or the integrated logic unit to the field unit, and on the other hand, to the power supply of the control device. safety, for example, a supply of compressed air. The high-level safety system or integrated logic unit activates the safety function directly, ignoring the diagnostic function.
In addition to the field unit, another main component of the security system according to the present invention is a verification unit. The communication link of the high level security system is routed through the verification unit. Preferably, the task of the verification unit is to verify the status of the on-line field unit, and to provide means for presenting status information to the user.
DETAILED DESCRIPTION The invention is described more fully hereinafter with reference to the accompanying drawings, wherein - Figure 1 is a schematic representation of a system for implementing the method of the present invention; - Figure 2 is a representation of a field unit according to the present invention connected to the actuator of a valve in a normal situation; - Figure 3 is a representation of a field unit and the actuator according to the present invention in an emergency situation. In Figure 1, (1) represents a unit of verification of a system according to the present invention and (2) is a field unit comprising a control unit (7) according to the invention, an interface or interconnection of communication (3), an electronic unit (19) including a microprocessor, and the required pneumatic sensors and components (not shown). The control unit (7) controls a safety device (24) comprising an actuator (8) and a valve (22). The communication between the verification unit (1) and the control unit (7) is preferably maintained via the communication link (5) as described below. The communication link (5) can be analogue or digital or a combination of both by means of, for example, a cable of pairs. Since the field area is usually an explosion risk area, in this case the system includes a barrier unit (6). The field unit (2) is supplied with energy voltage, preferably 24 V, of the high security level system (18) in charge of the security functions or, in the case of the security system according to the present invention includes a logical unit of a digital communication link. Preferably, the verification unit (1) is provided with indicator lights that reflect the state of the field unit, controlled by the signal provided by the communication link (5) and the outputs of the relay (21) corresponding to the indicator lights. For example, a green light may indicate that the signal is normal and the security system according to the invention is in a wait state. At programmable intervals, the microprocessor included in the electronic unit (19) carries out diagnostics. Therefore, the signal in the link (5) changes, as indicated by, for example, a yellow light. When the diagnosis has revealed a fault, it is indicated correspondingly by, for example, a red light.
The signals that correspond to the indicator lights can be sent through, for example, the outputs of the relay (21). The operation of the indicator lights and relay outputs can for example be verified by means of a local push button on the verification unit. Preferably, the verification unit (1) is connected to a computer (23) that runs a maintenance program of the security system, which allows the determination of the character of a fault by analyzing data stored by the diagnostic system. The communication required by this function is preferably provided by the communication link 5.
In addition, the housing of the verification unit preferably includes means (e.g., a keyboard and a device for visual representation of LED), for local control of the microprocessor included in the electronic unit (19). The task of the interface or communication interconnection (3) is to separate the signals, described below, transmitted by the communication link (5). In addition, you can add the integrated logic unit to the field unit. In the interface or communication interconnection (3) the communication link is divided into a direct link (10) to the control unit (7) and a link (25) to the electronic unit (19). In addition, the electronic unit (19) is connected (26) to the control unit. During normal operation, tests on the control unit (7) and the security device (24) are performed at defined intervals under the control of the program residing in the microprocessor within the electronic unit (19). The tests can also be carried out ideally by means of a computer (23). In a situation where the emergency function is activated, the signal is transported directly from the high security level system (18) via the links (5) and (10) to the control unit (7), for example in a way described later. Alternatively, a logical unit integrated into the communication interface (3) can transmit a signal along the link (10) directly to the control unit (7). In Figure 2, (7) is the main valve of the field unit (2). The Figure represents a normal operating situation: since the connection (10) is alive with a control voltage of 24 V, the pneumatic control valve (11) remains closed and the sliding cover (14) remains pushed to the right against the spring (15). Therefore, the operating air pressure of the actuator acts freely through the connections (12) and (13), and the actuating cylinder of the valve (8) is pressurized, the spring (9) being compressed. The microprocessor (17) within the electronic unit (19) is allowed to carry out diagnostics by means of the pneumatic control valve (16) as described below. Figure 3 represents a situation where the security function has been activated. The voltage at the connection (10) has dropped to zero, and the pressure was released through the valve (11). The spring (15) pushes the sliding cover (14) to the left, the pressure of the actuator is released through the opening (20), and the actuator (8), by means of the energy in the compressed spring (9), brings the interruption valve to its safety position, which can be opened or closed. The function of the microprocessor (17) has no influence on the situation. Preferably, the microprocessor is de-energized in this situation, since it is supplied with power from the same connection as the control valve (11). Naturally, the electronic field unit (19) of the interruption valve is normally provided with non-volatile memory circuits capable of storing measurement data related to the safety function before the energy disappears. The microprocessor (17) receives at least the following input data: position of the control valve position of the interruption valve pressure of the cylinder of the actuator commands entered from a local keyboard The microprocessor (17) can be programmed to perform diagnostic functions at pre-set intervals, for example 15 ms - a week. In the preferred embodiment described below, these comprise the so-called hysteresis test. Before beginning the test, the microprocessor transmits, by altering the communication link signal (5), a message to the verification unit (1), which is shifted or diverted to indicate that a test is in progress. Next, the control pressure is reduced by means of the valve (16) during a pre-defined time interval to a pre-set level and again to the initial level, so a corresponding decrease in the pressure of the actuator within a defined time delay, as indicated by the sensors (not shown). When the pressure decreases and returns to the initial state within a defined time interval, a corresponding change in the position of the interruption valve must be observed within a defined time delay. If the target valves are not reached, the microprocessor (17) transmits, altering the signal in the communication link (5), a message to the verification unit (1), which is diverted to indicate a failure alarm. The movements of the interruption valve during the test cycle are limited so as not to interfere with the process. In addition to the test described above for verifying the mechanical workability of an interruption valve, the diagnostics include other functions outside the scope of the present invention, for example, the internal diagnosis of the electronic components and the characterization of valve leaks. in valve movements using a separate acoustic sensor. According to one embodiment of the present application, all communication between the field and the control room can take place along the same communication link (5). Preferably, this is a pair cable for a) maintaining the control voltage, for example 24 V, of the high level security system (18), while simultaneously maintaining the waiting state of the field unit (2); b) controlling the indicator lights and outputs of the relay of the verification unit (1) by means of changes in the signal; c) communication between the maintenance program of the computer security system (23) and the electronic unit (19) using, for example, the HART protocol well known to those skilled in the art. The previous arrangement is preferred because the reconversion of the system in existing plants is convenient.
In contrast to the method and the device described in No. 152314, the present invention provides the following advantages: - The "intelligent" components are located in the field, which allows the connection of safety devices to a collective field conductor system . If a malfunction is observed, the safety function is not activated unconditionally, but maintenance is possible and the plant can remain in operation. - The main wait signal (for example the main voltage of 24 V in the previous example) is not affected during the test, but the direct contact with the system in charge of the safety functions is always maintained. The test is carried out using a dedicated signal and separate wiring. It is possible to carry out autonomous, individual tests, as well as detailed diagnostics involving several sensors, optionally in the form of self-diagnosis. - The wiring of the field unit is kept at a minimum, often, an existing pair cable is sufficient. The invention was described here using a system implemented for a valve, but it is obvious that the invention can, without deviating from its general concept, be implemented in other safety devices that comprise mechanical parts, without necessarily controlling the flow of fluid but providing a security status by other means. It is noted that in relation to this date, the best method known to the applicant to carry out the aforementioned invention, is that which is clear from the present description of the invention.

Claims (5)

  1. CLAIMS Having described the invention as above, the content of the following claims is claimed as property. A method for verifying the working capacity of a safety device and controlling the safety system of such a device, where the safety device is provided with means to perform operations to verify the mobility of the moving parts and to verify the capacity working of electrical units of the security system, characterized in that the means are located in the field, and by affecting the moving parts during the test independently of the main control signal.
  2. 2. The method according to claim 1, characterized by the method for verifying the mobility of the moving parts and the working capacity of the electrical components in the safety system being carried out continuously according to a pre-established program, or as unique events through a communication link.
  3. 3. A device for checking the working capacity of a safety device, comprising moving parts, the device comprises means for verifying the working capacity of the moving parts, characterized in that the means are adapted to the field unit of the device. safety device, and are adapted to affect moving parts independently of the main control signal. The device according to claim 3, characterized by means for activating the security function, comprising a field unit provided in the security device and a verification unit located elsewhere and a communication link between such units , the signals of the means to verify the work capacity and the signals of the security system are both transmitted in the communication link. The device according to any of claims 3 or 4, characterized in that the safety device comprises an actuator and a valve.
MXPA/A/2000/003741A 1997-10-17 2000-04-17 Method and device for verifying the workability of a safety device MXPA00003741A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
FI973990 1997-10-17

Publications (1)

Publication Number Publication Date
MXPA00003741A true MXPA00003741A (en) 2002-07-25

Family

ID=

Similar Documents

Publication Publication Date Title
EP1027635B1 (en) Method and device for verifying the workability of a safety device
RU2413115C2 (en) Universal controller for emergency shut-off
EP1358417B1 (en) Apparatus for testing operation of an emergency valve
US7504961B2 (en) Emergency isolation valve controller with integral fault indicator
AU2002225170A1 (en) Apparatus for testing operation of an emergency valve
US8072343B2 (en) Local emergency isolation valve controller with diagnostic testing and trouble indicator
RU2543366C2 (en) Apparatus, method and programme for test of solenoids of automatic safety systems
RU2752786C2 (en) Method for testing the solenoid valve and the corresponding device (versions)
EP1500857A1 (en) Partial stroke valve test apparatus
MXPA00003741A (en) Method and device for verifying the workability of a safety device
JPH08101719A (en) Pressure-reducing system and its inspection method
CN111378460A (en) Coke oven coal tower gate control method
RU2681553C1 (en) Method for remote control of pneumatic actuator of main pipeline
RU2718101C1 (en) Automated control system for valve on gas and condensate pipe line
JP2004117171A (en) Gas safety apparatus