Functional Safety 2016
November, 2016 - London
Page 9 of 17
The Figure 1 shows a generic HIPPS SIS, commonly used in downstream natural gas
processing facilities.
The SIS is comprised of a 2oo3 architecture, for the pressure sensor sub system, set to initiate
a trip signal to the logic solver when 70barg is detected from upstream. The trip signal from the
logic solver de-engerises either of the two soleniod valves to relieve the air pressure in the
pneumatic actuator, which will drive the valve closed (Air Fail Closed) within a total response
time of 3 seconds. The final element is classified with a zero leakage rate (API 6D Rate A).
The equipment specification is as follows: -
•
Sensors – Smart Pressure Transmitter (two wire 4-20mA) voted 2oo3.
•
Logic Solver – Solid State triplicated fail safe logic with Namur 43 compliant trip
amplifiers.
•
Solenoid Valves – 3 way 2 position normally closed 24 vdc Electro Magnetic with spring
return voted 1oo2.
•
Final Element Valve – Mokveld Valve B.V., RZD-R including M-series actuator.
A simplified proof test methodology is described in Table 3, typically in line with a manufacturers
Safety Manual, withextracts of test requirements taken from the vendor requirements, to
demonstrate an example of how to approximate C
PT
and the actual impact on the corrected
PFD
AVG
for the SIS.
Table 3: Basic simple HIPPs proof test methodology
Equipment
Proof Test Method (brief description)
C
PT
(%)
Sensor
(incl Impulse
line)
This test detects approx. 99% of the possible dangerous undetected
device failures.
1. Bypass safety PLC or take other suitable measures to
prevent alarms from being triggered by mistake.
2. Disable locking ("Locking/Unlocking", ® ä 46).
3. Set the current output of the transmitter to HI alarm via a
HART command or by means of the onsite display and check
whether the analog current signal reaches this value.
•
e.g. simulate an alarm by means of the SIMULATION MODE
and SIM. ERROR NO. parameters. This test detects
~99%