Failures might be monitored from maintenance work order records and spares consumption as part
of an annual review by the site maintenance authority. This analysis would be for all equipment types
that are also deployed on SIL duties and so one of the first requirements is the compilation of a register
of such equipment types.
With this register there is the difficulty of knowing how far to go in identifying the actual build and
deployment of equipment items. Consider an ESD valve; do we distinguish actuator from valve?
Different sizes of a given type? Different material combinations? Different duties for given build?
Different environments for a given build & duty? The greater the resolution in categorising build and
deployment, the smaller the populations available on which to base our analysis.
It is here proposed that initially we should identify populations as far as manufacturer and series type,
together with vulnerability due to the specific nature of the deployment. Typically we would identify
manufacturer and series of a flow meter, but not what size or material combination. This would
typically mirror the assessments undertaken by manufacturers which are generic to a series design
type. Only if a failure is subsequently found to be only relevant to a particular subset would I propose
a greater resolution in categorisation of populations.
Since actuators of different types and from different vendors may be used with a given valve, it could
be argued that actuators and valves should be distinguished as different elements. There are practical
difficulties in this however and generic database values make no such distinction. Again, only if a
failure is subsequently found to be only relevant to a particular subset of actuators would I propose
to attempt to distinguish the actuator as a separate element. Seat failure to provide tight shut off (as
distinct from stroking failure), will typically arise through service life and associated wear, and should
be addressed by assessment of useful life expectancy rather than random hardware failure rate. Given
this consideration, attempts to refine valve equipment groupings on the basis of shut off requirements
probably represent an unwarranted complication.
If the duty is unexceptional, it is suggested that no distinction be made beyond manufacturer and
series type. If a particular vulnerability is identified for an item due to its deployment/duty, then a
special sub-grouping should be identified for that equipment series type.
In practice it might be difficult to identify whether a given failure in the more vulnerable subgroup was
attributable to the particular vulnerability or whether it was a ‘normal’ failure within the wider
population of that equipment type. It is therefore proposed that a failure in the subgroup should be
recorded against both the subgroup AND the wider population superset. A failure outside the
subgroup would be recorded against the wider population only.
Let us postulate a total population of model type ‘Acme Tx’ of 100, 5 of which are identified as being
on ‘difficult duty 1’, and 5 on ‘difficult duty 2’, which increases their vulnerability. With one ‘normal
duty’ device failure and one in each of the ‘difficult duty 1’ and ‘difficult duty 2’ groups, the record
would show:
Device
Group
Population
Failure Count
Acme Tx
All duties
100
3
Acme Tx
Difficult duty 1
5
1
Acme Tx
Difficult duty 2
5
1
This approach will avoid an optimistic bias in the evaluation of standard duty deployment arising if we
were to disregard possibly relevant failures in subgroups. It will be conservative with regard to