Intelligent Valve Controller NDX. Safety Manual

Similar documents
Metso DeviceCare. Quick Setup Guide FOR YOUR SAFETY READ THESE INSTRUCTIONS FIRST!

NELES INTELLIGENT VALVE CONTROLLER, SERIES NDX

Process Valve Networking 101: What, Why and How Much?

Quick Guide. NDX Intelligent valve controller FOR YOUR SAFETY READ THESE INSTRUCTIONS FIRST!

Hytork XL Pneumatic Actuator

Hytork XL Pneumatic Actuator

Quick Guide. NDX Intelligent valve controller FOR YOUR SAFETY READ THESE INSTRUCTIONS FIRST!

SIL Safety Manual DOC.SILM.EF.EN, Rev. 0 March EL-O-Matic F-Series Pneumatic Actuator SIL Safety Manual

SIL Safety Manual DOC.SILM.EF.EN Rev. 0 March EL-O-Matic F-Series Pneumatic Actuator SIL Safety Manual

SAFETY MANUAL SIL Switch Amplifier

Rosemount Functional Safety Manual. Manual Supplement , Rev AG March 2015

Type 9160 / Transmitter supply unit / Isolating repeater. Safety manual

Safe & available...vigilant!

MANUAL Functional Safety

Safety Manual. Vibration Control Type 663. Standard Zone-1-21 Zone Edition: English

Local Control Panels for VG9000H LCP9H Series Installation, Maintenance and Operating Instructions. NOTE: Special version for Liwa-project

Proline Prowirl 72, 73

Safety manual for Fisher FIELDVUE DVC6200 SIS Digital Valve Controller, Position Monitor, and LCP200 Local Control Panel

Type Switching repeater. Safety manual

MANUAL Functional Safety

Functional safety manual RB223

Failure Modes, Effects and Diagnostic Analysis

DK32 - DK34 - DK37 Supplementary instructions

Soliphant M with electronic insert FEM54

FUNCTIONAL SAFETY CERTIFICATE

IQ Pro SIL option TÜV Certified for use in SIL 2 & 3 applications

Failure Modes, Effects and Diagnostic Analysis

ProductDiscontinued. Rosemount TankRadar Rex. Safety Manual For Use In Safety Instrumented Systems. Safety Manual EN, Edition 1 June 2007

xxx xxx AT/PT xxxx x x..xx weitere Varianten siehe Anhang des Zertifikats further variations see annex of certificate

Products Solutions Services. Functional Safety. How to determine a Safety integrity Level (SIL 1,2 or 3)

MANUAL Functional Safety

Soliphant M with electronic insert FEM57 + Nivotester FTL325P

Failure Modes, Effects and Diagnostic Analysis. Rosemount Inc. Chanhassen, MN USA

Mobrey Hydratect 2462

Safety manual. This safety manual is valid for the following product versions: Version No. V1R0

FUNCTIONAL SAFETY CERTIFICATE

ACT20X-(2)HTI-(2)SAO Temperature/mA converter. Safety Manual

Quartz Valve Position Indicator Rev. 1.1

Failure Modes, Effects and Diagnostic Analysis

Hardware safety integrity (HSI) in IEC 61508/ IEC 61511

Safety Manual VEGASWING 61, 63. Relay (DPDT) With SIL qualification. Document ID: 52082

MANUAL Functional Safety

Point Level Transmitters. Pointek CLS200 (Standard) Functional Safety Manual 02/2015. Milltronics

Failure Modes, Effects and Diagnostic Analysis

SVI II ESD. SIL3 Partial Stroke Test Device October 2007 BW5000-ESD. The only SIL3 Smart ESD device that is live during and after a shutdown.

LABEL. Invest in Confidence. SIL Actuators

FMEDA and Prior-use Assessment. Pepperl+Fuchs GmbH Mannheim Germany

Your Global Automation Partner. Magnetic Field Safety Sensors. Safety Manual

Special Documentation Liquicap M FMI51, FMI52

Safety Manual. VEGABAR series ma/hart - two-wire and slave sensors With SIL qualification. Document ID: 48369

Removal of Hardware ESD, Independent of Safety Logic Solver

OPTISWITCH 5300C. Safety Manual. Vibrating Level Switch. Relay (2 x SPDT) With SIL qualification

Vibrating Switches SITRANS LVL 200S, LVL 200E. Relay (DPDT) With SIL qualification. Safety Manual. Siemens Parts

Failure Modes, Effects and Diagnostic Analysis

T72 - Process Safety and Safety Instrumented Systems

FMEDA Report Failure Modes, Effects and Diagnostic Analysis and Proven-in-use -assessment KF**-CRG2-**1.D. Transmitter supply isolator

Failure Modes, Effects and Diagnostic Analysis. PR electronics A/S

Your Global Automation Partner. Capacitive Safety Sensors. Safety Manual

Failure Modes, Effects and Diagnostic Analysis

FMEDA and Proven-in-use Assessment. Pepperl+Fuchs GmbH Mannheim Germany

T57 - Process Safety and Critical Control What Solution Best Meets Your Needs?

II ESD. SIL3 Partial Stroke Test Device. The only SIL3 Smart ESD device that is live during and after a shutdown.

It s a safe world after all

Failure Modes, Effects and Diagnostic Analysis

HART Temperature Transmitter for up to SIL 2 applications

Special Documentation Soliphant M with electronic insert FEM57 + Nivotester FTL325P

HART Temperature Transmitter for up to SIL 2 applications

The ApplicATion of SIL. Position Paper of

Cerabar T PMP131, PMC131, PMP135

Failure Modes, Effects and Diagnostic Analysis

NELES INTELLIGENT VALVE CONTROLLER, SERIES NDX

Technical Bulletin. Modbus TCP/IP Communication Protocol For Electric Fire Pump Controllers with or without Automatic Transfer Switch

Failure Modes, Effects and Diagnostic Analysis

FACTORY AUTOMATION. MANUAL VAA-2E-G4-SE Original Instructions Version 1.1

The evolution of the cookbook

Micropilot S FMR530/532/533, FMR540

Update assessment for the Guard I/O DeviceNet Safety Modules 1791DS-IB8XOBV4, 1732DS-IB8XOBV4, 1791DS-IB16 and 1732DS-IB8. Rockwell Automation

2oo4D: A New Design Concept for Next-Generation Safety Instrumented Systems 07/2000

IQ SIL Option. IQ actuators for use in applications up to SIL 3. sira CERTIFICATION

Supplement to Fisher FIELDVUE DVC6000 SIS Series Digital Valve Controllers for Safety Instrumented System (SIS) Solutions Instruction Manual

ED17: Architectures for Process Safety Applications

Certificate of Compliance No

FMEDA and Proven-in-use Assessment. G.M. International s.r.l Villasanta Italy

PSR-PC50. SIL 3 coupling relay for safety-related switch on. Data sheet. 1 Description

NelesAce BASIS WEIGHT CONTROL UNIT Installation, Maintenance and Operating Instructions

AS-i Safety Relay Output Module with Diagnostic Slave

Failure Modes, Effects and Diagnostic Analysis

MACX MCR-SL-(2)I-2)I-ILP(-SP)

Hardware Safety Integrity. Hardware Safety Design Life-Cycle

Micropilot M FMR230/231/232/233/240/244/245

AS-i Safety Relay Output Module with Diagnostic Slave

Siemens Safety Integrated Take a safe step into the future

Installation and operating instructions

Low voltage switchgear and controlgear functional safety aspects

New developments about PL and SIL. Present harmonised versions, background and changes.

NELES ND7000 DIGITAL VALVE CONTROLLER

NELES VALVGUARD VG9000 INTELLIGENT SAFETY SOLENOID

Micropilot FMR50/51/52/53/54/56/57

Safety Manual. PROTRAC series ma/hart - four-wire With SIL qualification. Document ID: 49354

Using ControlLogix in SIL2 Applications

Transcription:

Intelligent Valve Controller NDX Safety Manual 10SM NDX en 5/2017

2 Intelligent Valve Controller NDX Safety Manual Table of Contents 1 General information...3 1.1 Purpose of the document... 3 1.2 Description of the device... 3 2 Structure of intelligent valve controller...3 2.1 System components and description of use... 3 2.2 Permitted device types... 3 2.3 Supplementary device documentation... 3 3 Description of safety requirements...3 3.1 Safety function... 3 3.2 Restrictions for use in safety-related applications... 4 3.3 Functional safety indicators... 4 3.4 Useful lifetime... 5 3.5 Behavior of device... 5 3.5.1 During power-up... 5 3.5.2 During operation... 5 3.5.3 During emergency trip... 5 3.5.4 In the event of alarms and warnings... 5 4 Installation...5 4.1 Hardware fault tolerance... 5 4.2 Installation and commissioning... 5 4.3 Diagnostics coverage... 5 4.4 Parameters... 5 4.5 Operation... 5 4.6 Maintenance... 5 5 Testing...6 5.1 Partial stroke test (PST)... 6 5.2 Valve proof-test... 6 6 Repair and maintenance...6 7 SIL certificate...7

Intelligent Valve Controller NDX Safety Manual 3 1. General information 1.1 Purpose of the document This safety manual provides necessary information to design, install, verify and maintain safety instrumented function (SIF) using the Metso s NDX Intelligent Valve Controller. The document must be used as part of the safety lifecycle. Information provided in this manual is necessary for meeting the IEC 61508 or IEC 61511 functional safety standards. 1.2 Description of the device Neles NDX is loop powered SIL 2 certified intelligent valve controller and thus a safety related product. Extra attention is required to make sure it is used in a way it is intended to be used and in a safe manner. NOTE: HART communication can be used for informational purposes, but is not safety certified for diagnostic annunciation. 2. Structure of intelligent valve controller 2.1 System components and description of use See the IMO for the detailed technical description of the device and the system architecture. 2.2 Permitted device types The information in this manual pertaining to functional safety applies to all ND9000 device variants mentioned in the device type coding in the IMO. 2.3 Supplementary device documentation This manual is not intended to be used as a stand-alone document. It must be used together with the document 7NDX71en; Installation, Maintenance and Operating Instructions for Neles NDX (later referred as IMO). It is available from your local Metso office or for download from www.metso.com/ndx 3. Description of safety requirements 3.1 Safety function Safety function part of NDX intelligent valve controller consists of the prestage and the output stage. They are the only components, which take part of the safety function. Prestage unit is a coil operated flapper valve, which is open when de-energized. De-energized is the safe state of the device prestage unit coil. Prestage unit is controlling the output stage, which is operated by spring force to fail safe position and by pneumatic force to the normal position. actuator, according to the input signal, is reached. See figure 1 for the principle of operation. Prestage will be de-energized when input signal (loop current) to the device (NDX) is 0 ma. That will cause the output stage to release the air from the exhaust port (Exh I) and drive the emergency shutdown valve to close or open position depending on the application type. Safety function is to release the air from Exh I port via the output stage exhaust. Reaction time of safety function is <200 milliseconds. The closing (or opening) time of the valve depends on the size and type of the pneumatic actuator and the valve, the supply pressure etc. Micro controller and firmware are not part or cannot prevent the safety action. Measurements from the pressure sensors (PS, PI) and position sensor (Pos) are used for controlling the Partial Stroke and other tests and used for the device diagnostics only. Figure 1. Principle of operation

4 Intelligent Valve Controller NDX Safety Manual 3.2 Restrictions for use in safety-related applications Please ensure that the valve controller is used correctly for the application in question and that the ambient conditions and air supply quality are taken into account. The instructions for installation conditions, as detailed in the IMO, shall be observed. The specifications in the IMO shall not be exceeded. 3.3 Functional safety indicators The table below shows the specific indicators for functional safety. Route of Assessment Type of Sub-system Mode of Operation 2 H /1 S Type A Low Demand Mode Hardware Fault Tolerance HFT 0 Lambda Dangerous assumed level of calculation 1-α = 95% Lambda Dangerous Undetected assumed Diagnostic Coverage DC = 0% λ D 3.50 E-07 / h 350 FIT λ DU 3.50 E-07 / h 350 FIT Mean Time To Dangerous Failure MTTF D 2.86 E+06 h 326 a Average Probability of Failure on Demand 1oo1 assumed Proof Test Interval T 1 = 1 year Average Probability of Failure on Demand 1oo2 assumed Proof Test Interval T 1 = 1 year assumed β 1oo2 = 10% PFD avg (T 1 ) 1.53 E-03 PFD avg (T 1 ) 1.56 E-04 3.4 Useful lifetime A useful lifetime of approximately 12 years is expected for NDX in safety related applications. 3.5 Behavior of device 3.5.1 During power-up It may take up to 30 seconds for device diagnostics to power up and the device to be fully operational in the diagnostics point of view. This is valid when the loop current is switched on and goes to 3.7 ma or above. This does not effect to the safety function of the device. 3.5.2 During operation Once the device is powered, the device energizes the prestage and the supply air will be fed to the pneumatic actuator by output stage. That will eventually cause the valve to go to its normal operating position according to the input signal.. 3.5.3 During emergency trip See section 3.1. 3.5.4 In the event of alarms and warnings There are few failures (e.g. position sensor failure) which causes NDX to go to fail safe position. See the IMO for details.

Intelligent Valve Controller NDX Safety Manual 5 4. Installation 4.1 Hardware fault tolerance The required hardware fault tolerance of the installation is zero (HFT = 0). If hardware fault tolerance of one (HFT =1) is required, then a dual redundant configuration of the valve installation shall be used. The overall safety integrity depends mainly on the actuator and the valve (ESD or ESV). 4.2 Installation and commissioning The installation of the device needs to be done according to the IMO. Every parameter related to the device type in question and mentioned in the IMO needs to be checked and compared against the device settings. If any deviations exist the safety of the installation cannot be guaranteed. The NDX shall be configured before commissioning. The parameters configured to the NDX shall be read back and verified before commissioning using the HART Device Description (DD) or Metso s Valve Manager (DTM) for NDX. 4.3 Diagnostics coverage To obtain the best possible diagnostic coverage, the various alarm limits in the NDX intelligent valve controller shall be set, see Section 13 in the IMO. The diagnostic coverage factor for an ESD-valve (a fail to close valve) can be assumed to be around 75 % (valve + actuator), depending on the valve and actuator types. The diagnostic coverage factor for an ESV-valve (fail to open valve) can be assumed to be around 90 % (valve + actuator), depending on the valve and actuator types. For more accurate estimates contact Metso. 4.4 Parameters write protection The parameters programmed in the NDX shall be write protected. If the organizational procedures are established, this can be done using the user access levels in the configuration software. 4.5 Operation See the IMO for the operation of the device. 4.6 Maintenance See the IMO for maintenance instructions. During maintenance work on the device, alternative safety function methods shall be taken to ensure process safety. 5. Testing 5.1 Partial stroke test (PST) Device can perform valve partial stroke test, where the safety shutdown valve will be stroked certain amount from it s normal operating position. Typically this stroke size is about 10-20% depending on the process. The stroke size shall be defined by the user and should be defined so that the upset for the process is kept as minimum. For procedure and details see the IMO. 5.2 Valve proof-test Safety shutdown valve proof-test is related to the required SIL level of the application. PFD calculations should define this safety shutdown valve proof test interval. To perform the proof-test check that the device is not in the fail-safe position, de-energize (0 ma) the input signal and check that the valve moves to the intended fail-safe position. See the valve safety manual for further info regarding the proof testing. The whole safety loop shall be tested via the safety system / logic solver. 6. Repair and maintenance Any repair and maintenance to the device shall be carried out only by the qualified person. Device failures must be reported to the manufacturer. The user shall provide a detailed report to the manufacturer describing the failure and any possible effects.

6 Intelligent Valve Controller NDX Safety Manual 7. SIL certificate Certificate No.: 968/V 1006.00/17 Product tested Intelligent Valve Controller Certificate holder Metso Flow Control Oy Vanha Porvoontie 229 01301 Vantaa Finland Type designation NDX 1510 Codes and standards IEC 61508 Parts 1-2 and 4-7:2010 Intended application Safety Function: De-energizing of the NDX 1510 valve controller shall drive the relay valve to safety position by pre-loaded spring and channel 1 vents pressure out to atmosphere so that the attached actuator can drive the valve to its safe state. The valve controllers are suitable for use in a safety instrumented system, e.g. acc. IEC 61511-1:2016, up to SIL 2 (low demand mode). Under consideration of the minimum required hardware fault tolerance HFT = 1 the valve controller may be used in a redundant architecture up to SIL 3. Specific requirements Summary of test results see back side of this certificate. Valid until 2022-07-05 The instructions of the associated Installation, Operating and Safety Manual shall be considered. The issue of this certificate is based upon an examination, whose results are documented in Report No. 968/V 1006.00/17 dated 2017-07-05. This certificate is valid only for products which are identical with the product tested. It becomes invalid at any change of the codes and standards forming the basis of testing for the intended application. Köln, 2017-07-05 Certification Body Safety & Security for Automation & Grid Dipl.-Ing. Stephan Häb TÜV Rheinland Industrie Service GmbH, Am Grauen Stein, 51105 Köln / Germany Tel.: +49 221 806-1790, Fax: +49 221 806-1539, E-Mail: industrie-service@de.tuv.com www.fs-products.com

Intelligent Valve Controller NDX Safety Manual 7

8 Intelligent Valve Controller NDX Safety Manual Metso Flow Control Inc. Europe, Vanha Porvoontie 229, P.O. Box 304, FI-01301 Vantaa, Finland. Tel. +358 20 483 150. Fax +358 20 483 151 North America, 44 Bowditch Drive, P.O. Box 8044, Shrewsbury, M A 01545, USA. Tel. +1 508 852 0200. Fax +1 508 852 8172 South America, Av. Independéncia, 2500-Iporanga, 18087-101, Sorocaba-São Paulo, Brazil. Tel. +55 15 2102 9700. Fax +55 15 2102 9748 Asia Pacific, 238B Thomson Road, #17-01 Novena Square Tower B, Singapore 307685. Tel. +65 6511 1011. Fax +65 6250 0830 China, 11/F, China Youth Plaza, No.19 North Rd of East 3rd Ring Rd, Chaoyang District, Beijing 100020, China. Tel. +86 10 6566 6600. Fax +86 10 6566 2583 Middle East, Roundabout 8, Unit AB-07, P.O. Box 17175, Jebel Ali Freezone, Dubai, United Arab Emirates. Tel. +971 4 883 6974. Fax +971 4 883 6836 www.metso.com/valves

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback