Imagine a high-security vault filled with priceless artifacts. A small leak in the vault’s ceiling could go unnoticed for years, allowing valuable items to deteriorate. That is what can happen with Safety Instrumented Systems. If there are undetected failures, it can lead to catastrophic consequences. But that’s where proof testing comes in. It is like the Sherlock Holmes of Safety Instrumented Functions, uncovering hidden clues to prevent these failures. We have teamed up with our Safety Instrumented Systems Experts to answer 7 fundamental questions about proof testing and how it helps achieve functional safety in process industries.
What is proof testing, and why is it important in the context of safety instrumented functions?
Proof testing is a systematic process used to verify that the sensors, logic solvers, and final elements in Safety Instrumented Functions (SIFs) can respond to hazardous conditions or demands as needed to prevent or mitigate process-related incidents. IEC 61508 defines proof testing as a “periodic test performed to detect dangerous hidden failures in a safety-related system so that, if necessary, a repair can restore the system to an ‘as new’ condition or as close as practical to this condition.”
It is an essential part of the Safety Instrumented System (SIS) Lifecycle, and it happens during the operational stage. Proof testing is important in the context of safety instrumented functions to reveal undetected failures and optimize the intervals for maintaining the Safety Integrity Level (SIL) of the system.
How does proof testing help detect undetected faults in safety instrumented functions, and how does it contribute to achieving functional safety in process industries?
Proof testing is like a game of hide-and-seek: it helps us find the hidden faults in safety instrumented functions that may not have been apparent during normal inspections, or automatic diagnostics. By subjecting the SIF to rigorous testing, it is possible to uncover hidden faults such as valve leaks, sensor drift, or failures in the logic solver. Then you can take corrective actions to address the revealed issues and enhance the overall reliability of the safety instrumented function.
SIL (Safety Integrity Level) and PFD (Probability of Failure on Demand) are key concepts used in determining the effectiveness and reliability of SIFs. SIL measures the effectiveness of a safety instrumented function in reducing risk, with higher SIL levels requiring more stringent proof testing. PFD quantifies the probability of a safety instrumented function failing to perform its intended function upon demand, and proof testing helps validate the PFD by verifying that the SIF meets the required reliability targets. The frequency at which a device is proof-tested significantly impacts the overall Probability of Failure on Demand (PFD), which affects the Safety Integrity Level (SIL) of the safety function.
If the device is not tested at the specified interval, there is a danger that an undetected failure may be left unrevealed until demand is placed on it, potentially leading to the safety function not working when needed. For that reason, it is important to stick to the specified proof test intervals to ensure the reliability and effectiveness of the safety instrumented functions.
What are the factors to consider when developing a proof test procedure according to IEC 61508, and how can these procedures be used for improvement and elimination of potentially dangerous systematic failure?
When developing a proof test procedure, several factors should be considered to ensure the effectiveness of the proof testing process. These factors include:
- The proof test procedure should consider both the functional requirements, such as what the SIF needs to do, and the performance requirements, such as the leakage and timing parameters and any exceptions to the safety manual.
- The proof test procedure should be based on an analysis of the known dangerous failure modes for each Instrument/Equipment of the SIFs. This analysis should consider the SIF functionality as a system and how (and if) to test for the dangerous failure mode.
- The proof test procedure should define the scope of the test and the coverage required to detect dangerous failures. Coverage factor should be expressed as a percentage of failures classified as undetected dangerous.
- The proof test procedure should define the frequency of testing required to maintain the safety integrity of the SIF. The frequency of testing is determined by the SIF Analysis (PFD verification).
- The proof test procedure should be standardized and consistent to minimize the potential for human error. This can include developing comprehensive proof-test procedures based on an analysis of known dangerous failure modes for each SIF instrument/equipment type and using well-designed testing templates/checklists to guide maintenance personnel through the testing process.
To ensure the effectiveness of the proof testing process, you should regularly review and update the procedures to reflect changes in the SIF’s design, operation, and maintenance practices. Analyze and document the results of proof testing to identify potential issues and opportunities for improvement. By addressing these factors, you can develop effective proof test procedures that contribute to the elimination of potentially dangerous systematic failures and the improvement of the safety integrity of SIFs.
What is the importance of following manufacturers’ recommendations regarding proof testing and the Safety Requirements Specification (SRS) in the context of achieving functional safety in process industries?
The Safety Requirements Specification (SRS) is a vital document in the Safety Life Cycle (SLC) and plays a key role in safety system engineering, particularly in process industries. It specifies the functional and performance requirements associated with Safety Instrumented Functions (SIF) and other process safety systems.
The SRS is crucial in the context of achieving functional safety, as it serves as the essential reference document for the entire safety lifecycle. It documents all-important expectations from the SIS, such as the list of SIF and associated parameters, from manual shutdown requirements to reset philosophy and limitations and constraints of the system.
Following the SRS is of utmost importance in achieving functional safety in process industries, as it ensures that safety systems are designed, operated, and maintained in a way that effectively mitigates risk and prevents potential hazards, contributing to the safe operation of process industries.
What types of proof tests are there, and how do they contribute to maintaining safety integrity levels and keeping the probability of failure on demand low?
There are two main types of proof tests: Full proof tests and Partial proof tests.
Full-proof testing is like a full-body scan for your SIFs providing close to 100% proof test coverage. It tests the whole thing under actual operating conditions to make sure it can respond to hazardous conditions or demands. It is the most comprehensive type of proof testing, and it is designed to detect all potentially dangerous undetected failures (DU) in a Safety Instrumented Function (SIF).
Partial proof-testing on the other hand, only tests a percentage of a device’s failure modes. It is less comprehensive than full-proof testing, but it is still important. It is commonly done when the components of the SIF have different test intervals in the PFD calculations that do not line up with planned shutdowns or turnarounds. Partial testing can be performed remotely and is far less time-consuming than comprehensive testing.
The frequency and thoroughness of proof tests are determined based on the PFDavg calculations. Full-proof testing brings the instrument’s Probability of Failure on Demand (PFD) average near its original targeted level, while partial-proof testing brings the PFD average back to a percentage of the original level. SIF equipment with lower dangerous failure rates requires less frequent and less invasive proof tests. This means that SIF equipment with a higher level of reliability needs to be tested less often and with less impact on their operation.
What are the implications of imperfect proof testing on the system’s overall safety, and how can these be mitigated?
The implications of imperfect proof testing on the overall safety of the system can be significant, as undetected faults can lead to SIF not intervening on demand, and possible subsequent process-related incidents. These can be mitigated by developing a good test procedure that provides sufficient details to ensure that the required tests are conducted and a double-check that the SIF has been properly placed back into process service.
Proof testing should reveal every undetected failure and restore the device to an ‘as new’ condition, but this rarely happens for several reasons. Imperfect proof testing can result in a gradual increase in the Probability of Failure on Demand (PFD) over time, which may eventually lead to the system not meeting the PFD requirement. The effect of an overhaul will ‘restore’ the device to an ‘as new’ condition and reset the PFD to its original value. It is important to account for proof test coverage in the PFD calculation to consider the impact of imperfect proof testing.
If the PFDavg value of the complete Safety Instrumented Function (SIF) stays within the applicable SIL, then no additional engineering is required. However, if the PFDavg ends up in a lower SIL than specified, additional engineering may be required. Therefore, it is important to conduct proof tests following the calculated interval and accurately to ensure that the SIFs maintain their reliability and effectiveness in achieving functional safety.
What are the challenges and disadvantages associated with proof testing, and how can you address them to ensure the effectiveness of the proof testing process?
The challenges and pitfalls associated with proof testing include:
- Inaccurate representation of reliability: An incomplete or incorrect proof test can significantly misrepresent the reliability of a SIF, leading to a false sense of security or overly conservative safety measures. To address this issue, ensure that proof tests are conducted thoroughly, accurately, and regularly and that the results are carefully analyzed and documented.
- Undetected failures: Proof tests may not detect issues like loose connections or corrosion within the SIF, which can lead to undetected failures. To mitigate this risk, consider incorporating additional testing methods, such as reliability-centered maintenance, to complement proof testing.
- Human and procedural errors: Human and procedural elements of a proof test can introduce errors and inconsistencies, leading to an inaccurate assessment of the SIF’s reliability. To minimize these errors, implement rigorous training and certification programs for proof test personnel, standardize test procedures, and maintain detailed records of test results and observations.
- Variability in test intervals: The more frequently a proof test is run and the more extensive the test is, the greater the safety integrity. However, overly frequent testing can be time-consuming and costly. To strike a balance, consider the SIF equipment’s dangerous failure rates, test coverage, and test frequency to choose the “minimum” test frequency that allows meeting the Target PFD.
- Maintenance culture: The quality of proof tests can be influenced by the site maintenance culture, which may affect the accuracy and effectiveness of the tests. To address this issue, promote a culture of continuous improvement and safety prioritization within the organization, and ensure that proof testing is integrated into the overall maintenance strategy.
So, proof testing is like a safety check-up for your system. It is like going to the doctor to make sure everything is working properly. You do not want any hidden flaws to go undetected because that could be dangerous. Proof testing helps ensure that your Safety Instrumented Systems (SIS) are always operating at their best and meeting safety standards. It is a vital part of the safety lifecycle, and critical to ensure a system achieves its required SIL throughout the safety lifecycle.
Cenosco has developed IMS SIS, a software that provides a single point of entry for all SIS Lifecycle discipline engineers. It offers a streamlined proof-testing process that ensures the safety integrity of your systems. It allows you to create schedules for your SIF equipment proof tests and provides a platform for maintenance engineers to register the results of the proof tests on SIF equipment. The system allows you to calculate test intervals, assign proof tests and coverage factors that impact the thoroughness and effectiveness of the process, ensuring the testing frequency is sufficient for the required risk reduction and reliability. By adhering to key steps outlined in IEC 61508, such as establishing proof test intervals, evaluating test effectiveness, and following manufacturers’ recommendations and the Safety Requirements Specification (SRS), the IMS SIS supports users in maintaining the required Safety Integrity Levels (SIL) for their instrumented protective functions. IMS SIS also offers comprehensive user management functionality, access to exclusive failure rate data, and the ability to create custom dashboards and test checklists.
Request a Demo
Want to get a first-hand look at IMS SIS? Fill out the form below.
