This application claims priority under 35 U.S.C. §119 to Japanese Patent Application No. 2012-282324, filed on Dec. 26, 2012, the entire content of which being hereby incorporated herein by reference.
The present invention relates to a safety instrument system for preserving safety in a plant, and to a PST initiating method.
There are increasing demands for safety instrument systems (hereinafter termed “SIS”) for protecting safety in a plant. In an SIS, and emergency cutoff valve is provided so as to ensure safety by cutting off using the emergency cutoff valve when a failure occurs in the plant. Under normal conditions, the emergency cutoff valve is held in the fully open state, and thus even if the emergency cutoff valve were to become stuck, so as to be in a state that could not function at the time of an emergency, it would be difficult to detect the emergency cutoff valve being stuck.
In order to detect such a fault, periodically a full-closure test of the emergency cutoff valve is performed off-line. The full-closure test must be performed at the time of a periodic inspection when the plant is shut down, and thus is costly. A partial stroke test (PST) is a test that checks the initial motion of the emergency cutoff valve by causing it to move just slightly, while the plant is operating, rather than fully closing the emergency cutoff valve. The time between full-closure tests can be extended through PSTs, thus reducing the preventive maintenance expense See, for example, NISHIDA, June, “Newest Trends in Safety Instrument Systems: PST Solutions and General Solutions,” Instrumentation 2006, Volume 49, No. 11, Kogyogijutsusha, 2006.
A safety instrument is controlled through PFD (Probability of Failure on Demand). The effect of the PST is that it is possible to extend the time between full-closure tests without changing the average value of the PFD between full-closure tests of the emergency cutoff valve. In order to keep the average value of the PFD to a planned value, it is necessary to perform the PSTs following a plan that is scheduled in advance. On the other hand, it is necessary to perform the PST while visually confirming the action of the emergency cutoff valve in the plant. In the technology described in Japanese Patent 4121378 (“the JP '378”), a method is proposed for initiating a PST from the plant floor through a switch, or the like.
In the conventional technology disclosed in the JP '378, even PSTs that can be considered to not actually be necessary may be initiated through an operation on the plant floor. If the frequency with which PSTs are initiated is increased too much, then the adverse effect on the state of production of the product that is produced in the plant may reach a point where it cannot be ignored.
The present invention was created to solve the problems set forth above, and an aspect thereof is to provide a safety instrument system and a PST initiating method able to suppress the adverse effect on the plant caused by unnecessary PST initiation.
A safety instrument system according to the present invention includes a positioner that controls the degree of opening of an emergency cutoff valve that is provided in a pipe in a plant, and a higher-level system that controls a PST of the emergency cutoff valve. The positioner includes a PST executing unit that executes a PST in the emergency cutoff valve in response to an initiating instruction from the higher-level system or an initiating instruction from an inputting device in the workplace. The positioner is provided with a timing unit that measures elapsed time from the completion of a PST on the emergency cutoff valve, and a PST initiation prohibition evaluating unit that evaluates whether or not a PST initiation is permitted, by comparing elapsed time from the previous PST, to a PST minimum interval that is set in advance, when a PST initiating instruction has been received from the higher-level system or from the inputting device.
Another safety instrument system according to the present invention includes a positioner that controls the degree of opening of an emergency cutoff valve that is provided in a pipe in a plant, and a higher-level system that controls a PST of the emergency cutoff valve. The positioner includes a querying unit that queries the higher-level system as to whether or not PST initiation is permitted, when a PST initiating instruction has been received from the inputting device in the work area where in the positioner is provided, a PST executing unit that executes a PST in the emergency cutoff valve in response to an initiating instruction from the higher-level system and executes a PST in the emergency cutoff valve through an initiating instruction from an inputting device in response to a PST initiation permitted/prohibited report from the higher-level system, and a reporting unit that reports the completion of a PST to the higher-level system. The higher-level system includes a storage unit that stores a schedule for PSTs, established in advance, a PST initiation instructing unit that sends, to the positioner, a PST initiating instruction following the schedule stored in the storage unit, a timing unit that measures elapsed time from the completion of a PST in response to a PST completion report from the positioner, and a PST initiation prohibition evaluating unit that compares the elapsed time from the previous PST to a PST minimum interval that is established in advance, when there has been a query from the positioner as to whether or not PST initiation is permitted, and reports, to the positioner, whether or not PST initiation is permitted.
Yet another safety instrument system according to the present invention includes a positioner that controls the degree of opening of an emergency cutoff valve that is provided in a pipe in a plant, and a higher-level system that controls a PST of the emergency cutoff valve. The positioner includes a querying unit that queries the higher-level system as to whether or not PST initiation is permitted, when a PST initiating instruction has been received from the inputting device in the work area where in the positioner is provided, a PST executing unit that executes a PST in the emergency cutoff valve in response to an initiating instruction from the higher-level system and executes a PST in the emergency cutoff valve through an initiating instruction from an inputting device in response to a PST initiation permitted/prohibited report from the higher-level system, and a reporting unit that reports the completion of a PST to the higher-level system. The higher-level system includes a storing unit that stores a schedule for PSTs, established in advance, a PST initiation instructing unit that sends, to the positioner, a PST initiating instruction, a timing unit that measures elapsed time from the completion of a PST in response to a PST completion report from the positioner, and a PST initiation prohibition evaluating unit that compares the elapsed time from the previous PST to the PST minimum interval that has been set in advance, when there has been a query from a positioner as to whether or not PST initiation is permitted, for reports, to the positioner, whether or not PST initiation is permitted, and, when PST initiation timing has been reached based on the schedule, compares the elapsed time from the previous PST to the PST minimum interval that has been set in advance, and, if PST initiation is permitted, instructs the PST initiation instructing unit to send a PST initiating instruction to the positioner.
In the above yet another safety instrument system according to the present invention, the higher-level system further includes a schedule modifying unit that modifies the schedule so that the time at which the previous PST was completed is the starting point if, when the PST initiation timing based on the schedule has been reached, the PST initiation is prohibited by the PST initiation prohibition evaluating unit.
A PST initiating method according to the present invention includes a timing step for timing elapsed time from the completion of a PST on the emergency cutoff valve by a positioner for controlling the degree of opening of an emergency cutoff valve that is provided in a pipe in a plant, a PST initiation prohibition evaluating step for evaluating whether or not a PST initiation is permitted, by comparing elapsed time from the previous PST, to a PST minimum interval that is set in advance, when a PST initiating instruction has been received by the positioner from a higher-level system that manages PSTs on the emergency cutoff valve or from an inputting device on the plant floor wherein the positioner is provided, and a PST executing step wherein the positioner executes a PST on the emergency cutoff valve when PST initiation is permitted.
Another PST initiating method according to the present invention includes a querying step for querying the higher-level system that manages PSTs on the emergency cutoff valve as to whether or not PST initiation is permitted, when the positioner that controls the degree of opening of the emergency cutoff valve that is provided in a pipe in a plant has received a PST initiating instruction for the emergency cutoff valve from the inputting device in the work area where in the positioner is provided, a PST executing step wherein the positioner executes a PST in the emergency cutoff valve in response to an initiating instruction from the higher-level system and for executing a PST in the emergency cutoff valve through an initiating instruction from an inputting device in response to a PST initiation permitted/prohibited report from the higher-level system, a reporting step wherein the positioner reports the completion of a PST to the higher-level system, a PST initiation instructing step wherein the higher-level system sends, to the positioner, a PST initiating instruction following a PST schedule that is established in advance, a timing step wherein the higher-level system measures elapsed time from the completion of a PST in response to a PST completion report from the positioner, and a PST initiation prohibition evaluating step wherein the higher-level system compares the elapsed time from the previous PST to a PST minimum interval that is established in advance, when there has been a query from the positioner as to whether or not PST initiation is permitted, reports, to the positioner, whether or not PST initiation is permitted.
Yet another PST initiating method according to the present invention includes a querying step for querying the higher-level system that manages PSTs on the emergency cutoff valve as to whether or not PST initiation is permitted, when the positioner that controls the degree of opening of the emergency cutoff valve that is provided in a pipe in a plant has received a PST initiating instruction for the emergency cutoff valve from the inputting device in the work area where in the positioner is provided, a PST executing step wherein the positioner executes a PST in the emergency cutoff valve in response to an initiating instruction from the higher-level system and for executing a PST in the emergency cutoff valve through an initiating instruction from an inputting device in response to a PST initiation permitted/prohibited report from the higher-level system, a reporting step wherein the positioner reports the completion of a PST to the higher-level system, a timing step wherein the higher-level system measures elapsed time from the completion of a PST in response to a PST completion report from the positioner, and a PST initiation prohibition evaluating step wherein the higher-level system compares the elapsed time from the previous PST to a PST minimum interval that has been set in advance, when there has been a query from a positioner as to whether or not PST initiation is permitted, reports, to the positioner, whether or not PST initiation is permitted, and, when PST initiation timing has been reached based on a schedule that is established in advance, compares the elapsed time from the previous PST to the PST minimum interval that has been set in advance, and, if PST initiation is permitted, sends a PST initiating instruction to the positioner. The first example configuration of a PST initiating method according to the present invention further includes a schedule modifying step wherein the higher-level system modifies the schedule so that the time at which the previous PST was completed is the starting point if, when the PST initiation timing based on the schedule has been reached, the PST initiation is prohibited by the PST initiation prohibition evaluating step.
With the present invention, when the positioner has received a PST initiating instruction from a higher-level system or from an inputting device, the elapsed time from the previous PST is compared with a PST minimum interval that is set in advance to determine whether or not PST initiation is permitted, thus making it possible to prevent unnecessary PST initiation, making it possible to suppress the adverse effect on the plant that would be caused by unnecessary PST initiation.
Moreover, in the present invention, when there is a PST initiation permission query from a positioner, a higher-level system compares the elapsed time from the previous PST to a PST minimum interval that is set in advance, and notifies the positioner as to whether or not PST initiation is permitted, thus making it possible to prevent unnecessary PST initiation, making it possible to suppress the adverse effect on the plant that would be caused by unnecessary PST initiation.
Moreover, in the present invention, when there is a PST initiation permission query from a positioner, a higher-level system compares the elapsed time from the previous PST to a PST minimum interval that is set in advance, and notifies the positioner as to whether or not PST initiation is permitted, and when the timing for PST initiation based on a schedule arrives, the higher-level system compares the elapsed time since the previous PST, and if the PST initiation is permitted, an instruction is sent to PST initiation instructing means to cause it to send a PST initiating instruction to the positioner, making it possible to prevent unnecessary PST initiation without discriminating between a PST through an initiating instruction from the higher-level system and a PST through an initiating instruction from an inputting device on the plant floor, thus making it possible to prevent unnecessary PST initiation, making it possible to suppress the adverse effect on the plant that would be caused by unnecessary PST initiation.
Moreover, when the timing of PST initiation based on a schedule has arrived, if the PST initiation is prohibited, the higher-level system modifies the schedule starting at the point in time wherein the previous PST was completed, enabling the PST schedule to be modified depending on the PST execution status.
The PST interval that is the guideline can be established in advance based on, for example, safety validation. Consequently, it is possible to reduce problems caused by unlimited PST initiation on the plant floor while maintaining flexibility for PST initiation depending on the situation on the plant floor, through the provision of a specific initiation prohibition interval after PST initiation. This makes it possible to both not be biased towards top-down PST initiation that undervalues the plant floor evaluations, and also is not, conversely, biased toward chaotic PST initiation that will have an adverse effect on the production status.
Forms for carrying out the present invention will be explained below in reference to the figures.
An emergency cutoff valve 1 that is provided in order to prevent an incident in a plant is provided in a pipe in the plant and is driven pneumatically. A positioner 2 that controls the opening of the emergency cutoff valve 1 receives a positioner control signal from a higher-level system 3 that controls the maintenance of the various field devices in the plant, and, in response to an opening instruction value indicated by the positioner control signal, uses air that is supplied from an air supplying pipe 4 to send the required operating device air pressure to the emergency cutoff valve. The operating device air pressure from the positioner 2 is provided to the emergency cutoff valve 1 through an air pipe 5. Moreover, the positioner 2 is able to measure the degree of opening of the emergency cutoff valve 1 through an opening feedback mechanism.
At the time of an emergency cutoff, triggered by a fault in the plant, the emergency cutoff signal is sent from the higher-level system 3 to an electromagnetic valve 6 that is provided in the air pipe 5 between the positioner 2 and the emergency cutoff valve 1. In response to the emergency cutoff signal, the electromagnetic valve 6 opens the path of the air pipe 5 toward the air exhaust pipe 7, to release the operating device air pressure. The emergency cutoff valve 1 is closed thereby.
When a PST is executed, the degree of opening of the emergency cutoff valve 1 is varied, by the positioner 2, as, for example, 100%→90%→100%, making it possible to confirm the initial action of the emergency cutoff valve 1. The PST may be initiated by a positioner control signal from the higher-level system 3, and may also be initiated through a control panel, or the like, that is an inputting device that is provided on the positioner 2. One emergency cutoff valve 1 of this type, or a plurality thereof, is provided in the plant.
A positioner 2 is provided for each emergency cutoff valve. Each positioner 2 includes a timer 20, which is timing means for measuring the time that has elapsed since the completion of a PST by the corresponding emergency cutoff valve 1, a PST initiation prohibition evaluating portion 21 for evaluating whether the initiation of a PST for the corresponding emergency cutoff valve 1 is to be prohibited or permitted, based on the elapsed time measured by the timer 20, and a PST executing portion 22 for executing the PST for the corresponding emergency cutoff valve 1, for evaluating the completion of the PST, for evaluating whether or not there is a fault in the emergency cutoff valve 1, and the like. The positioner 2 is able to receive both a PST initiating instruction signal that is inputted from an operating panel that is an inputting device, not shown, and a PST initiating instruction signal that is sent from the higher-level system 3.
The higher-level system 3 includes a storing portion 30 for storing, for each emergency cutoff valve, a PST schedule that has been established in advance, and a PST initiating instructing portion 31 for initiating PSTs in accordance with the schedule.
The operation of the safety instrument system of the present example will be explained below in reference to
If the elapsed time from the previous PST is less than the PST minimum interval, then the PST initiation prohibition evaluating portion 21 prohibits the initiation of a PST on the corresponding emergency cutoff valve 1 (YES in Step S102 of
When the elapsed time from the previous PST is no less than the PST minimum interval, the PST initiation prohibition evaluating portion 21 permits the initiation of a PST on the corresponding emergency cutoff valve 1 (NO in Step S102 in
When the PST has been completed (YES in Step S105 of
As described above, when, in the present example, the interval for initiating a PST is shorter than the PST minimum interval that is set in advance, the initiation of the PST is not permitted, thereby making it possible to suppress the adverse effects on the plant caused by initiating unnecessary PSTs.
Another Example according to the present invention will be explained next.
The higher-level system 3 includes a storing portion 30, a PST initiation instructing portion 31, a PST initiation prohibition evaluating portion 32 for evaluating whether PST initiations for the individual emergency cutoff valves 1 are to be prohibited or permitted, and a timer 33 for measuring the elapsed time from the completion of a PST through a PST initiating instruction signal from an operating panel of a positioner 2. A timer 33 is provided for each individual positioner 2. In addition to the PST initiating instruction signals, signals for providing notification as to whether or not a PST initiation is permitted (PST initiation permitted/prohibited messages) are sent to the individual positioners 2 from the higher-level system 3.
Each positioner 2 includes a PST executing portion 22a for executing a PST on the corresponding emergency cutoff valve 1 in response to a PST initiation permitted/prohibited message that is sent from the higher-level system 3, a querying portion 23 for sending a query to the higher-level system 3 as to whether or not PST initiation is permitted, and a reporting portion 24 for reporting, to the higher-level system 3, a PST completion. Result information for a PST that has been executed, specifically, information on the completion timing of the PST and information indicating whether the PST is complete or incomplete, is sent from the positioner 2 to the higher-level system 3.
The operation of the safety instrument system of the present example will be explained below in reference to
Moreover, when a PST initiating instruction signal has been received from an operating panel of an individual positioner 2 (YES in Step S200 of
The PST initiation prohibition evaluating portion 32 of the higher-level system 3 obtains, from the timer 33 corresponding to this positioner 2, the value for the elapsed time from when the previous PST was initiated in response to a PST initiating instruction signal from the operating panel of the positioner 2 that sent the inquiry, and compares this elapsed time to the PST minimum interval that has been set in advance, to determine whether or not initiation of a PST on the positioner 2 that made the query is permitted, and sends the result of the evaluation to the positioner 2 that made the query (Step S202 in
When a PST initiation prohibiting message is received from the higher-level system 3 (YES in Step S203 of
When the PST initiation prohibition evaluating portion 32 of the higher-level system 3 has received PST result information from the positioner 2, and that information is result information for a PST that has been executed in response to a PST initiating instruction signal from an operating panel, a determination is made, based on this PST result information, as to whether or not to reset the timer 33 corresponding to this positioner 2 (Step S207 in
As described above, the present example enables the provision of a system that enables initiation of a PST flexibly depending on conditions on the plant floor and also that enables initiation of a PST at regular intervals that are established in advance by the safety instrument (top-down PST control). One may consider a policy wherein the PST can be moved forward if, for example, if the operating conditions (the quality of the materials, for example) in the plant at the time at which the subsequent PST is scheduled are bad, and the manager on the work floor wishes to avoid executing the PST at that time. There are cases wherein excessive PSTs that do not have the effect of maintaining the average value for the PFD may be performed when the elapsed time from the previous PST is short, even when such a decision has been made on the plant floor. In the present example initiation of the PST is not permitted if the elapsed time since the previous PST initiation by an action on the plant floor is shorter than the PST minimum interval when there is an attempt to initiate a PST through operating the operating panel on the plant floor, thus making it possible to cause the manager on the plant floor to reconsider the timing with which to initiate the PST.
Yet Another Example according to the present invention will be explained next.
If, after the completion of a PST through an action on the plant floor a PST that was originally scheduled is initiated through a PST initiating instruction signal from the higher-level system 3 without having adequate time, the PST would be an unnecessary PST, so the PST need not be performed. Consequently, if there is a PST through an action on the plant floor, omitting the PST through the PST initiating instruction signal from the higher-level system 3 makes it possible to avoid initiating an unnecessary PST.
The higher-level system 3 includes a storing portion 30, a PST initiation instructing portion 31a, a PST initiation prohibition evaluating portion 32a, and a timer 33a. While the timer 33 in the Another Example measured the elapsed time from the completion of a PST through an instruction from the operating panel on the plant floor, the timer 33a in the present example measures the elapsed time from the completion of a PST, without distinguishing between a PST through an instruction from the operating panel on the plant floor and a PST through an instruction from the higher-level system 3. A timer 33a is provided for each individual positioner 2. Each positioner 2 includes a PST executing portion 22a, a querying portion 23, and a reporting portion 24.
The operation of the safety instrument system of the present example will be explained below in reference to
The PST initiation prohibition evaluating portion 32a of the higher-level system 3, when there is a query from a positioner 2, acquires from the timer 33a corresponding to the positioner 2, the value for the elapsed time from the previous PST execution by the positioner 2, and compares this elapsed time to the PST minimum interval to evaluate whether or not initiation of a PST in the positioner 2 that made the query is to be permitted, and sends the evaluation result to the positioner 2 that made the query (Step S302 in
Moreover, the PST initiation prohibition evaluating portion 32a references the schedule that is stored in the storing portion 30, and if the evaluation is that the PST initiation timing has been reached for a given emergency cutoff valve 1 (YES in Step S308 in
The PST executing portion 22a of the individual positioner 2, upon receipt of a PST initiating instruction signal from the higher-level system 3, executes a PST on the corresponding emergency cutoff valve 1.
Additionally, upon receipt of the PST result information from the positioner 2, the PST initiation prohibition evaluating portion 32a determines whether or not to reset the timer 33a corresponding to the positioner 2 (Step S307 in
While following this an attempt is made to execute a PST 101-1 through operating the operating panel on the plant floor, by a manager on the plant floor, at time t2, the elapsed time from the previous PST 100-1 is less than the PST minimum interval T0, and thus the PST initiation prohibition evaluating portion 32a of the higher-level system 3 prohibits initiation of this PST 101-1 because the elapsed time from the previous PST 100-1 is less than the PST minimum interval T0. As described above, the PST minimum interval T0 is set to a value that is less than the PST interval T1 that is set by the schedule in the higher-level system 3. At time t3, the elapsed time that is measured by the timer 33a is no less than the PST minimum interval T0, so the PST initiation prohibition evaluating portion 32a permits execution of the PST 101-2 by the instruction from the operating panel on the plant floor. When the PST is completed, the corresponding timer 33a is resetted, and measurement of the elapsed time is started.
Following this, an attempt is made to execute the PST 100-2 through the schedule of the higher-level system 3, but because the elapsed time from PST 101-2 is less than the PST minimum interval T0, the PST initiation prohibition evaluating portion 32a prohibits initiation of this PST 100-2. In the Another Example, PSTs were executed periodically through instructions from the higher-level system 3 regardless of the PSTs through instructions from the operating panel on the plant floor. In contrast, in the present example no distinction is made between the PSTs by instructions from the higher-level system 3 and PSTs by instructions from the operating panel on the plant floor when evaluating whether or not to permit initiation of a PST, thus making it possible to omit the PST 100-2, thus making it possible to avoid initiating unnecessary PSTs.
Further Example according to the present invention will be explained next.
The higher-level system 3 includes a storing portion 30, a PST initiation instructing portion 31a, a PST initiation prohibition evaluating portion 32a, a timer 33a, and a schedule modifying portion 34. Each positioner 2 includes a PST executing portion 22a, a querying portion 23, and a reporting portion 24.
The operation of the safety instrument system of the present example will be explained below in reference to
The schedule modifying portion 34 of the higher-level system 3 evaluates whether or not it is necessary to modify the schedule (Step S410 in
When there has been an evaluation that a schedule requires modification (YES in Step S410 in
Each of the positioners 2 and the higher-level systems 3 described in the Example, Another Example, Yet Another Example and Further Example can each be embodied through a computer that includes a CPU (Central Processing Unit), a storage device, and an interface, along with a program for controlling these hardware resources. The CPUs for the individual devices execute the procedures described in the Example, Another Example, Yet Another Example and Further Example following programs that are stored in the storage devices.
The present invention can be applied to partial stroke testing of emergency cutoff valves that are provided in order to prevent incidents in a plant.
Number | Date | Country | Kind |
---|---|---|---|
2012-282324 | Dec 2012 | JP | national |