Sensors, Actuators

Double up on solenoid safety

Adding two solenoid valves to a safety instrumented system keeps equipment, facility and personnel safe and the system online.
By Joseph D. McHugh II November 15, 2019
Courtesy: Emerson

In the context of an entire production facility, such as an oil refinery, exercising the solenoid valve might not be at the top of your priority list (see Figure 1). But the reality is all valves experience stiction if they remain inactive for too long. (Note: Stiction is the friction that tends to prevent stationary surfaces from being set in motion.)

Figure 1: In the context of an entire oil refinery, exercising the solenoid valve might not be at the top of your priority list. Courtesy: Emerson

Figure 1: In the context of an entire oil refinery, exercising the solenoid valve might not be at the top of your priority list. Courtesy: Emerson

Although periodic exercise is crucial for any valve, the stakes are higher when it comes to the solenoid: if this valve experiences stiction-related failure, the emergency shutdown valve won’t be able to stop the flow of a flammable or even explosive fluid — leading to possible catastrophe.

Though critical for valve maintenance, the problem with exercising the solenoid valve is that it may entail downtime. Fortunately, there’s a simple and easy solution.

Consider a two-solenoid safety methodology that allows exercising the solenoid valve online, protecting the plant, improving uptime and enabling adherence to functional safety requirements.

The solenoid valve’s role

The emergency shutdown (ESD) block valve is part of the final element in a safety instrumented system (SIS), which is required by law on any equipment processing hazardous chemicals. While the basic process control system is designed to prevent incidents by way of process alarms and operator intervention, the SIS provides an additional layer of protection to prevent and mitigate potential dangers (see Figure 2).

Figure 2: In this typical emergency shutdown scenario, the shutdown valve stops the flow of hazardous fluids upon detecting dangerous conditions. The solenoid valve responds to the ESD controller to vent the actuator to a fail state. Courtesy: Emerson

Figure 2: In this typical emergency shutdown scenario, the shutdown valve stops the flow of hazardous fluids upon detecting dangerous conditions. The solenoid valve responds to the ESD controller to vent the actuator to a fail state. Courtesy: Emerson

An SIS typically consists of the following components:

  • Sensors, which measure process parameters, including pressure, temperature, flow, level and gas concentration.
  • Logic solvers, or controllers that read the signals from the sensors and execute preprogrammed actions to prevent or mitigate a process hazard.
  • Final elements, which bring the process to a safe state. In addition to the ESD valve, they can include a pneumatic, electric or hydraulic actuator and solenoid valve.

In many SIS applications, the solenoid valve remains energized in the open position during normal operation. (Note: This indirectly acknowledges energize to trip applications.) However, if the system detects overpressure or other dangerous conditions, the valve moves to the closed position, activating the ESD valve to stop the process flow. But despite its critical role in ensuring the safety of the facility, equipment and nearby personnel, the solenoid valve rarely gets used. In fact, it can remain in the same position for months or even years, increasing the chances that it will fail to close on command. The most prevalent cause of this failure is stiction.

The dangers of neglect

“Mechanical devices, like the human body, work well when they’re regularly exercised,” said Dr. Angela Summers, president of SIS-TECH Solutions. “When you don’t exercise the valve, you’re increasing the potential that it could stick, which could prevent the valve from closing when it needs to.” (see sidebar, “A word with Dr. Angela Summers.”)

In a typical solenoid valve, O-rings remain in direct contact with the chamber walls, creating a seal while the plunger is in motion. The plunger must first overcome the stiction between the O-rings and walls to move. If the valve is at rest for an extended period, the stiction increases beyond its normal level until the forces generated by the solenoid coil can no longer overcome it, preventing the valve from closing properly. In addition, the presence of water or oil can cause a sticky residue inside the valve.

Because chances of stiction increase incrementally over time, infrequent testing raises the probability of valve failure on demand (PFD). Even without changing the architecture of the valving, more frequent testing will reduce stiction, lowering the average PFD (see Figure 3).

Figure 3: More frequent testing of the solenoid valve lowers the average PFD, even without adding more complex architecture. Courtesy: Emerson

Figure 3: More frequent testing of the solenoid valve lowers the average PFD, even without adding more complex architecture. Courtesy: Emerson

In addition to the potentially life-threatening safety concerns, including the risk of fires or explosions, solenoid valve failure is a condition that has vast productivity implications — especially if it leads to a plant shutdown. Not only would a shutdown disrupt uptime, but significant costs could be incurred.

Double-solenoid redundancy

Periodically testing solenoid valves serves two mechanical purposes: It prevents stiction, and it proves it isn’t there to begin with. Bringing the valve through a single cycle is all that’s necessary. De-energize the solenoid coil so the valve fully closes, and then reenergize the coil to return the valve to the open position. But as simple as it is, cycling the solenoid requires taking the SIS offline, which creates downtime. For many plant owners, this disruption to productivity outweighs the threat of hypothetical catastrophe.

Fortunately, the solution is simple: By adding a second solenoid valve to the design of the ESD valve, each solenoid can be tested individually. You can even program the controller to run periodic tests automatically, preventing valve stiction, lowering the average PFD and avoiding plant accidents — without ever taking the system offline.

Installing a second solenoid valve isn’t time-consuming. Nor is it mechanically complex. Within a prepackaged solution, the redundant control system (RCS) is a proven pilot valve arrangement that has no single point of failure and provides built-in redundancy and diagnostics to optimize plant safety and reliability while maximizing uptime (see Figure 4). The RCS incorporates a 2oo2D architecture and consolidates many components, including a maintenance bypass switch, pressure switches and redundant solenoid valves, into one easy-to-configure package that meets critical safety requirements (see “Architectural constraints and considerations”).

Some of the benefits of this redundant system include:

  • Automated online testing allows detection of 98% of dangerous failure points, including solenoid valve and partial stroke tests, as well as continuous monitoring and diagnostic feedback from pressure switches; no bypassing is required.
  • Easy online maintenance allows replacing the solenoid valves, coils and pressure switches quickly and easily with no process interruption.
  • No nuisance trips. Thanks to its fault-tolerant, redundant solenoid valve architecture, the RCS has no single point of failure that could lead to unplanned closure of the process valve.
  • Stainless-steel construction, e., the system’s optional 316L stainless-steel valves and pressure switches, are suitable for use in corrosive environments, such as the Gulf Coast, where oil and gas equipment is regularly exposed to salt, humidity and fluctuating temperatures.
  • High safety availability, with the RCS being SIL 3-certified and meeting IEC 61508:2010 requirements for functional safety (see “Following functional safety guidelines”).

Sidebar: A word with Dr. Angela Summers

Dr. Angela Summers designed the technology behind the redundant control system (RCS). She has nearly 30 years of experience in instrumentation and controls, process design and environmental pollution controls and is currently the president of SIS-TECH, a consulting and engineering firm that specializes in safety instrumented systems.

Figure 4: Featuring a low average PFD and spurious trip rate (STR), the RCS provides both safety and reliability in one package. Courtesy: Emerson

Figure 4: Featuring a low average PFD and spurious trip rate (STR), the RCS provides both safety and reliability in one package. Courtesy: Emerson

“At the time of my design, you really only had two choices for using solenoids to actuate block valves,” Summers said. “You either used a simplex architecture, which provided you with a good level of safety, but it was inherently less reliable because you depended on the one solenoid. Your second option — two-out-of-two (2oo2) — wasn’t quite as safe because it required two devices to work, but it was much more reliable. The product I designed was a mix of the two: you get extremely high safety, as well as high reliability.

“Emerson spent a lot of time working to maximize the flow pathways of the manifold to achieve the fastest closure time possible while producing the smallest, lightest box for installation,” Summers said. “The company evolved the manufacturing process to create a product that minimized my design’s footprint, cost and weight.”

Sidebar: Architectural constraints and considerations

Over the years, the safety integrated system (SIS) architecture has evolved to increase overall safety and improve process reliability, but each emerging solution had its advantages and disadvantages (see Figure 5):

Figure 5: Over the years, SIS architecture has evolved to increase overall safety and improve process reliability, but each design has its advantages and disadvantages when it comes to the average PFD and STR. Courtesy: Emerson

Figure 5: Over the years, SIS architecture has evolved to increase overall safety and improve process reliability, but each design has its advantages and disadvantages when it comes to the average PFD and STR. Courtesy: Emerson

  • One-out-of-one (1oo1). This basic architectural design features only one element.
  • This design adds redundancy for better safety. Although it reduces the average probability of design failure on demand (PFD), it does increase the spurious trip rate (STR), in which failure of either solenoid valve will trip the system.
  • This architecture adds redundancy for better process reliability. Although it reduces the STR, it increases the average PFD.
  • This design adds advanced redundancy for better safety and process reliability, while reducing both the STR and average PFD. However, because this architecture involves more components, it leads to higher input/output (I/O) requirements, increased power consumption while adding complexity.
  • The RCS features 2oo2D, one of the newer architectures that incorporates diagnostics for improved safety and high process availability. Its fault-tolerant design has no single point of failure and provides a much lower STR than 1oo2 and 2oo3 architectures.

Sidebar: Following functional safety guidelines

Many industries, including oil & gas, rely on functional safety, which is outlined by the IEC 61508 standard. Not only must equipment operate correctly in response to its inputs, but it must be able to detect potentially dangerous conditions and activate corrective mechanisms to prevent fires, explosions or other hazardous events from arising. For the IEC 61508 standard, four safety integrity levels (SILs) are defined, with SIL 1 being the least dependable and SIL 4 being the most dependable. Two aspects of assessment, according to this standard, include systematic capability and random failure capability, which is based on the type of element, average probability of failure on demand (PFD) and architecture.

Figure 6: “The architecture of the RCS allows you to achieve very high safety and reliability,” said Dr. Angela Summers. “And by designing it into the manifold, you also can eliminate many sources of maintenance errors, which further improves the reliability of your installation.” Courtesy: Emerson

Figure 6: “The architecture of the RCS allows you to achieve very high safety and reliability,” said Dr. Angela Summers. “And by designing it into the manifold, you also can eliminate many sources of maintenance errors, which further improves the reliability of your installation.” Courtesy: Emerson

With its low spurious trip rate (STR) and average PFD, the redundant control system (RCS) is a solution for meeting functional safety requirements in critical applications, as it provides high safety and reliability in one package (see Figure 6). Thanks to its automatic diagnostic testing capabilities, its average PFD numbers are in the SIL 3 range, enabling the system to be used in even the most stringent safety application.


Joseph D. McHugh II
Author Bio: Joseph D. McHugh II is business development manager, process, hydrocarbon, fluid and motion control at Emerson. He has more than 35 years of experience in the process instrumentation industry, and has held positions of account management, application engineer/specialist and account sales manager with different representative companies for the Texas Gulf Coast area. McHugh joined Emerson within the ASCO brand in 1997. His responsibilities are focused on corporate end user specifications, safety and reliability, application reviews, product development and capital project specifications. He also is a past recipient of the ASCO Presidents Award for Excellence.