Q: We would like to improve on the safety record of fossil and nuclear energy processes as we design our new renewable energy process. One element of that improved performance is the selection of the safe failure position for valves. We have followed the advice in the Instrument Engineers' Handbook concerning the possible types of failures, including mechanical, air and electric power supply failures. We've also followed the advice given there on how to determine the safe failure positions, such as using a closed valve failure position on heating, and open on cooling. In critical cases, we're using electric motor-operated valves to back up valves with pneumatic actuators, and we are installing them in parallel for cooling and in series for heating applications as recommend.
Now, we came across a situation where the safe failure position required in one phase of the process is different from the failure position required in another phase. In other words, the same valve should fail open, closed, or in the last position, depending on the process phase. Am I right that in such cases we should use double-acting and not spring- return actuators? Do you have any other advice on how to design for such situations?
A: Without knowing nearly enough about the process, two ways to accomplish your stated goal come to mind. 1) Build a manifold with three automatic valves in parallel, so that each valve has manual block valves. Use a spring-return valve in the air-to-open and another in the air-to-close runs. The valve in the third run can have a double-acting actuator. Assuming the process state changes are sufficiently spread out in time, the active run can be manually selected for each state (phase).
2) Many years ago, the large butterfly valve for a 7000 hp hot gas expansion turbine had to close quickly if the shaft to the axial compressor failed. A local power supply, consisting of a cylinder of compressed nitrogen, provided the pressure to operate a double-acting valve. A local pneumatic control device sensed over-speed, and closed the inlet valve. This was done at a large nitric acid plant owned by Hercules Powder Co. in the late 1960s.
Have you done the probability analysis for everything involved in a failure, not just the air supply? There is a balance between cost and risk to be considered. Intrinsic electrical safety is based on the idea that the probability of two improbable events happening at the same time is an acceptable level of risk. Is it possible for one accident or fire to take out both plant air and electricity? My apologies if this repeats what you already know.
A: It is not unusual to have valves with both fail open and fail close control systems in fossil power applications. This is usually achieved through the use of two solenoids, one for fail closed and one for fail open.
The reliability of these systems can be further improved by using redundant solenoids and a voting system, or by specifying the reliability of the instruments using IEC 61508 and the SIL rating system. Triple-redundant solenoids have been used for more than 30 years in Europe for boiler and condenser protection. Triple redundancy is being replaced by the SIL system.