Fail-Safe Energized Design

Historically, to avoid spurious trips, refineries have chosen an EBV that has an operator-initiated energize-to-trip design rather than a fail-safe design.

There are three major problems with an energize-to-trip design:
1. The first problem is that, if the fire or toxic spill is between the operator and the pushbuttons, the operator may be unable to reach the pushbuttons to activate the actuator and valve. To reduce but not eliminate this problem, relocate the pushbuttons to a safe area (as discussed in Section 1366).
2. The second problem is that, unless tested frequently, the system reliability is in question.
3. The third problem is that the emergency shutdown system may be damaged by a fire or explosion. Within a fire hazardous area, fireproofing provides limited protection (approximately 30 minutes) for the system during a fire. An explosion or another type of emergency may damage the system immediately.

To resolve these problems, provide the double-acting actuator in energize-to-trip service with a reserve tank of sufficient capacity to allow three complete cycles back and forth to its failure position. The reserve supply should:
• Be connected to the pressure source with double check valves to prevent back flow.
• Have a pressure switch to move the valve to the failure position automatically when the pressure in the reserve tank drops to a critical level.
• Have an alarm to warn the operator of a drop in the supply pressure.

Leave a Reply

Your email address will not be published. Required fields are marked *