Functional Safety: The Critical Role of Proof Tests
As any chef will tell you, the proof of the pudding is in the eating. Cooks have always had a simple, infallible way of evaluating their success, and the cost of failure may only be disappointed faces around the dinner table. Operators of plant safety systems don’t have the same luxury.
If a Safety Instrumented System (SIS) suffers an undetected failure in operation, the consequences can be very serious indeed. That’s why a comprehensive proof testing programme is one of the routine actions necessary to ensure the safe, regulatory-compliant operation of process plant and tank storage facilities.
The purpose of proof tests is to uncover dangerous faults that would otherwise remain unrevealed, adversely affecting the integrity of the SIS. Fully defined proof test procedures help show compliance with safety management policies, improve planned maintenance strategies and fault reporting capabilities and avoid unnecessary equipment failures.
It is important to get proof tests right, but doing so can be challenging. The test procedures need to define the scope of the testing, the test equipment to be used and the procedural controls to be adopted. They need to be written in a manner that takes account of human factors, too, to minimise the risk of error and violation.
Proof tests should identify all the undetected potential failure modes that could affect any part of each safety circuit, from the sensing element to the final element. That requires expert knowledge and a broad perspective, information on potential failure modes will be documented by component manufacturers, but tests must also consider ancillary components, like impulse lines or heat tracing and must include checks on redundant parts of the SIS.
The Probability of Failure on Demand (PFD) of a safety instrumented system is based on the probability of undetected failures of the components that make up the circuit, along with the interval between proof tests. As a result, selection of the right proof test interval is an essential part of meeting a facility’s safety requirements specification. Sometimes, however, the operating conditions of the plant do not allow complete testing of a circuit at the required interval. In these cases, companies must define two or more test intervals: one at a higher frequency that tests components that do not affect plant operation and the other at a lower frequency that aligns with plant shutdown periods. Both tests must define which components are to be tested and both must ensure that all undetected dangerous failure modes are tested to meet the safety circuit design constraints, which in turn ensures the Safety Integrity Level (SIL) claimed remains valid.
Companies need a comprehensive audit system in place to ensure that tests are completed at the specified intervals. Test failures need to be documented, along with associated maintenance activities, to help build a full picture of the real-world reliability of your safety systems. This information should be used to support periodic reviews of test procedures and intervals.
GSE Systems has extensive experience helping companies to develop, standardise and implement proof test procedures that comply with best practices and HSE expectations. Our ability to offer design, consultancy and project management services makes us the ideal partner in delivering safety related projects.
For further advice and recommendations please contact us at Engineering@gses.com. You can also download our free guide to functional safety below.