Fail Safe Regulators

The humble airset filter regulator does not get a lot of love.  Relegated to a lonely corner of the control valve or On/Off valve specification, it does not even rate its own datasheet.

Although a few SIL-certified regulators are available, regulators are usually ignored when calculating safety integrity level (SIL) in typical de-energize-to-trip (DTT) safety instrumented functions (SIFs).

After all, whether it’s Fail High, Fail Low, or something in between, how can the humble regulator dangerously fail my SIF?  After all, my certified SIL 6 solenoid will take me to the safe state on demand!  Amirite?

A Quick Review

If you are a little rusty on regulator basics, here is a quick video:

A much more detailed introductory video can be found here.

Loss of Instrument Air

The ISA 61511 standard (see what I did there?) requires that we consider the failure of various utilities in the design, and that these considerations be validated:

Validation activities shall include […] confirmation that the SIS performs as required on loss of utilities (e.g., electrical power, air, hydraulics) and confirmation that, when the utilities are restored, the SIS returns to the desired state

Now consider a typical pneumatic, solenoid operated, single-acting piston actuated, air-to-open (i.e. fail-closed) On/Off valve being used as an SIS final element.  The system is fitted with a “standard” airset regulator.  What happens when the upstream Instrument Air (I/A) pressure is lost?  Here is a simple hookup sketch:

 

Contrary to what many believe, this “fail closed” valve does not fail closed on loss of upstream instrument air!  The air downstream of the regulator is trapped in the actuator (keeping the valve open) until either (i) the solenoid operates and vents the air or (ii) the air leaks out.

It turns out that option (ii) was the typical behavior for certain popular regulators up until about 1999.  In 1999, it became “standard” for these regulators to have soft seats with tighter shutoff, so leakage through the regulator went away.  It is all detailed here in this report from the Fluid Controls Institute.

Another reason you may not have heard of this before is that it typically does not impact control valves.  Valve positioners typically have a small continuous bleed of air, so they will slowly bleed the valve closed.  This behavior is primarily a concern for On/Off valves.

Note that the regulator should never be placed downstream of the solenoid, as a closed regulator would defeat the solenoid.

Does This Matter?

In some applications, this “fail stationary – drift closed” behavior may be acceptable or even preferable to ride out instrument air problems.  An argument could be made that if the SIF is required to act, then the solenoid is still perfectly capable of actuating the valve.

However, there are some important considerations, including:

  • It is poor practice to purposely place a demand on a SIF. If loss of air is known to cause a demand, the SIF should be designed to go failsafe. It’s inherently safer.
  • Certain HazOp or relief system design assumptions may be based on specific valve behaviors on loss of utilities. These need to be validated.

Ultimately, the behavior needs to be considered on a case-by-case basis.  But you need to be aware of the behavior before you can evaluate it!

Continuous Bleed and Smart Bleed

There are a couple of regulator options to address this problem.  The first is to specify a continuous bleed on the regulator.  This allows the regulator to continuously bleed a small amount of air to atmosphere, which will vent the actuator on loss of I/A.  However, this option is undesirable for most facilities since it increases I/A usage.  For remote oil & gas facilities using natural gas for actuation, it is not an option at all.

The second option (which you may have never heard of) is the so-called Smart Bleed option.  This option adds a check valve between the upstream and downstream sides of the regulator in parallel to the main flow path.  Under normal operating conditions, the pressure drop across the regulator keeps the check valve closed.  If the downstream pressure is higher than the upstream pressure (e.g. loss of I/A supply), then the check valve opens and allows the actuator to vent into the upstream side.  The Smart Bleed option for the Fisher 67CFR regulator is covered in this flier.

If you have never heard of the Smart Bleed option before, there is a good chance your valves do not have it.  Emerson reports that less than 10% of their regulator sales include Smart Bleed.  The Smart Bleed option is not standard in the Fisher 67CFR family of regulators.  Will your On/Off fail to the expected position on loss of I/A?

If you do specify the Smart Bleed option (or some equivalent), there is another important consideration:

  • If you are relying on a latching solenoid or an electronic latch to keep the SIF in the safe state until reset, then the regulator behavior could bypass the reset function.  The regulator will failsafe on loss of I/A, but will automatically reset when I/A returns.

Addition logic may be required in the SIS to detect loss of air or “un-commanded movement” of final elements and take appropriate action to latch the function in the safe state.

Conclusion

Who knew that air pressure regulators could be so interesting?  I hope you found this short post informative and useful.

Thanks for reading!  Please follow SISEngineer.com on LinkedIn.

 


Before you go… If you enjoyed this post or were completely bewildered by it, you might consider purchasing a book about control valves and/or pneumatic controls.

Leave a Reply

Your email address will not be published. Required fields are marked *