Reliability and Fail Safe Logic

ESD system performance is measured in terms of reliability and availability. Reliability is the probability a component or system will perform its logic function under stated operating conditions for a defined time period. Availability is the probability or mean fraction of total time that a protective component or system is able to function on demand. Increased reliability does not necessarily increase availability. 

Reliability is a function the system failure rate or its reciprocal, mean time between failures (MTBF). The system failure rate in non-redundant systems is numerically equal to the sum of component failure rates. 

Failures can either be fail-safe or fail dangerously. Fail safe incidents may be initiated by spurious trips that may result in accidental shutdown of equipment or processes. Fail dangerously incidents are initiated by undetected process design errors or operations, which disable the safety interlock. The fail dangerously activation may also result in accidental process liquid or gas releases, equipment damage, or fire and explosions. 

ESD systems should be designed to be sufficiently reliable and fail safe that a (1) accidental initiation of the ESD is reduced to acceptable low levels or as low as reasonably practical, (2) availability is maximized as a function of the frequency of system testing and maintenance, and (3) the fractional MTBF of the system is sufficiently large to reduce the hazard rate to an acceptable level, consistent with the demand rate of the system. 

For ESD isolation valves (i.e., EIVs) a fail safe mode is normally defined as fail closed in order to prevent the continued flow of fuel to the incident. Blowdown or depressurization valves would be specified as fail open to allow inventories to be disposed of during an incident. Special circumstances may require the use of a foil steady valve for operational or performance reasons. These applications are usually at isolation valves at components, i.e., individual vessels, pumps, etc., where a backup EIV is provided at the battery limits that is specified as fail closed. The fail safe mode can be defined by the action that is taken when the ESD system is activated. Since the function of the ESD system is to place the facility in its safest mode, by definition the ESD activation mode is the foil safe mode. 

---