Partial Valve Stroke Test. The Exida model (exSILentia) says that partial proof test coverage affects a main proof test coverage factor. I've been using and still following their model for many years. You can find an explanation of this model here: https://www.exida.com/blog/why_does_my_proof_test_coverage_change_with_partial_stroke_testing I'm curious what your approach to this topic is in your PFDavg calculations?

Good Morning All, Just to let you know the 61508 Association are holding a conference in York on November 25th this year. The event is free to join and looks to include a very good agenda regarding Functional Safety Compliance. I have attached the flyer for those that are interested 🙂

My proposed topic for discussion: I have experience in conducting a SIL requirement assessments for furnace burning systems. Each client of such analyses have a little bit different approach and risk assessment procedures which I should follow. However as an analyst and session leader I don't agree with them sometimes. It is always a challenge for me, as analyzing such a system raises many questions about the validity of decisions made during the LOPA. Briefly: This particular protection system consists of many instrumented safety functions protecting the furnace, like low and high pressure of the fuel gas, low pressure of combustion air, loss of flame, overpressure in the combustion chamber, wrong air/fuel ratio, CO/O2 flue gas detection, flue gas damper closure detection and some others depending on specific technology used. So the first issue of this SIL analysis is related to the layers of protection. In the most conservative case, we can't take any additional layers of protection independent of the analyzed function. Why? Because all possible other actions are still the same: close the double shutoff valves at the fuel supply line to the burners. The same valves which are part of the SIF we are talking about. What's more it's not always possible to ensure a low personnel presence rate in the hazardous area. This of course results in very high SIL requirements. But I always wonder if this approach is practical and not too conservative? The second question is whether each of these SIFs really needs to be analyzed separately, when most of them protect the furnace from loss of flame and a chamber from the formation of an explosive atmosphere. Perhaps some functions can actually be considered as a one SIF with redundancy and diversification of measurement systems detecting different physical quantities? This case is much closer to my approach of practical side of functional safety. By the way, I've got also a third point of view but maybe I will describe it a little bit later during a discussion.

What's the most useful thing you've found here so far, and is there anything you wish was in there that isn't yet? Asking because I want to make sure what I build next actually reflects what engineers here need. Drop a comment below. ☺️

Hi all. I would like to hear everyone’s views and opinions on having one valve for control and one valve for safety, Or if they would have one valve that does both. If you have one valve what’s are your argument for, independence, CCF, and control system errors.