Flowserve MX Electronic Actuator SIL Safety IOM User Manual

Limitorque MX Electronic Actuator FCD LMENIM2350-01 – 9/13

2

FLOWSERVE PROPRIETARY INFORMATION

Use or disclosure of this information is subject to the restrictions on the title page of this document

Contents

1 Scope

5

1.1 System Overview

6

2 Safety Integrity Level [SIL]

7

2.1 Failure Rates/Failure Modes

7

2.1.1 Safe, but Detected (

λ

SD

) 7

2.1.2 Safe, but Undetected (

λ

SU

) 7

2.1.3 Dangerous, but Detected (

λ

DD

) 7

2.1.4 Dangerous, but Undetected (

λ

DU

) 7

2.2 Mission Time (Tmission)

7

2.3 Partial Stroke Test Period

7

2.4 Proof Test Period (Tpt)

8

2.5 FIT

8

2.6 Mean Time to Restoration (MTTR)

8

2.7 SFF

8

2.8 PFD

avg

8

2.9 RRF

8

2.10 SIL vs. PFD

avg

vs. RFF

8

3 Safety Requirements

9

3.1 Monitor Relay Annunciation

9

3.2 Local Control Knobs Sensors

9

3.3 ESD Override for Knobs

9

3.4 The LCD Display May Also Indicate Warnings and Alarms

9

3.5 Partial Stroke Test Interval

9

3.6 Proof Test Interval

10

3.7 Basic Safety Configuration Requirements

10

3.8 Optional Emergency Overrides

10

3.9 Labeling

10

4 Design for Safety

11

4.1 LimiGard™

12

4.2 Optional Safety Add-ons

12

4.2.1 Fire Protection

12

4.2.2 Safety Critical User Wiring

13

5 Limitorque MXa Safety Functions

14

5.1 Emergency Shutdown Open (ESD-Open)

14

5.2 Emergency Shutdown Close (ESD-Close)

14

5.3 Emergency Shutdown ‘Move To’ (ESD-Position)

14

5.4 Emergency Shutdown Stop (ESD-Stop)

14

5.5 Emergency Shutdown Ignore (ESD-Ignore)

14

5.6 Fail No-Action (Stay Put) Operation

15

5.7 Multiple ESD Functions for Basic PST

15

6 MXa Safety

16

6.1 PFDavg for MXa Actuator without PST

16

6.2 PFDavg for MXa Acutator with Monthly PST

17

7 Partial Stroke Testing [PST]

18

7.1 Basic PST Description

18

7.2 Enhanced PST Description

18

7.2.1 Monitor Relay Behavior When Configured as Enhanced PST

19