Because the integrity of a safety-related system degrades over time, periodic testing (known as proof testing) is essential in order to detect hidden failures. So it is of crucial importance that all safety instrumented systems (SISs) have a maintenance plan in place to support their ongoing operation. This compensates for the safety system integrity degrading over time and helps ensure that the safety system’s required SIL level is maintained.
Put simply, it is essential to test the integrity of any safety instrumented system (SIS) because otherwise an undetected failure may be left unrevealed until a demand is actually placed upon the system, with the result that the safety function might fail when required.
With this in mind, proof testing is used to help ensure safety system integrity by testing in order to catch any failures not detected by any diagnostics of the safety system. In this way, the safety system is restored as close as possible to an “as new” condition. As such, proof testing is critical to ensuring the integrity of a safety system throughout its lifecycle and must be performed routinely at a specified interval.
Safety system integrity can be considered a measure of the probability that a safety-related system will function as required when required, and is indicated by the safety integrity level (SIL). The application itself determines the particular SIL required: the higher the SIL level, the higher the associated safety level and the lower the chance of failure.
Although the integrity of a safety system degrades over time due to many factors such as undetected failures and/or the degradation of electronics or materials, the probability of failures can be minimized in the design process.
The main purpose of an overspeed detection system (ODS) is to ensure that a machine will be stopped if an overspeed event occurs. Accordingly, an ODS that is fundamentally simple and concentrates on core safety concerns (that is, with minimal non-safety related functionality) will be inherently more reliable and robust. Basically, if a safety product has fewer features, the probability of a failure is smaller and the proof testing requirements are less demanding.
The maintenance plan of a SIS is of crucial importance because it is the key to reducing the rate of dangerous-undetected failures and maintaining the safety integrity of the SIS. In general, there are three complementary tests that can constitute a maintenance plan:
End-users of a SIL overspeed detection system should follow original equipment manufacturer (OEM) or safety system supplier recommendations for maintenance and proof testing in accordance with the safety system’s life cycle. Such systems are developed and/or certified in accordance with the IEC 61508 “functional safety” standard process, which requires that a safety manual is available to provide all of the necessary information regarding frequency of maintenance, proof testing, calibration, etc.
Similarly, the 5th edition of the API 670 “machinery protection systems” standard states that “Routine test intervals are determined by the responsible party, unless the system is an IEC 61508 or IEC 61511 certified system where it is dictated by the certification report” (or safety manual). (Refer to API 670 5th edition, section 22.214.171.124 note 2.).