It is now over five years since the disastrous fire at the Buncefield fuel depot in Hertfordshire, where a storage tank was overflowing for more than 40 minutes before it exploded, causing a 32-hour inferno. The overflow had caused a huge vapour cloud to build up, which was ignited by a spark.
Remote Operated Shut-off Valve (ROSoV)
Since then, much has been done to ensure that such a catastrophic accident should not happen again. Led by COMAH (Competent Authority/Industry Standards Task Group), safeguards are being put in place by the petroleum industry to give additional safety and environmental protection to tank storage installations.
Endorsing the recommendations of the Buncefield Standards Task Group, a key feature of these safeguards is the installation of Remote Operated Shut-off Valves (ROSoV) with failsafe actuation.
The failsafe design philosophy has been implemented by leading names in the industry, including Chevron UK, Total UK, BP, Ineos and Petroplus, who have all chosen the electrically operated actuator solution for this vital duty.
The Case for the Electro-Hydraulic Solution
The majority of Remote Operated Shut-off Valve (ROSoV)-relevant valves are situated on the inlet and outlet ports of the fuel storage tanks and are designed to isolate individual tanks in the event of a potential emergency.
The tank farm layout is a very spacious environment into which it would be very expensive to install a pneumatic ring main, whilst an electrical source for control and indication would also be required.
It therefore makes economic and practical sense to use electricity to power the actuators as well. In some cases, existing cabling to nearby plant or to actuators being replaced by the Remote Operated Shut-off Valve (ROSoV) units can be utilised.
A specialised electric actuator design is necessary to achieve the swift failsafe operation demanded by the Remote Operated Shut-off Valve (ROSoV) duty. Experience has shown that this can be successfully delivered through the electro-hydraulic route.
Electro-hydraulic actuators use a simple and therefore very reliable mechanical spring to provide failsafe valve movement, whilst precise and swift valve movement in the opposite direction is achieved hydraulically by means of an integral electrically powered pump.
With this design, reliable failsafe performance can be combined with the benefits of the latest electric actuation technologies, facilitating a high level of asset management encompassing accurate control, monitoring and alarm signalling, operational data logging and diagnostics.
In Rotork’s case, the Skilmatic range of self contained electro-hydraulic actuators are well established as a solution for electric modulating and failsafe control for quarter-turn or linear valves and dampers. Designed in double-acting or spring return configurations, these actuators comprise of an integrated control module and a power unit consisting of an electric motor, hydraulic pump and reservoir.
How it works
Skilmatic EH actuators operate on a pump and bleed principle utilising a motorised vane pump to provide hydraulic pressure in one direction and spring-return in the opposite (bleed) direction.
When the actuator is commanded to open from the closed limit, the bleed solenoid valves are energised. The motorised vane pump is started under no-load condition as a result of the delay in energising the by-pass solenoid valve. With the by-pass solenoid energised, the system pressure acts against a spring opposed piston to drive the actuator in the open direction.
When the actuator is commanded to stop or reaches the open limit, the by-pass solenoid valve is de-energised, followed by the motorised vane pump after 5 seconds, unless a new command to open is given. The bleed solenoid valves remain energised and the system pressure is maintained to hold the actuator position.
When the actuator is commanded to close or receives the ESD signal, the by-pass solenoid valve, bleed solenoid valves and motorised vane pump are de-energised. Pressure is released; the hydraulic fluid returns to the reservoir and the springs return the drive shaft to the closed or safe position.
Advanced Intelligent Control
Assisted by operating experience from a comprehensive installed user base in some of the world’s harshest environments - from the Canadian Arctic circle to the deserts of the Middle East - Rotork invests comprehensively in the enhancement of its electro-hydraulic actuator portfolio.
The latest development sees the introduction of the intelligent SI/EH Pro control and monitoring system, based on the well proven Rotork IQPro electric actuator. SI/EH Pro actuators provide a new level of control and functionality for Remote Operated Shut-off Valve (ROSoV) applications by combining existing features with new text displays, performance monitoring and data logging that includes the valve signature profiles.
Non-intrusive setting, commissioning and data communication - all benchmark features of Rotork’s IQPro actuation technology - in combination with an intrinsically safe BluetoothTM setting tool, enables actuator configuration and data logger files to be transferred from the field to the office for download, analysis and storage.
Schematic diagram of solenoid valves
The setting tool enables safe and rapid non-intrusive commissioning by means of easy to follow ‘point and shoot’ menus. Settings such as internal hydraulic pressure, position, limits, control options, alarm and indication functions can be accessed and adjusted. Actuator status, control and alarm icons are viewable on the illuminated LCD display which also provides access to real-time information including pressure, diagnostics and help screens.
The control module enables demanding operator requirements to be met, including compatibility with digital network control systems encompassing Pakscan, DeviceNet, Modbus, Profibus and Foundation Fieldbus.
Designed to SIL3 standards for use on safety critical applications, the actuators are also capable of partial stroke testing, enabling isolating valves to be tested without interrupting the process, something of particular importance on emergency shutdown (ESD) applications.
All key components within the actuator including the hydraulic pressure and movement are tested to confirm availability for shutdown on demand. The test can be initiated either remotely or locally with the setting tool. The partial stroke position against stroke time is measured and compared to the original position to stroke time recorded at the commissioning stage.
A pass or fail is displayed and, if enabled, a failure alarm will be activated. The alarm is one of three that can be configured to customer specific alarm and status requirements or for general group alarms. A monitor relay is also provided to monitor the power supply and any hardware errors.
Emergency Shutdown Remote Operated Shut-off Valve (ROSoV) Applications
Skilmatic actuators are specifically designed for Emergency Shutdown (ESD) applications with a discrete input signal. The ESD signal can be configured to control the shutdown through a hardware circuit by-passing the internal processor.
This processor circuit monitors the position and internal hydraulic pressure and provides alarm monitoring but the ESD circuit is independent and thereby providing priority to an ESD command. Closing speeds can be adjusted to meet the specific requirements of the application.
For safety critical applications the actuator is designed to meet SIL3 standards with hardwired ESD. Alarms are indicated through both the local LCD display and alarm relay outputs. Mean Time Between Failures (MTBF) and Probability of Failure on Demand (PFD) calculations are provided.
In the Remote Operated Shut-off Valve (ROSoV)scenario, in an emergency shutdown the actuator will immediately return to the predetermined safe position and will be ready to operate on the next command when the ESD signal is reinstated.
As an added safeguard, an optional ESD manual reset can be enabled to restrict the actuator from operating until locally reset at the actuator or with an externally mounted switch.
Layers of protection applied to ROSoV duty
In this example, a Safety Instrumented System (SIS) is applied to prevent overfilling of a tank.
The tank and pump are controlled by the BPCS (Basic Process Control System) and the installation is physically contained within a bund. The signal from the level sensor is feeding back to the PLC in the BPCS which controls the pump and the MOV. A fault with the level sensor leaves the tank vulnerable to overfilling, as was the case at Buncefield.
To account for this, the SIS is added, consisting of a separate level sensor and an ESD logic solver to control the MOV, which is the final element under the control of the SIS. The ESD signal is independent to other control signals and secures the valve in the safe position, providing a Safety Instrumented Function (SIF) for the Remote Operated Shut-off Valve (ROSoV) duty.