Have you ever wondered why some dangerous failures are classified as undetected and others are classified as detective? Aren’t dangerous failures all dangerous? Why do we classify them differently?
Let's say we have a plant that is running in normal operation mode and the system needs to trip. The safety function of this system is that the actuator will attempt to move/close the ball valve to the safe position. However, what happens if the stem of the ball valve had previously sheared from the actuator? That would be considered a dangerous undetected failure in both the close on trip application and open on trip application.
A broken stem will prevent the ball valve from moving and the system would not be able to perform the safety function.
If a test is performed that only monitors that the stem moves, the dangerous failure will not be found since the actuator can still move the top of the stem. This test does not reveal that the bottom of the stem is no longer connected and does not move the valve. This failure would still be considered dangerous undetected.
If a partial valve stroke test (PVST) is performed that monitors either the flow rate, leakage, or actual valve position, the failure would turn into a dangerous detected failure. This is because the failure would be found when the test results showed the valve not moving when the actuator thinks it is.
Only detecting the dangerous failure rates isn’t enough. Detecting undetected failures are key in creating a safety system!