The API norm 670 – machine protection systems

The API norm 670

The API norm 670, for machine protection systems do American Petroleum Institute, is widely recognized in the industry and is actively used by regulators and operators worldwide.

The API norm 670 describes the minimum requirements for a machine protection system (SPM) which measures shaft and housing vibration, axis position, spindle rotation speed, piston rod drop, over-speed, return (surge) and / or critical machine temperatures. To reduce the likelihood of misinterpretation, or API 670 also includes detailed instructions that apply when designing, Apply, test and maintain machine protection systems.

Observation: this article makes reference to the API 670, 52nd edition (November 2014) to highlight and discuss some of the general design specifications described in the section 4 this standard. O bold type is used to refer to the corresponding sections and section numbers (4.x) are added when useful.

This article belongs to a series, which constitutes the support material for the course on vibration analysis in turbomachinery. Links to the other articles can be found on here.

History of the API Standard 670

First edition: June of 1976

The initial development of the API 670 was driven by the need for machine users to specify proximity probes and monitoring systems pre-installed in their machine packages that conform to basic functional requirements, performance and interchangeability. This helped ensure that sensors from one manufacturer would work with monitoring systems from another manufacturer.. It also ensured that the cable lengths of the transducer systems, the probe settings, tip diameters and oscillators/demodulators had a limited number of permutations to help reduce spare parts requirements. The First Edition only covered radial vibration and axial position measurements (impulse). It did not encompass the absolute vibration (box), bearing temperature or any other measurement introduced in later editions of the standard.

Second edition: June of 1986

The second edition introduced content related to bearing temperature measurements.

Third edition: November 1993

a separate standard (API 678) was released in May 1981 and covered vibration monitoring systems based on accelerometers. Like this, during a period, two separate API standards coexisted – one for systems based on proximity probes and one for systems based on accelerometers (seismic). The two standards had considerable overlap and represented redundant efforts to be maintained.. The main objective of the third edition working group was to, therefore, merge the two standards into a single document. Consequently, a API 678 was withdrawn from use with the publication of the third edition of 670. The third edition also introduced new appendices that cover supplier documentation and design requirements., documentation requirements and field testing, accelerometer application considerations and gear vibration considerations.

Fourth edition: december of 2000

Fourth Edition focused on content that had become obsolete and assumed analogue technology instead of the latest digital technology (such as indicators that can no longer be physical bulbs or LEDs). Introduced specified options to separate the machine protection system into smaller functional subcomponents that can be physically separated from each other (as a non-integral viewfinder), but kept a “contiguous system” as default. It also introduced the inclusion of overspeed detection instruments and piston rod drop measurements.. Sensors have been extended to include magnetic pickups for speed measurements, and appendices have been added for considerations of setpoint multipliers and electronic overspeed detection systems. The types of measurements covered by the standard have become long enough that it is tedious to list them all as part of the title.. Like this, the norm was called “Machine Protection Systems”.

Fifth edition: November 2014

The fifth edition represents a significant revision of the standard and organizes the protection system into subsystems as follows:

• Vibration/Position/Temperature/Rod drop (section 7)
• Overspeed detection systems (section 8)
• surge detection systems (section 9)
• emergency stop systems (Score 10)
• End stop elements (10.8)
• other entries (10.7.2)

some sections (1-6, 11, 12) now concern all these subsystems, while other sections (7-10) only concern selected subsystems, as mentioned above.

Surge detection and emergency stop systems are entirely new, such as the K-Q attachments. Annex No, by itself, adds a tutorial 50 status monitoring pages; Appendix L adds a tutorial on 20 Security Integrity Level pages (SIL); and Appendix P adds a tutorial on 10 pages on monitoring reciprocating compressors. The page count of other new attachments is summarized in Table 1 on previous page. Besides that, the normative content related to speeding is substantially expanded. As a result, the page count of the standard has increased from 96 pages in the Fourth Edition for 244 pages in the Fifth Edition. Besides that, the use of color is now present in the illustrations. Previous editions of the standard were limited to black and white illustrations.

An effective strategy for a machine protection system

Whether in power generation, in the activation of process equipment, in the compression or pumping of fluids, failure of critical production assets can have catastrophic results, expensive or just time consuming. In general, the most important considerations are the safety of personnel, the possibility of substantial damage to the machine or loss of production that leads to a financial impact. To help prevent these types of events, a machine protection system must be installed with characteristics and appropriate functions (4.11) in order to protect the machine and the environment around it. The SPM must generate alarms (with levels of alert and danger) in useful time, when unwanted situations occur, so that corrective actions can be taken. In the case of danger alarms (normally related to security), SPMs typically use a relay to trigger a system level control system, such as for example, a turbine control system, in order to automatically initiate a safe stop (“disarm”) of the machine.

For a machine protection strategy, be effective, measurements must be accurate and reliable. Consequently, or API 670 lists the requirements for precision (4.5) for different measurement chains, in different temperature ranges, for normal system operation or for testing. A reliability (4.17) of the SPM, as well as system security, protections, autotestes e diagnostics (4.16), are other essential considerations for continuous and uninterrupted operation, required for long periods of time, in industrial applications.

The concept of segregation in the API standard 670

Independence and separation of systems, components or parts is an important design concept underlying the entire standard. For example:

• A segregation (4.8) requires the SPM to be completely separate from any other systems, like another protection system, control systems or condition monitoring systems (CMS).
• Within the SPM, all machine protection loops are normally wired (wireless communication is not allowed here) and the interconnections with other devices in the machine's automatic stop loop, are implemented through system output relays (4.12).
• A problem with a measurement chain, input channel or signal processing should not affect any other channel. This applies to system power supplies (4.10), as well as the power supplies of individual sensors. To mitigate these failures, SPMs often use redundant power supplies (11).
• You digital communication links (4.13) for systems outside the SPM, as a CMS, must not affect the protective functions of the machines. This also applies to buffered analog outputs (“raw”), even in the event of a short circuit at these outputs.
• Similarly, a interchangeability (4.6) implies that it must be possible to physically and electrically replace the components of the SPM in-situ, without leaving the measurement accuracy requirements.

API standard environmental requirements 670

Machine protection systems are often deployed in industrial environments or other hostile environments, where they are needed specific system cabinets and environmental requirements (4.9) to comply with different area classifications. These environments can be challenging temperature ranges (4.1), humidity (4.2), shock conditions (4.3) and the need to chemical resistance (4.4). Therefore, measurement chains, usually, need to be built with corrosion resistant materials. Although the wiring must be protected by rigid guards and junction boxes, as described in the wiring and its conduction (4.14), which also helps to minimize the effects of electromagnetic interference (EMI) often found in industrial environments. Examples include the segregation of signal and power wires or the use of shielded cables.

Other electrical issues, What earthing (4.15), can negatively affect electrical signals. The impact of incorrect or missing grounding, varies in noise and interference, to the worst case scenario where electrical leakage through the chassis, causes damage to instrument components or even injury to people.

A API 670 also mentions the project definition and the execution requirements related to the scope of supply and responsibility (4.7) that concern interested parties, from system vendors to proprietors.

Machine protection systems (MPSs) and SIL security levels – The API perspective 670

Operational safety in process industries has always been a priority. As the process industry entered the computer age, new problems arose as factories converted to computer-based control systems (replacing your old electrical controls, pneumatic and electronic). Like this, the process sector has developed a variety of tools to solve these problems, but security performance has not always lived up to expectations.

At the moment, standardization of machine protection systems (MPSs), many times according to the API 670 – in line with international safety standards, like the IEC 61508 by IEC 61511 – plays a vital role in the safe and secure operation of various industrial facilities.

IEC 61508: Functional safety of electrical/electronic/programmable systems related to electronic safety

A IEC 61508 is an international standard that covers the entire security lifecycle of security systems and is intended for system suppliers, original equipment manufacturers (OEM) and equipment used in these security systems. A IEC 61508 is the basic/fundamental functional safety standard and applies to all sectors.

IEC 61511: functional safety – Safety instrumented systems for the process industry sector

A IEC 61511 is an international standard that establishes practices in systems engineering that guarantee the safety of an industrial process using instrumentation. A IEC 61511 is a technical standard intended for end-user applications and is specific to the process industry sector.

Note: A IEC 61511 uses the same security lifecycle and security integrity level concepts as the IEC 61508, but described in a language and context more specific to the sector.

API 670: Machine protection systems

A API 670 is a widely recognized industry standard that outlines the minimum requirements for machine guarding systems (MPSs) using measurements such as vibration, position, velocity, piston rod drop, phase reference, overspeed and/or temperature. A API 670 includes requirements for sensors and monitoring system hardware and covers the specification, acquisition, installation, documentation and testing of such systems.

The main purpose of the IEC standard 61508/61511 is to help ensure the correct design and use of safety instrumented systems (SIS) with security integrity levels (SIL) in a systematic way to reduce the risk in a process to a tolerable level, following global hardware and software security lifecycle procedures and maintaining associated documentation.

API 670 e IEC61508/61511

A API 670 by IEC 61508/61511 complement each other. in a simplistic way, the first normalizes the requirements for implementing the machine protection system, while the second defines an important and comprehensive security lifecycle, from concept to design, operation and deactivation or disposal of the safety instrumented system (SIS) and its elements.

It is important to note that following a security lifecycle is the best way to ensure (and prove) compliance with IEC requirements 61508/61511.

Hazards identification

Upon completion of the conceptual design of an industrial process, an assessment consisting of hazard identification and systematic risk analysis must be carried out. During this evaluation, all hazards and risks to personnel or the environment are analyzed individually.

The actual risk that exists in the absence of MPS is compared with the tolerable risk. If the actual risk is less than the tolerable risk, so it is not necessary to consider an MPS as part of an SIS. If the actual risk (sem MPS) exceed tolerable risk, risk reduction methods should be applied – which usually includes installing an MPS that works as an SIS.

Note: The required degree of risk reduction is determined by assessing.

Risk analysis and SIL selection

During the evaluation, the risks associated with each identified hazard must be determined, evaluated and compared with the tolerable risk. Once again, this risk analysis is carried out on the assumption that the security system (SIS or MPS) under review is not present.

To the IEC standard 61508/61511, functional safety classifies the required degree of risk reduction into four levels of safety integrity: SIL 1, SIL 2, SIL 3 and SIL 4. As shown in the table below, the higher the SIL level, the greater the degree of risk reduction, the less likely it is that a system will malfunction and, therefore, the greater the level of security associated. For example, a SIL security system 1 offers the least amount of risk reduction.

Security Integrity Level Risk Reduction Factor Probability of Failure on Demand

SIL 4 100.000 a 10.000 10^-5 a 10^-4

SIL 3 10.000 a 1.000 10^-4 a 10^-3

SIL 2 1.000 a 100 10^-3 a 10^-2

SIL 1 100 a 10 10-2 a 10-1

Showing 1 a 4 of 4 Appetizer

Note: In practice, SIL security systems 4 are so complex and expensive that they are not economically viable. For process industries, if a process is so inherently risky that an SIL system is needed 4 to bring you to a safe state, then there is probably a fundamental problem in the design of the process itself that needs to be examined!

security requirements

The next step in the security lifecycle is to develop a security requirements specification. (SRS). This important document describes all aspects of the security system required, including the test procedure and acceptance criteria for the SIS validation test (MPS). SRS is essential to comply with the security standards of an application, so the owners/operators, consultants and suppliers should contribute to its preparation according to the requirements of the installation.

Note: The parts 1 e 2 of the IEC standard 61511 describe in more detail the installation, commissioning and validation of safety systems. A API 670 suggests that, if a security system requires SIL 2 or superior, any systems or equipment that are not SIL certified 2 by an independent certification body, such as Exida or TÜV, should not be considered (API 670, 52nd edition, Appendix L, section L.6.7.2 c).

SIL Verification

For each stage of the industrial process, SIS must be checked against SRS. No final, the complete SIS must be tested in accordance with the test procedure and acceptance criteria included in the SRS. If the security system cannot meet all requirements, the security lifecycle must start over from the beginning to produce an updated SRS that reflects the necessary changes.

It is important to note that simply using equipment and products with SIL certifications does not automatically guarantee SIL compliance of the security system.; only ensures the systematic ability (SC) and hardware fault tolerance (HFT/voting (architecture)) necessary to meet SIL requirements.

Therefore, Experienced consultants/experts should always perform SIL verification for each safety instrumented function (SIF) that is part of an SIS. This includes calculations of the average probability of failure on demand (PFDavg) that are based on application-specific information and the security properties of the elements that make up the SIS, such as proof test coverage (PTC) and the proof test interval (PTI), the site safety index, the mission time, average repair time (MTTR), etc., and not just based on vendor recommendations. – and not simply based on vendor recommendations. That's why SIL verification is one of the most critical steps in the security lifecycle..

A API 670 (52nd edition, Appendix L, section L.7.1.x) also defines some end-user responsibilities to help ensure security requirements are met:

The end user has overall responsibility for the security of his installation. (application).

The quote request (RFQ) should include details of any specific architectural requirements that are needed, such as one-out-of-one (1oo1) or two-out-of-three (2oo3).

A risk analysis shall be carried out to determine the degree of risk reduction required for each protective circuit. (SIF), preferably in conjunction with the machine manufacturer/supplier.

The quote request (RFQ) should include details of acceptable proof tests and intervals for any tests that affect the industrial process (application).

A security integrity/performance level assessment should be performed (SIL/PL) based on the data provided by each system and equipment supplier to verify that the entire protection circuit (SIF) meets all functional safety requirements.

Security system operation and maintenance

It is also the end user's responsibility to ensure that an adequate security management team is in place to establish operation and maintenance procedures for any security systems.. These procedures typically include pre-startup safety reviews., SIS secure boot, Periodic maintenance and functional tests in situ.

While the API 670 eastern “what do i need”, a IEC 61508/61511 guides you from “What can go wrong” up until “How do we keep it protected”.

The API norm 670 – Conclusion

An understanding and appreciation of the general requirements of the API standard is important 670, described above, because to API 670 is one of the most widely applied international standards for the protection of machinery.

Para a Meggitt Vibro-Meter, it is essential that the products and instrumentation are fully compatible with API 670. However, everyone involved in the project, selection, installation, operation or documentation of such systems can benefit from this important reference, which is full of collective knowledge and good engineering practices.