High Available, Fault Tolerant and Safety Critical Subsea Actuator System

Abstract

This paper describes the research and development of a mechatronic subsea actuation system, which utilizes batteries to provide the power to close the valve. The paper includes the safety and availability analyses of this novel system architecture. Key features of the new all electric system concept and its reliability- and safety effects are presented, such as the Energize-to-trip operating principle of the safety function, or system safety impacts, which are based on redundancies. The paper compares different system topology approaches regarding their safety and reliability capabilities. Different redundancy concepts for availability and safety are discussed. The interactions between the system and the environment are analyzed with respect to the component and element interactions. The resulting mitigations, which are reducing hazardous system conditions in the system architecture, are described. The paper presents a significant improvement of safety and availability characteristics due to the usage of redundancies, which are based on quantitative, and qualitative system analyzes. Furthermore, the analyses show that the installation of redundancies can result in additional fault sources, which must be prevented by architectural changes and diagnostic procedures. A further result is the investigation of first and second system faults via a system reliability model approach, based on the redundancies.