Designing Intrinsically Safe Systems
Intrinsic safety is a system concept that relies on an accurate design. Learn about the design basics of intrinsically safe systems here.
Intrinsic safety is a system concept that relies on an accurate design. Under a system concept, each piece of apparatus depends on the reliability of all the equipment in the system.
Offshore platforms. Image courtesy of Pixabay
Safe Curves
An intrinsically safe (IS) system keeps the voltage and the current at the spark lying below the safe curve shown in figure 1. This curve illustrates the relationship between the maximum safe open-circuit voltage, Voc, and the maximum safe short-circuit current, Isc, for a stoichiometric mixture – the air/fuel ratio for perfect combustion – of hydrogen and air. Voc and Isc are approximately in inverse proportion.
Figure 1. The safe curve for a stoichiometric mixture of hydrogen and air. Image used courtesy of Lorenzo Mari
Increasing the supply voltage reduces the value of current capable of causing an explosion – the source boosts its ability to maintain an arc. Figure 1 shows that low current values in the spark can cause ignition at higher voltages. In contrast, current will not cause ignition at any value in the region of 12 V.
The allowable power increases as voltage decreases. The safe limit with a 100 V source is a 25-mA spark (P = 2.5 mW), whereas a 15 V source allows 1.2 A (P = 18 W).
Different gases yield separate safe curves. Yet, the curves bear the same shape, are essentially parallel – no intersections – and stay between the boundaries of the most sensitive and the least sensitive gases.
Designing an IS system for the most sensitive gas should not ignite any less sensitive gas.
The National Electrical Code (NEC) groups the gases and vapors – each group has a typical material. The gases and vapor groups depend on their explosion pressures and flammable characteristics. See table 1.
|
|
|||||||||||||||||||
|
|
Table 1. Material groups. Image used courtesy of Lorenzo Mari
* Group I applies to the classification of gases commonly encountered in mining applications. Yet, the NEC does not cover installations underground in mines.
Design Criteria
Intrinsic safety is an explosion-prevention design technique suited to instrumentation circuits and solid-state technology. Electronic process control and telemetering systems – using relatively low voltage and low power – that place all or part of the circuits within a hazardous location take advantage of IS.
The IS technique follows a system concept because all components are interrelated – they cannot be treated individually because each element affects the rest.
The criterion used in analyzing an intrinsically safe system verifies that the maximum thermal and electrical energies released in a hazardous location are much less than the Minimum Ignition Energy (MIE) of the specific atmosphere, both in normal and abnormal or fault conditions.
The procedure calculates the maximum open-circuit voltage Voc and the utmost short-circuit current Isc allowed in the hazardous location.
When selecting apparatuses for the hazardous location, it is crucial to consider the ignition temperature – which varies with the gas characteristics – plus the ignition energy because they do not correlate. Note that gas may suddenly ignite when heated above its ignition temperature. Consequently, decide on the temperature class for the application.
The NEC requires the equipment marking to specify the temperature class according to table 2.
| Maximum Temperature | Temperature Class | |
| °C | °F | T Code |
| 450 | 842 | T1 |
| 300 | 572 | T2 |
| 280 | 536 | T2A |
| 260 | 500 | T2B |
| 230 | 446 | T2C |
| 215 | 419 | T2D |
| 200 | 392 | T3 |
| 180 | 356 | T3A |
| 165 | 329 | T3B |
| 160 | 320 | T3C |
| 135 | 275 | T4 |
| 120 | 248 | T4A |
| 100 | 212 | T5 |
| 85 | 185 | T6 |
Table 2. Classification of maximum surface temperature according to NEC Article 500. Image used courtesy of Lorenzo Mari
Consider, in addition, the ambient temperature range when selecting apparatuses for the hazardous location. The NEC states rules for the equipment’s ambient temperature marking.
Typically, the associated apparatus does not require temperature classification. It does need, however, to ponder the ambient temperature.
The Entity Concept
The tests performed on an associated apparatus for intrinsic safety determine the maximum energy level discharged under abnormal conditions. Abnormal conditions include open circuits, short circuits, and grounding of the IS leads. The results are the entity or safety parameters, including the open-circuit voltage (Voc), power transfer (Po), short circuit current (Isc), allowable external inductance (La), and allowable external capacitance (Ca).
The tests implemented on an IS apparatus reveal the maximum values it can withstand before a failure of an internal component may result in excessive heat and succeeding ignition of the surrounding hazardous atmosphere. The entity parameters assigned to the IS apparatus, based on the results of the tests, include the maximum voltage (Vmax), maximum current (Imax), maximum power (Pmax), maximum internal capacitance (Ci), and maximum internal inductance (Li).
The entity concept allows the user to find acceptable combinations of IS apparatuses with associated apparatuses, barriers, and wiring to build intrinsically safe systems. The apparatuses’ safety parameters and wire characteristics are essential to validate the system’s safety.
The following relationships are mandatory in the design of intrinsically safe systems:
- Vmax ≥ Voc
- Imax ≥ Isc
- Ci + Cwire ≤ Ca
- Li + Lwire ≤ La
Any experienced engineer can analyze a simple system involving a few fault combinations. However, a thorough analysis of complex systems – like combinations of barriers, use of multiple wires, or arrangements of non-linear and linear sources of power with many fault combinations not visible at all times – requires lots of experience. It may be worthy of delegating this job to an approved certification body.
The Redding Barrier
The equipment in the safe area may pose a hazard by delivering unsafe energy levels to the hazardous location. Installing suitable power transfer limiters between the non-hazardous and hazardous locations may reduce this risk.
A particular series-shunt power-limiting arrangement is the Redding barrier (or Zener barrier), named after its inventors, R.J. Redding and L.C. Towle. The Redding barrier is an associated apparatus.
This electrical barrier ensures that the energy entering the hazardous location – arriving from the non-hazardous location – cannot come close to the level at which ignition occurs. The barrier is installed in a non-hazardous location or inside an explosion-proof enclosure in a hazardous location.
The Redding barrier contains a set of resistors and Zener diodes with negligible effects at normal signal levels. The diodes conduct only during fault conditions.
Figure 2 shows a widely employed Redding barrier scheme.
Figure 2. A Redding barrier. Image used courtesy of Lorenzo Mari
The resistance of a Zener diode is very high until arriving at its breakdown voltage – when the resistance reduces markedly, conducting current. The rated voltage of the Zener diodes is a few volts above the circuit design voltage, and the resistor size only allows the design amperes. Under conduction, the Zener diodes keep the circuit voltage at the rated voltage, and the resistors limit the current to the looked-for value. If the current is excessive, the fuse will open the circuit, arresting its flow.
This behavior holds under overvoltage conditions – defined as 250 V (Um) for testing, in NEC Article 504.
Two Zener diodes provide 100% redundancy. Adding a third Zener diode will achieve a higher redundancy – the unit will operate under double contingency.
The resistors are assumed to be infallible – they do not fail.
Systems with Redding barriers are much more flexible than those using other energy-limiting techniques. Yet, they apply only to circuits requiring a few watts.
Figure 3 shows one of the various viable locations for the Redding barrier.
Figure 3. A location for the Redding barrier. Image used courtesy of Lorenzo Mari
Maintaining the Integrity of an IS System Through the Life-cycle
Adequate inspection and maintenance of the IS system are vital for its long-term safety.
A significant advantage of IS technology is that its maintenance can be carried out without a plant shutdown, allowing “live maintenance.”
Correct maintenance includes a rigorous initial inspection of the IS system before plant start-up and subsequent verification and control. Highly trained care personnel are essential to reduce the risk of catastrophic events.
The maintenance of an IS system is a thorough and well-documented topic. Recommendations follow:
- Inspect the system at regular intervals to verify that it is in good shape and there are no unapproved changes. Select the inspection periodicity according to the particular environment and plant conditions.
- Look for impact damage, corrosion, the efficiency of seals, mounting security, and wiring integrity.
- Do not intervene in a working system. IS systems are highly reliable. An internal fault is unlikely unless the system is failing.
- Limit the testing activities performed in a hazardous location. When an apparatus requires testing, it is best to disconnect and remove it – replace it with a spare in the meantime – and safely make the test in the maintenance lab. Avoid risks while removing and replacing the apparatus.
- Use certified testing devices and ensure that they will not introduce excessive voltages or currents in the circuits tested. Use approved instruments for the particular hazardous location.
- Do not short circuit the barrier’s protection resistor with the testing instrument.
- Do not break ground connections
- Identify all temporarily disconnected wires while performing the tests – to ensure correct reconnection.
- Anchor firmly all temporarily disconnected wires at an electrically safe point – to avoid unwanted contacts.
- Exercise caution when working in the non-hazardous location – an incorrect operation in the non-hazardous location may cause an explosion in the hazardous location through the interconnection wiring.
- Do repairs ASAP. A damaged apparatus or wiring is unsafe.
- Keep due records.
About the Design of Intrinsically Safe Systems
The IS technology is an outstanding option for low voltage process control instrumentation.
The equipment in the non-hazardous location may allow the passage of dangerous levels of energy to the hazardous location. An IS system counteracts this condition.
A typical method of designing IS systems is providing an electrical barrier – an associated apparatus – to separate IS-protected wiring from the non-intrinsically safe wiring. The barrier typically employed is the Zener or Redding – it limits the energy transferred under specified fault conditions.
The preservation procedures of IS systems do not require a plant shutdown, reducing the maintenance costs.
