In sensitive areas of the process industry, it must be ensured that pumps, valves, and active cooling systems are safely switched on in the event of a fault. This requires high availability of the installed safety functions and monitoring of signal circuits for line faults on the field side. Time-consuming workarounds can be avoided using the principle of line fault transparency (LFT). Information concerning line faults is transferred to the control panel via the signal line. This allows channel-specific identification of line faults without additional wiring.
Industrial applications place exacting requirements on de-energised-to-safe and energised-to-safe functions. Safety relays play a central role here as the link between control panels and load circuits. There are two different applications. Safe shutdown (de-energised-to-safe, DTS) is used, for instance, to de-energise motors, stop the filling of containers, or stop the flow of material. Implementing DTS applications is not problematic. For instance, a power supply failure or an unrecognised lead breakage on the field side puts the interface module transmitting the switching pulse into the safe state and triggers the safety function: The field device is switched off. Safe power-up (energised-to-safe, ETS) in an emergency is significantly more complex and particularly relevant for the process industry and functional safety.
In an ETS signal circuit, the safe state is a closed contact that is often not activated for many years. As a result, contamination or corrosion may entirely or partially prevent a current from flowing. ETS applications include active cooling, switching on pumps and valves, supplying extinguishing agent or coolant, and discharging overpressure from containers. The importance of safe power-up is also evident in processes where toxic substances are transferred via conduits. The conduits are under slight negative pressure for reasons of safety. In the event of a leak, it must be ensured that further pumps are safely switched on. In an emergency, they suck in large amounts of ambient air through the leak point, preventing toxic substances from leaking out.
Line Fault Transparency
A safety function may fail even if a safety relay is working properly. Possible causes include lead breakages or short circuits. In many existing solutions, line faults on the field side are indicated by LEDs on the module itself and optionally as a collective error message. As a result, it is not readily possible to detect control-side line faults in the field through the galvanic isolation of the module. Collective error messages contain no information concerning which signal circuit is faulty; the LEDs of the modules must also be checked. If a fault indication output is available, it must also be wired for modules without LFT to ensure that the control panel can detect the specific channel on which the fault occurred. An additional input card is also required in the control panel.
Application in Safety Relays
The KFD2-RSH safety relays from Pepperl+Fuchs offer seamless line monitoring across the galvanic isolation of modules and to the field side. They not only detect short-circuits and lead breakages on the field side, they also ensure that the control panel can assign these to a specific signal circuit. The LFT-enabled relay module monitors the connected load in the field. If there is a fault in the field wiring (short circuit, lead breakage), a test pulse filter on the control side will become detuned. The DO card of the control system can detect the fault via the diagnostics measures integrated on the field side.
The test pulse filter is required to ensure that the safety relays and the control panel are compatible, and, therefore, that the signal circuit functions correctly. Diagnostics provided by safety control systems must not cause devices to malfunction under any circumstances. Control panels DO (digital output) cards generally feature integrated diagnostics. In addition to delivering dynamic diagnostics, known as test pulses, they also often check the field circuit statically. To implement this function, the applied trickle currents are measured and evaluated by the DO card both when switched on and switched off.
The input on the safety relay filters the test pulses coming from the DO card. This prevents the field device from being inadvertently switched on by a diagnostic measure or a line fault being inadvertently displayed in the control panel.
In addition, this input enables trickle currents to flow from the DO card. A minimum load is supplied in the On state and a trickle current can flow in the Off state. This trickle current has no impact on the switching function.
K-System Safety Relays with LFT
KFD2-RSH safety relays from Pepperl+Fuchs combine diagnostics, line fault transparency, and 1oo3 (one-out-of-three) architecture. The function of the switching contacts is automatically checked during every switching operation. This dramatically reduces the complexity of proof tests for the user. The devices have comprehensive test pulse immunity and are therefore compatible with commercially available digital output cards. Applications according to IEC61508 up to SIL 3 can be switched off and on using the new safety relay, and applications in line with EN-ISO 13849 Performance Level e can be switched off.
Complete monitoring of line faults on the field side is essential for energised-to-safe functions. Interface modules with line fault transparency can transfer information concerning line faults to the control panel without additional wiring. Experience gained from projects conducted by the fire and gas specialists at Pepperl+Fuchs shows that LFT modules can save an average of 200 – 400 Rand per signal circuit compared to conventional solutions.
Almost all major control system manufacturers have now successfully carried out project-specific tests of Pepperl+Fuchs LFT-enabled devices. These tests demonstrate interoperability with specific field devices, such as optical or acoustic sounders and control system output cards.
The K-System for DIN rail mounting and the termination-board-based H-system provide many other functions with LFT, such as switch amplifiers and solenoid drivers, in addition to LFT safety relays.