SIST EN 50495:2010
(Main)Safety devices required for the safe functioning of equipment with respect to explosion risks
Safety devices required for the safe functioning of equipment with respect to explosion risks
This European Standard specifies the requirements of electrical safety devices, which are used to avoid potential ignition sources of equipment in explosive atmospheres. This also includes safety devices, which are operated outside areas with explosive atmospheres, to guarantee the safe function of equipment with respect to explosion hazards.
Sicherheitseinrichtungen für den sicheren Betrieb von Geräten im Hinblick auf Explosionsgefahren
Dispositifs de sécurité nécessaires pour le fonctionnement sûr d'un matériel vis-à-vis des risques d'explosion
Varnostne naprave, potrebne za varno obratovanje opreme glede tveganja eksplozije
Ta evropski standard opredeljuje zahteve električnih varnostnih naprav,ki se uporabljajo za izogibanje možnim virom vžiga opreme v eksplozivnih atmosferah. To vključuje tudi varnostne naprave, s katerimi se upravlja zunaj področij z eksplozivno atmosfero, za zagotavljanje varnega obratovanja opreme glede tveganja eksplozije.
General Information
Standards Content (Sample)
SLOVENSKI STANDARD
SIST EN 50495:2010
01-junij-2010
Varnostne naprave, potrebne za varno obratovanje opreme glede tveganja
eksplozije
Safety devices required for the safe functioning of equipment with respect to explosion
risks
Sicherheitseinrichtungen für den sicheren Betrieb von Geräten im Hinblick auf
Explosionsgefahren
Dispositifs de sécurité nécessaires pour le fonctionnement sûr d'un matériel vis-à-vis des
risques d'explosion
Ta slovenski standard je istoveten z: EN 50495:2010
ICS:
13.230 Varstvo pred eksplozijo Explosion protection
29.260.20 (OHNWULþQLDSDUDWL]D Electrical apparatus for
HNVSOR]LYQDR]UDþMD explosive atmospheres
SIST EN 50495:2010 en,fr
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
---------------------- Page: 1 ----------------------
SIST EN 50495:2010
---------------------- Page: 2 ----------------------
SIST EN 50495:2010
EUROPEAN STANDARD
EN 50495
NORME EUROPÉENNE
February 2010
EUROPÄISCHE NORM
ICS 13.230; 29.260.30
English version
Safety devices required for the safe functioning of equipment
with respect to explosion risks
Dispositifs de sécurité nécessaires Sicherheitseinrichtungen
pour le fonctionnement sûr d'un matériel für den sicheren Betrieb von Geräten
vis-à-vis des risques d'explosion im Hinblick auf Explosionsgefahren
This European Standard was approved by CENELEC on 2009-12-01. CENELEC members are bound to comply
with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard
the status of a national standard without any alteration.
Up-to-date lists and bibliographical references concerning such national standards may be obtained on
application to the Central Secretariat or to any CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other
language made by translation under the responsibility of a CENELEC member into its own language and notified
to the Central Secretariat has the same status as the official versions.
CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus,
the Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia,
Spain, Sweden, Switzerland and the United Kingdom.
CENELEC
European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
Central Secretariat: Avenue Marnix 17, B - 1000 Brussels
© 2010 CENELEC - All rights of exploitation in any form and by any means reserved worldwide for CENELEC members.
Ref. No. EN 50495:2010 E
---------------------- Page: 3 ----------------------
SIST EN 50495:2010
EN 50495:2010 – 2 –
Foreword
This European Standard was prepared by the Technical Committee CENELEC TC 31, Electrical apparatus
for potentially explosive atmospheres. The text of the draft was submitted to the formal vote and was
approved by CENELEC as EN 50495 on 2009-12-01.
This European Standard is to be read in conjunction with the European Standards for the specific types of
protection listed in EN 60079 or EN 61241 series of standards.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. CEN and CENELEC shall not be held responsible for identifying any or all such patent rights.
The following dates were fixed:
– latest date by which the EN has to be implemented
at national level by publication of an identical
national standard or by endorsement
(dop) 2010-12-01
– latest date by which the national standards conflicting
with the EN have to be withdrawn
(dow) 2012-12-01
This European Standard has been prepared under a mandate given to CENELEC by the European
Commission and the European Free Trade Association and covers essential requirements of EC Directive
94/9/EC. See Annex ZZ.
_________
---------------------- Page: 4 ----------------------
SIST EN 50495:2010
– 3 – EN 50495:2010
Contents
Introduction . 4
1 Scope . 5
2 Normative references . 6
3 Terms and definitions . 7
4 Ignition prevention by safety devices . 10
4.1 General concept of ignition risk reduction . 10
4.2 Selection of a safety device . 11
5 Functional requirements for a safety device . 11
5.1 General requirements . 11
5.2 Special requirements for safety components . 13
5.3 Requirements for achieving the Safety Integrity Level (SIL) . 13
6 Tests . 15
6.1 Type tests . 15
6.2 Routine tests . 16
6.3 Regular functional proof tests . 16
7 Marking . 16
8 Safety instructions . 17
Annex A (informative) Example of an assessment procedure for a simple safety device . 18
Annex B (informative) Example of an assessment procedure for the hardware safety integrity of a
safety device . 19
Annex C (informative) Example of determining the hardware safety integrity level . 24
Annex D (informative) Examples for safety devices . 33
Annex E (informative) Basic concept for safety devices . 34
Annex ZZ (informative) Coverage of Essential Requirements of EC Directives. 36
Bibliography . 37
Tables
Table 1 – Requirements for Safety Integrity Level and Fault Tolerance of a safety device . 11
Table B.1 – Failure rates assuming a series failure model . 20
Table B.2 – Safety Integrity Levels: Target failure measures for a safety function . 22
Table B.3 – Hardware safety integrity: Architectural constrains on Type A or B safety-related subsystems . 23
Table C.1 – Total hardware failure rates . 31
Table E.1 – Increase of the failure tolerance of equipment by the control of a safety device . 34
Table E.2 – Classified area, in which the ignition probability of controlled equipment would lead to a
tolerable risk . 35
Table E.3 – Required SIL and HFT of a safety device for the control of equipment . 35
---------------------- Page: 5 ----------------------
SIST EN 50495:2010
EN 50495:2010 – 4 –
Introduction
Safety devices, controlling devices and regulating devices which are used for the protection concept of
equipment for explosive atmospheres, shall function reliably for the intended purpose. This shall be
expressed in terms of some measure of confidence that the devices will be able to maintain a required level
of safety at all times. This measure of confidence needs to be in conformity with [1], CENELEC standards of
the series EN 60079 and EN 61241 for apparatus for use in explosive atmospheres and relevant control
standards.
CENELEC identified the need for research to determine whether existing and proposed standards in the field
of safety-related control systems were suitable for this purpose. Research proposals on this topic were
invited under the Standardisation, Measurement and Testing (SMT) Programme of the EU-commission and
the SAFEC project was selected for funding (contract SMT4-CT98-2255). The project was a 12 month
project which began in January 1999. The SAFEC partners were the Health and Safety Laboratory (HSL) of
the Health and Safety Executive in the UK (the project coordinator), the Deutsche Montan Technologie
(DMT) in Germany, the National Institute for Industrial Environment and Risks (INERIS) in France and the
Laboratorio Oficial J.M. Madariaga (LOM) in Spain. The result of this project is summarised in [2] and
recommends the application of Safety Integrity Levels as specified in EN 61508-1 for safety devices. A short
description of the basic concept is provided in Annex E of this standard.
---------------------- Page: 6 ----------------------
SIST EN 50495:2010
– 5 – EN 50495:2010
1 Scope
This European Standard specifies the requirements of electrical safety devices, which are used to avoid
potential ignition sources of equipment in explosive atmospheres.
This also includes safety devices, which are operated outside areas with explosive atmospheres, to
guarantee the safe function of equipment with respect to explosion hazards.
NOTE 1 This European Standard can also be used to design and assess safety devices for protective systems.
Electrical equipment, which is intended for use in explosive atmospheres, may rely on the correct operation
of safety devices which for example maintain certain characteristics of the equipment within acceptable
limits. Examples of such safety devices are motor protection devices (to limit temperature rise during stall
conditions) and controlling devices for pressurisation protection.
By means of control or monitoring devices, sources of ignition can be avoided. Therefore these devices shall
execute the appropriate measures in the appropriate reaction time, for example the initiation of an alarm or
an automatic shut down.
NOTE 2 Some potential ignition sources might not be controllable by safety devices, e.g. electrostatic discharges, ignition sparks
caused by mechanical impact. Also some protection measures might not be controllable by safety devices, e.g.
flameproof enclosures.
Safety devices, whose safety function can not adequately be specified under the existing EN 60079 or
EN 61241 series of standards, shall additionally be designed according to the requirements of this standard.
Generally for complex safety devices appropriate design requirements are not provided in the existing types
of protection (see 3.13 for the definition of a complex device).
NOTE 3 In general the levels of safety required by this standard are considered to be equivalent to those provided by conformity
to EN 60079-0 or EN 61241-0. No increase or decrease of safety is intended or required. Similarly neither increase nor
decrease of safety with respect to EN 61508 series is intended.
Safety devices can be classified in 2 types:
a) devices, which are included as component in the equipment under control (see 3.8). The combined
apparatus is considered as equipment.
EXAMPLES
- thermal switch or thermistor to avoid overheating,
- temperature monitoring devices to control the surface temperature.
b) devices, which are installed separately from the equipment under control and considered as
associated apparatus exclusively for a specific type of protection or specific equipment under control.
The combined apparatus is considered as a system.
EXAMPLES
- external control devices or safety related parts of a control system for type of protection pressurisation,
- overload protective device for electric motors of type of protection Ex e ‘Increased Safety’,
- control devices for battery charging equipment (protection against overcharging or deep discharging),
- level detectors for the control of submersible pumps.
Exclusions from this standard:
Safety devices, where the safety function is adequately covered in the existing standards of EN 60079 and
EN 61241 series do not need any additional assessment according to this standard.
EXAMPLES Intrinsically safe associated apparatus, fuses, electromechanical overload protection, simple thermal protection devices
(e.g. thermal fuses, thermal switches).
The standard does not include devices or systems to prevent the occurrence of explosive atmospheres, e.g.
inerting systems, ventilation in workplaces and containers/vessels.
---------------------- Page: 7 ----------------------
SIST EN 50495:2010
EN 50495:2010 – 6 –
Gas detectors, which are covered under EN 61779 series, EN 50271 or EN 50402 are also excluded from
the scope of this standard.
This standard does not deal with protection by control of ignition source ‘b’ for non-electrical equipment as
defined in EN 13463-6.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.
EN 13237 Potentially explosive atmospheres – Terms and definitions for equipment and
protective systems intended for use in potentially explosive atmospheres
EN 13463-6 Non-electrical equipment for use in potentially explosive atmospheres –
Part 6: Protection by control of ignition source ‘b’
EN 50271 Electrical apparatus for the detection and measurement of combustible gases, toxic
gases or oxygen – Requirements and tests for apparatus using software and/or
digital technologies
EN 50402 + A1 Electrical apparatus for the detection and measurement of combustible or toxic
gases or vapours or of oxygen – Requirements on the functional safety of fixed gas
detection systems
EN 60079 series Explosive atmospheres (IEC 60079 series)
EN 60079-0 Electrical apparatus for explosive gas atmospheres – Part 0: General requirements
(IEC 60079-0, mod.)
EN 60079-10-1 Explosive atmospheres – Part 10-1: Classification of areas – Explosive gas
atmospheres (IEC 60079-10-1)
EN 60079-30-1 Explosive atmospheres – Part 30-1: Electrical resistance trace heating – General
and testing requirements (IEC 60079-30-1)
EN 60079-30-2 Explosive atmospheres – Part 30-2: Electrical resistance trace heating –
Application guide for design, installation and maintenance (IEC 60079-30-2)
EN 60812 Analysis techniques for system reliability – Procedure for failure mode and effects
analysis (FMEA) (IEC 60812)
EN 61010-1 Safety requirements for electrical equipment for measurement, control, and
laboratory use – Part 1: General requirements (IEC 61010-1)
EN 61025 Fault tree analysis (FTA) (IEC 61025)
EN 61165 Application of Markov techniques (IEC 61165)
EN 61241 series Electrical apparatus for use in the presence of combustible dust (IEC 61241 series)
EN 61241-0 Electrical apparatus for use in the presence of combustible dust – Part 0: General
requirements (IEC 61241-0, mod.)
EN 61496-1 Safety of machinery – Electro-sensitive protective equipment – Part 1: General
requirements and tests (IEC 61496-1, mod.)
EN 61508 series Functional safety of electrical/electronic/programmable electronic safety-related
systems (IEC 61508 series)
---------------------- Page: 8 ----------------------
SIST EN 50495:2010
– 7 – EN 50495:2010
EN 61508-1 Functional safety of electrical/electronic/programmable electronic safety-related
systems – Part 1: General requirements (IEC 61508-1)
EN 61508-2:2001 Functional safety of electrical/electronic/programmable electronic safety-related
systems – Part 2: Requirements for electrical/electronic/programmable electronic
safety-related systems (IEC 61508-2:2000)
EN 61508-3 Functional safety of electrical/electronic/programmable electronic safety-related
systems – Part 3: Software requirements (IEC 61508-3)
EN 61508-4 Functional safety of electrical/electronic/programmable electronic safety-related
systems – Part 4: Definitions and abbreviations (IEC 61508-4)
EN 61508-7:2001 Functional safety of electrical/electronic/programmable electronic safety-related
systems – Part 7: Overview of techniques and measures (IEC 61508-7:2000)
EN 61511 series Functional safety – Safety instrumented systems for the process industry sector
(IEC 61511 series)
EN 61511-1:2004 Functional safety – Safety instrumented systems for the process industry sector –
Part 1: Framework, definitions, system, hardware and software requirements
(IEC 61511-1:2003)
EN 61779 series Electrical apparatus for the detection and measurement of flammable gases
(IEC 61779 series, mod.)
EN 62061 Safety of machinery – Functional safety of safety-related electrical, electronic and
programmable electronic control systems (IEC 62061)
EN ISO 13849-1 Safety of machinery – Safety-related parts of control systems – Part 1: General
principles for design (ISO 13849-1)
EN ISO 13849-2 Safety of machinery – Safety-related parts of control systems – Part 2: Validation
(ISO 13849-2)
3 Terms and definitions
For the purposes of this document, the terms and definitions given in EN 60079-0 and the following apply.
3.1
types of protection
the types of protection, as referred to in this standard, are the explosion protection measures for electrical
equipment
NOTE The protection measures are defined in EN 60079-0 or EN 61241-0.
3.2
equipment category
classification of equipment into different levels of safety with respect to the ignition risk
[EN 13237, EN 60079-0, [1] ]
NOTE The equipment category is equivalent to the appropriate Equipment Protection Levels (EPLs), defined in the EN 60079-0. This
standard may be applied for EPLs correspondingly.
3.3
functional safety
part of the overall safety relating to the EUC and the EUC control system which depends on the correct
functioning of the safety-related systems and external risk reduction facilities
[EN 61508-4]
---------------------- Page: 9 ----------------------
SIST EN 50495:2010
EN 50495:2010 – 8 –
3.4
safety device
safety devices, controlling devices and regulating devices required for or contributing to the safe functioning
of equipment with respect to the risks of explosion
Safety devices provide explosion protection by executing a safety function that works independently of the
normal functions of the equipment under its control. A safety device may consist of one or more safety
components, forming a Safety Instrumented System (SIS)
NOTE A regulating device which is controlling an ignition risk is also considered as a safety device.
3.5
Safety Instrumented System (SIS)
instrumented system used to implement one or more safety instrumented functions. A SIS is composed of
any combination of sensor(s), logic solver(s), and final elements(s) [see EN 61511-1:2004, 3.2.72]. A safety
instrumented system is equivalent to a safety-related system, which is defined under EN 61508-4
NOTE Safety device is a term of [EN 13237], [1] and can also be a safety related system.
3.6
safety component
one of the parts of a system or device performing a specific safety function
[EN 61511-1]
3.7
safety function
a function to be implemented by a safety device, which is intended to achieve or maintain a safe state for the
EUC, in respect of ignition hazards
[EN 61508-4]
3.8
Equipment Under Control (EUC)
equipment, machines, apparatus or components which contain a potential ignition source, which is controlled
by a safety device
[EN 61508-4]
3.9
safe state
state of the safety device which leads to a safe condition of the EUC
[EN 61508-4]
3.10
safe condition
the safe condition of an Equipment Under Control (EUC) defines the operating mode in which an acceptable
ignition risk according to the category of the protected equipment is provided by the equipment. The safe
condition of the EUC is intended to be ensured by activating the safety function of the safety device
3.11
combined equipment
combination of a safety device and the Equipment Under Control (EUC). It may be physically combined in
one unit or as separate units. In both cases the combination is considered as equipment according to [1]
3.12
simple safety device
safety devices where the safety function does not depend on complex technology (e.g. microprocessor
technology)
---------------------- Page: 10 ----------------------
SIST EN 50495:2010
– 9 – EN 50495:2010
3.13
complex safety device
safety devices where the safety function depends on complex technology, e.g. microprocessor technology
3.14
Safety Integrity Level (SIL)
discrete level (one out of a possible four) for specifying the safety integrity requirements of the safety
function(s) to be performed by the safety device, where safety integrity level 4 has the highest level of safety
integrity and safety integrity level 1 has the lowest [EN 61508-4]. If the safety device consists of several
safety components the Safety Integrity Level is defined for the complete safety instrumented system
NOTE SIL 4 is not applied in this standard.
3.15
SIL capability
if a safety component is provided separately, its specified SIL capability is the maximum SIL that can be
achieved by a safety device using this component in single channel mode
3.16
Failure Mode and Effect Analysis (FMEA)
analysis of possible failures of any component of the safety device and determination of their consequences
for the overall safety function. Allows to classify any failure as safe, dangerous, detected or undetected with
respect to the safety function
3.17
Probability of a Failure on Demand (PFD)
specifies the average probability of a failure to perform the safety function on demand. In the low demand
mode the frequency of demands for operation made on a safety related system is not greater than one per
year and no greater than twice the proof-test frequency
[EN 61508-4]
EXAMPLES FOR LOW DEMAND SYSTEMS Running dry protection, circuit breaker, thermistor relay
3.18
Probability of a dangerous Failure per Hour (PFH)
specifies the failure rate (e.g. per hour) to perform the safety function continuously. This value shall be
considered if the safety device is operated in high demand or continuous mode of operation, where the
frequency of demands for operation made on a safety-related system is greater than one per year or greater
than twice the proof-test frequency
[EN 61508-4]
EXAMPLE FOR HIGH DEMAND SYSTEM Continuous flow control of pressurisation
3.19
Safe Failure Fraction (SFF)
the ratio, expressed as a percentage, of the average rate of safe and detected failures to the total average
failure rate of a safety device. A safe failure is a failure which does not put the safety device into a
fail-to-function state (see EN 61508-4 and EN 61508-2:2001, Annex C). A detected failure is a failure which
is detected by the automatic diagnostic tests, or through normal operation
3.20
Hardware Fault Tolerance (HFT)
ability of a safety device to continue to perform a required function in the presence of faults [EN 61508-4]
EXAMPLE HFT = 1 means, the required function is still performed in the presence of 1 arbitrary fault of the safety device
Regarding the equipment under control, the requisite level of protection is assured in the event of faults
occurring independently of each other.
EXAMPLE Category 1 equipment is characterised by HFT=2, which means
– either, in the event of failure of one means of protection, at least an independent second means provides the
requisite level of protection,
– or the requisite level of protection is assured in the event of two faults occurring independently of each other.
---------------------- Page: 11 ----------------------
SIST EN 50495:2010
EN 50495:2010 – 10 –
3.21
trip level
a threshold for a safety critical parameter pre-adjusted in the safety device. When exceeding this threshold
the safety device activates the safety function
3.22
architecture
specific configuration of hardware and software elements in a system
[EN 61508-4]
3.23
channel
element or group of elements that independently performs a function
[EN 61508-4]
EXAMPLE A two channel (or dual channel) configuration is one with two channels that independently perform the same function
3.24
confidence level
the confidence level is the probability, that the confidence interval around the mean value of a statistical
distribution of test results includes the real value. It indicates the significance of a statistical evaluation.
A specified confidence level for a probabilistic proven-in-use evaluation allows to determine the minimum
number of treated demands (low demand mode) or the minimum hours of operation (continuous mode)
[see EN 61508-7:2001, Annex D]
3.25
average ambient temperature
the average ambient temperature is the mean value of the ambient temperature of the components in
comparable applications. This may involve averaging temperature fluctuations with time ([5])
4 Ignition prevention by safety devices
4.1 General concept of ignition risk reduction
The ignition risk analysis of electrical apparatus starts with the evaluation of potential ignition sources even
under the presumption of faults related to the equipment. If appropriate types of protection (EN 60079 or
EN 61241 series of standards) are applied the ignition risk of the protected equipment is reduced to comply
with the required equipment category. E.g. if equipment shall be classified in Category 1, even rare incidents
related to the equipment must be considered. Hence, the equipment must
- either be safe with 2 faults occurring independently in the equipment. If a type of protection is only safe up
to one fault, the fault tolerance of the equipment may be enhanced by the control with an appropriate safety
device,
- or, in the event of one means of protection fails, provide at least an independent second means to ensure
the requisite the level of protection. For this purpose also a suitable safety device can be used.
For category 2 equipment frequently occurring disturbances or single equipment faults must be considered
with respect to potential ignition sources. If equipment would only be safe in normal operation, those
disturbances or equipment faults can be controlled with a suitable safety device and the ignition risk reduced
correspondingly.
If equipment contains several potential ignition sources, for each ignition source the same consideration
must be performed and the ignition risk decreased by appropriate measures. The controlled equipment shall
comply with the relevant standards EN 60079-0 and/or EN 61241-0 with respect to the final equipment
category.
---------------------- Page: 12 ----------------------
SIST EN 50495:2010
– 11 – EN 50495:2010
NOTE Residual risks, which cannot be eliminated by a safety device, may be addressed by safety instructions for installation and
use. Such ignition sources may be for example:
– electrostatic discharge of chargeable surfaces,
– mechanical impact or friction sparks on light metal alloys.
EXAMPLE Equipment complying with Category 3G requirements contains electrical circuits and an enclosure with Mg > 7,5 %. To
comply with Category 2G the electrical circuits can be protected by pressurising the enclosure (Ex p) using a programmable control
system as a safety device. The potential ignition risk created by the enclosure surface can be addressed by a safety instruction.
4.2 Safety characteristics of a safety device
A safety device shall meet a level of reliability depending on the reduction of the ignition risk of the
equipment under control. The required safety integrity level of the safety device can be assessed and
classified according to 5.3. Table 1 shows the required safety characteristics for a safety device when used
to control equipment (EUC) with a potential ignition source and initial fault tolerance to achieve the final
equipment category of the combined equipment
Table 1
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.