Methodology for functional safety assessment of protective systems for potentially explosive atmospheres

This European Standard provides guidance on the procedure and information required to allow functional safety assessment to be carried out for the design of protective systems.
The purpose of this European Standard is to assist technical standardization committees responsible for specific families of protective systems in preparing safety standards. Such standards shall be as homogenous as possible and shall have the basic structure of functional safety assessment as it is stated in this standard.
If there are no specific standards for a particular protective system, the manufacturer shall use this standard for functional safety assessment of this protective system.
In this procedure the following information is to be taken into account to ensure a sufficient level of functional safety:
a)   intended use,
b)   possible operating faults,
c)   reliability of protective systems,
d)   misuse which can reasonably be anticipated.
A sufficient level of functional safety is characterized by the following objectives:
1)   System can stop an explosion at a very early stage or reduce the impact of an explosion to an acceptable level.
2)   In the event of faults, failures and/or interference ) the capacity to function remains effective by use e.g. of fail safe techniques or redundancy.
This European Standard does not cover identification of possible ignition sources.
NOTE 1   The identification of possible ignition sources is covered by EN 15198.
This European Standard only deals with the functional behaviour of the protective system i.e. hazards caused by malfunctions, e.g. false activations are excluded.
This European Standard specifies neither specific methods to analyse fault conditions, nor specific requirements for a given type of protective system (see EN 1127 1). It specifies the methodology of functional safety assessment.
(continued)

Methodik zur Bewertung der funktionalen Sicherheit von Schutzsystemen für explosionsgefährdete Bereiche

Méthodologie relative a l'évaluation de la sécurité fonctionnelle des systemes de protection pour atmospheres explosibles

La présente norme européenne donne des lignes directrices relatives au mode opératoire et aux informations requises pour permettre la mise en oeuvre de l'évaluation de la sécurité fonctionnelle pour la conception des systemes de protection.
La présente Norme européenne a pour objet d'aider les comités techniques de normalisation, responsables de familles spécifiques de systemes de protection, a préparer les normes de sécurité. Ces normes doivent etre aussi homogenes que possible et avoir la structure de base indiquée dans la présente norme pour l’évaluation de la sécurité fonctionnelle.
En l’absence de normes spécifiques pour un systeme de protection donné, le fabricant doit utiliser cette norme pour l’évaluation de la sécurité fonctionnelle de ce systeme de protection.
Dans ce mode opératoire, les informations suivantes doivent etre prises en compte afin d'assurer un niveau de sécurité fonctionnelle suffisant :
a)   l'utilisation prévue ;
b)   les défauts de fonctionnement possibles ;
c)   la fiabilité des systemes de protection ;
d)   le mauvais usage pouvant etre raisonnablement attendu.
Un niveau de sécurité fonctionnelle suffisant est caractérisé par les objectifs suivants :
1)   le systeme peut arreter l'explosion des son tout début ou réduire l'impact d'une explosion a un niveau acceptable ;
2)   en cas de défauts, de défaillances et/ou d'interférences  ) la capacité de fonctionner reste effective par l'utilisation, par exemple, de techniques de sécurité ou de redondance.
La présente Norme européenne ne traite pas de l'identification des sources d'inflammation possibles.
NOTE 1   L'identification des sources d'inflammation possibles est traitée dans l’EN 15198.
Cette Norme européenne ne traite que du comportement fonctionnel du systeme de protection, c.-a-d. des phénomenes dangereux provoqués par des dysfonctionnements ; les déclenchements inopinés, par exemple, sont exclus.

Metodologija za varnostno oceno delovanja zaščitnih sistemov za potencialno eksplozivne atmosfere

General Information

Status
Published
Publication Date
09-Sep-2007
Current Stage
6060 - National Implementation/Publication (Adopted Project)
Start Date
31-Aug-2007
Due Date
05-Nov-2007
Completion Date
10-Sep-2007

Buy Standard

Standard
EN 15233:2007
English language
25 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.Methodology for functional safety assessment of protective systems for potentially explosive atmospheresRWHQFLDOQRMéthodologie relative a l'évaluation de la sécurité fonctionnelle des systemes de protection pour atmospheres explosiblesMethodik zur Bewertung der funktionalen Sicherheit von Schutzsystemen für explosionsgefährdete BereicheTa slovenski standard je istoveten z:EN 15233:2007SIST EN 15233:2007en,fr,de13.230Varstvo pred eksplozijoExplosion protectionICS:SLOVENSKI
STANDARDSIST EN 15233:200701-oktober-2007







EUROPEAN STANDARDNORME EUROPÉENNEEUROPÄISCHE NORMEN 15233August 2007ICS 13.230 English VersionMethodology for functional safety assessment of protectivesystems for potentially explosive atmospheresMéthodologie relative à l'évaluation de la sécuritéfonctionnelle des systèmes de protection pour atmosphèresexplosiblesMethodik zur Bewertung der funktionalen Sicherheit vonSchutzsystemen für explosionsgefährdete BereicheThis European Standard was approved by CEN on 13 July 2007.CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this EuropeanStandard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such nationalstandards may be obtained on application to the CEN Management Centre or to any CEN member.This European Standard exists in three official versions (English, French, German). A version in any other language made by translationunder the responsibility of a CEN member into its own language and notified to the CEN Management Centre has the same status as theofficial versions.CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Estonia, Finland,France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal,Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and United Kingdom.EUROPEAN COMMITTEE FOR STANDARDIZATIONCOMITÉ EUROPÉEN DE NORMALISATIONEUROPÄISCHES KOMITEE FÜR NORMUNGManagement Centre: rue de Stassart, 36
B-1050 Brussels© 2007 CENAll rights of exploitation in any form and by any means reservedworldwide for CEN national Members.Ref. No. EN 15233:2007: E



EN 15233:2007 (E) 2 Contents Page Foreword.3 Introduction.4 1 Scope.5 2 Normative references.6 3 Terms and definitions.6 4 General requirements.6 5 Functional safety assessment procedure.8 6 Documentation.13 Annex A (informative)
Example of a functional safety assessment.15 Annex B (informative)
Methods for failure identification and functional safety assessment.20 Annex ZA (informative)
Relationship between this European Standard and the Essential Requirements of EU Directive 94/9/EC.23 Bibliography.24



EN 15233:2007 (E) 3 Foreword This document (EN 15233:2007) has been prepared by Technical Committee CEN/TC 305 “Potentially explosive atmospheres - Explosion prevention and protection”, the secretariat of which is held by DIN. This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by February 2008, and conflicting national standards shall be withdrawn at the latest by February 2008. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN [and/or CENELEC] shall not be held responsible for identifying any or all such patent rights. This document has been prepared under a mandate given to CEN by the European Commission and the European Free Trade Association, and supports essential requirements of EU Directive 94/9/EC.
For relationship with EU Directive 94/9/EC, see informative Annex ZA, which is an integral part of this document. According to the CEN/CENELEC Internal Regulations, the national standards organizations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and the United Kingdom.



EN 15233:2007 (E) 4 Introduction The function of this type A standard is to describe principles for a consistent systematic procedure for functional safety assessment for the design and manufacture of protective systems. Annex A is informative and contains methods for estimating and assessing functional safety and reliability. Annex B is informative and contains an example for functional safety assessment of a protective system. Performing functional safety assessment is referred to in written instructions for use and possible additional precautions are introduced in the documentation. It is in both the manufacturer's and user's interest to establish a common methodology for achieving functional safety, reliability and effectiveness in the operation of protective systems. Thus, functional safety assessment is a tool which provides the essential link between manufacturers and users, however, only aspects which directly address manufacturers are incorporated in this standard. Integrated explosion safety is conceived to prevent the formation of explosive atmospheres as well as sources of ignition and, should an explosion nevertheless occur, to halt it immediately and/or to limit its effects. In this connection protective systems must be designed and constructed after due analysis of possible operating faults that limit or prevent the capacity of the system to stop an explosion. Therefore it is absolutely necessary to conduct a functional safety assessment process.



EN 15233:2007 (E) 5 1 Scope This European Standard provides guidance on the procedure and information required to allow functional safety assessment to be carried out for the design of protective systems. The purpose of this European Standard is to assist technical standardization committees responsible for specific families of protective systems in preparing safety standards. Such standards should be as homogenous as possible and should have the basic structure of functional safety assessment as it is stated in this standard. If there are no specific standards for a particular protective system, the manufacturer should use this standard for functional safety assessment of this protective system. In this procedure the following information is to be taken into account to ensure a sufficient level of functional safety: a) intended use, b) possible operating faults, c) reliability of protective systems, d) misuse which can reasonably be anticipated. A sufficient level of functional safety is characterized by the following objectives: 1) System can stop an explosion at a very early stage or reduce the impact of an explosion to an acceptable level. 2) In the event of faults, failures and/or interference1) the capacity to function remains effective by use e.g. of fail safe techniques or redundancy. This European Standard does not cover identification of possible ignition sources. NOTE 1 The identification of possible ignition sources is covered by EN 15198. This European Standard only deals with the functional behaviour of the protective system i.e. hazards caused by malfunctions, e.g. false activations are excluded. This European Standard specifies neither specific methods to analyse fault conditions, nor specific requirements for a given type of protective system (see EN 1127-1). It specifies the methodology of functional safety assessment. This European Standard provides advice for decisions to be made for all types of protective systems referred to in EU Directive 94/9/EC, but does not provide means to prove the conformity of a given type of protective systems. NOTE 2 Equipment is dealt with in EN 15198 owing to the fact that the procedure and information required to allow ignition hazard assessment is different from the procedure above.
1) Interference is everything in normal operation that can disturb the normal operation of the system e.g. electromagnetic waves, heat, flames and pressure waves.



EN 15233:2007 (E) 6 2 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. EN 13237:2003, Potentially explosive atmospheres – Terms and definitions for equipment and protective systems intended for use in potentially explosive atmospheres 3 Terms and definitions For the purposes of this document, the terms and definitions given in EN 13237:2003 and the following apply. 3.1 failure event, or inoperable state, in which any system item or part of an item or any management function task or process does not, or would not, perform as previously specified [ISO/IEC Guide 73:2002] 3.2 functional safety part of the overall safety relating to the intended use in terms of the function and integrity of the protective system including any safety related devices that are part of the protective system performance
NOTE 1 Functional safety covers all aspects where safety depends on the correct functioning of the protective system and other technology safety-related systems.
NOTE 2 This definition deviates from the definition in EN 61508-4 to reflect differences in explosion safety terminology. 3.3 protective system device other than components of the equipment, which is intended to halt incipient explosions immediately and/or to limit the effective range of an explosion and which is placed separately on the market as autonomous system [EN 13237:2003, A.5] 3.4 functional safety estimation determination of the probability of occurrence of the failures violating the functional safety of the protective system 3.5 functional safety evaluation procedure to determine whether the functional safety of the protective system meets the predefined acceptance criteria 4 General requirements 4.1 Basic concept Functional safety assessment is a series of logical steps (see Figure 1) that enable designers and safety engineers to examine in a systematic way, the function of a protective system or a part of it. The objective shall be to achieve an adequate level of functionality and reliability according to the state of the art and technical and economic requirements at the time of construction.



EN 15233:2007 (E) 7 This assessment includes the following four steps:
a) description of the protective system (5.2); b) identification of failures (5.3); c) functional safety estimation (5.4); 1) functionality; 2) reliability; d) functional safety evaluation (5.5). These four steps are the basis for the decision whether the intended level of functional safety necessary for the intended use is achieved. The result of the assessment shall be detailed in the technical documentation (see Clause 6). If the required function and level of reliability is not achieved, it shall be necessary to improve the protective system or to define an appropriate intended use.
NOTE The choice of the suitable measures is not part of the standard. If the assessment is done by the manufacturer the result of the assessment shall be detailed in the technical documentation (see Clause 6). Decisions in functional safety assessment shall be supported by qualitative methods complemented, where appropriate, by quantitative methods. 4.2 Extent of functional safety assessment The protective system shall be assessed on the basis of the information specified in 4.3.
The functional safety assessment shall be limited to the intended use and the misuse, which can reasonably be anticipated for a particular protective system. NOTE Misuse which can reasonably be anticipated means an incorrect use and/or operation of the protective system by the operator due to negligence or misunderstanding. Misuse is not part of the normal operation. Intent is not included in foreseeable misuse. 4.3 Information needed The information needed to perform the functional safety assessment shall include the following where appropriate: a) intended use; b) safety characteristics used for the design of protective systems;
c) requirements for maintenance; d) actual and foreseeable surrounding area conditions; e) relevant design drawings; f) results of design calculations made, examinations carried out; if available:



EN 15233:2007 (E) 8 g) test reports; h) accident history; i) publications on relevant safety aspects. If an accident history is not available for the protective system, available information for similar protective systems shall be used; it is unlikely that the protective system is so unique that similar protective systems cannot be found. The absence of an accident history, a small number of accidents or low severities of accidents shall not be taken as an automatic presumption of a low risk. Possible additional precautions shall be documented. The information shall be updated as the design develops and modifications are required. For quantitative assessment, data from data bases, handbooks, laboratories and manufacturer specifications shall be used provided there is confidence in its suitability. Any uncertainty associated with the data shall be documented.
NOTE The data is used to define foreseeable operation requirements related to reliability, serviceability, durability, disposability, benign failure and failsafe characteristics and labelling, warnings, identification, traceability requirements and instructions. Data based on the consensus of expert opinion derived indirectly from experience as opposed to measured data, may be used to supplement qualitative assessment. 5 Functional safety assessment procedure 5.1 Principle The principal steps for the functional safety assessment procedure are shown in Figure 1. It is comprised of four steps taking into consideration the information in the oval blocks. Maintenance requirements shall also be considered in the assessment. The manufacturer shall consider all necessary maintenance requirements in the instruction manual and shall also consider lack of maintenance relevant for the intended use.



EN 15233:2007 (E) 9
Key a Conformity is not part of functional safety assessment. NOTE Dotted lines are not part of this standard. Figure 1 — Functional safety assessment for design of protective systems 5.2 Description of the protective system The step-approach (by following flow-chart in Figure 1) shall be carried out with an understanding of the function of the protective system and of the types of explosions.
Intended use shall consider, for example, the following items: a) life cycles of the protective system;
b) limits in terms of use, time, space; c) accurate definition of the function; d) selection of materials for construction;
e) performance, lifetime and configuration; f) description of the type of explosions;



EN 15233:2007 (E) 10 g) limits of process conditions; h) maintenance requirements. 5.3 Identification of failures
5.3.1 General Generally, a protective system shall be assessed by potential sources of failure of the protective system. A functional and state analysis for the intended use shall be undertaken for this purpose. Protective systems are distinguished in the following way: a) passive systems (e.g. flame arrester, venting system), b) active systems (e.g. suppression system). An illustrative example of such an approach is given in Annex A. The possible failures shall be assessed through a functional and systematic analysis and shall be considered separately with regard to whole lifecycle: NOTE The listed possible failures are examples. Additional failures may occur. 5.3.2 Assessment 5.3.2.1 Design and manufacturing In the phase of planning and design the following shall be considered: a) that the compliance of the intended use shall be achieved. Examples are: 1) sufficient heat conduction of flame arresters, 2) effective pressure release of venting devices, 3) sufficient suppression efficacy of suppression systems. b) mechanical dimensioning of the protective system is adequate. Failures can occur due to e.g.: 1) insufficient pressure resistance, 2) insufficient temperature resistance, 3) insufficient resistance against vibration and shock, 4) insufficient resistance against ageing or corrosion. c) incorrect installation location, an incorrect installation position or an installation method with regard to the nature of the explosion shall be avoided. d) correct mode with regard to the process, the ambient temperature, the ambient pressure shall be taken into account as well as the correct operating threshold or sensitivity. e) use of non appropriate software and controlling equipment (hardware). f) resistance of the hardware against electromagnetic disturbance.



EN 15233:2007 (E) 11 g) additional fail-safe means. h) in the case of a power failure the intended use of the system shall be maintained as required. 5.3.2.2 Installation
To be able to provide proper information on the installation the manufacturer shall consider the following possible failures: a) lacking or deficient consideration of effects due to the intended function (e.g. vacuum breakers, danger areas in front of pressure-relief devices, recoil forces, risk of injuries); b) insufficient sealing or possible circumvention; c) insufficient electric conditions (e.g. short circuit, open circuit, overload and earth faults); d) insufficient energy supply and/or back-up power supply for controlling and indicating equipment (CIE). 5.3.2.3 Operational and maintenance requirements The possible failures that can occur during the use and maintenance of the protective system, shall be considered. The manufacturer shall advise the user how to prevent them. Possible failures, which may arise during the use and maintenance, are: a) Contamination; b) incorrect or insufficient intervention by persons (faulty operation, faulty mounting, incorrect maintenance, unintended interventions); c) indication of fault messages and lack of emergency stop procedures. Such lacking or deficient situations and the possible failures that may occur shall be described clearly in the instructions for use. 5.3.2.4 Modification Any safety related modification of a protective system shall be considered a new system which shall require a reassessment. 5.4 Functional safety estimation 5.4.1 General After the failure identification the functional safety of the protective system has to be estimated by determining the probability of failure occurrence. The functional safety estimation can be done qualitatively, semi-quantitative or quantitative depending on the criticality of the protective system in reducing the probability of failure and/or the complexity of the system and the safety related devices. The required performance of the protective system shall be considered in terms of its: a) function, i.e. the ability to perform the functions required by the intended use of the system (e.g. halt an incipient explosion, reduce explosion pressure), and b) integrity, i.e. the reliability in performing those functions (on demand or in time).



EN 15233:2007 (E) 12 The ability to perform the required function can be partly quantified by reliability data and/or expression of the fault tolerance of the system structure. The reliability shall be estimated and evaluated for each of the identified parameters that can lead to a failure of the protective function of the system i.e. for the function and integrity requirements. 5.4.2 Functionality This part of the functional safety estimation shall include both technical and operating faults in terms of occurrence frequency for failures (e.g. predicting the behaviour from hardware faults, use and misuse which can reasonably be anticipated during the different modes of operation and maintenance activities as well as during the event itself). The functional safety estimation shall generally be founded on worst case situations, i.e. without the safety function of the protective system, for the defined explosion characteristics. In cases where this is not appropriate, the functional safety shall be estimated for situations that only partly affects the performance of the protective system, e.g. where it partly can reduce the hazard from an explosion, i.e. partly reduce the explosion overpressure. Each type of failures identified (see 5.3) shall be subject to an evaluation of to what degree they will reduce the performance and the related probability. In this, the criticality of the various parameters that affects the system behaviour must be considered and rated e.g.: a) condition and operating modes (e.g. installation and operating requirements, maintenance requirements, testing, resetting, interlocks, bypasses); b) required response and reaction time (response time sensor to actuator and reaction time of the preventive action); c) fault functions and states; d) fail-safe functions, safe states; e) monitoring and detectability of dangerous faults and related actions; f) sensitivities of the protective system taking into account the safety characteristics; g) design and control parameters; h) system structure, redundancy, fault tolerance; i) interface and influence of system components and safety related control elements and safety devices; j) inspection/test methods; k) dependence / independence of other systems for the proper function; l) systematic- / test independent failures (see 5.4.3, NOTE). 5.4.3 Integrity estimation The safety integrity requirements in terms of reliability of the function shall be defined and estimated for the safety related devices that are part of the protective system performance. Simple prevention systems not relying on safety systems and devices that have shown to comply with the required functions through proven experience or evaluations can be estimated on that basis (i.e. proven in use).



EN 15233:2007 (E) 13 If prior use cannot be documented or for novel or more complex systems including safety related control systems and devices a more comprehensive approach using appropriate methods for reliability calculations has to be used (e.g. in accordance with series EN 61508, EN ISO 13849-1 and EN 62061). For each safety function the frequency of the circumstances that can result in that the safety function can not be realized, (failure rate or probability of failure on demand) shall be estimated considering: a) mode of operation (demand mode/ continuous mode); b) assumed demand rates; c) architecture/ architectural constraints; d) systematic failures (see 5.4.3, NOTE); e) common cause failures; f) mean time to repair (MTTR); g) inspection/test intervals; h) diagnostic coverage and safe failure fraction. The outcome from the integrity estimation should be in the form of reliability figures in the form of probability of failure on demand (PFD) or probability of a dangerous failure per hour (i.e. failure rate) as appropriate, both individually for the different functions and for the protective system function as a whole. These results will be required for the functional safety evaluation and for the user to verify how the protective system will contribute in an integrated explosion risk evaluation and the prerequisites for performing in reducing the total explosion risk. Such results therefore shall be a part of the documentation. NOTE Included in this are failures that may not be revealed by testing or monitoring devices, design failures, software errors, discrimination of signals, installation discrepancies. 5.5 Functional safety evaluation The acceptability of the functional safety estimation shall be evaluated. Therefore, acceptance criteria shall be defined on beforehand based on the intended use. The acceptance criteria can be qualitatively, semi-quantitatively or quantitatively. As for the probability estimate the acceptability criteria can be qualitatively, semi-quantitatively or quantitatively. Comparison of the determined probability that the protective system will fail on demand with the defined acceptability criteria will show whether risk reduction measures are necessary. To identify risk reduction measures, those components or properties of a protective system which are determinant for the overall risk shall be considered first. Each of the identified risk reduction measures shall be analysed reviewing the safety benefit and practicability associated with each of them. 6 Documentation 6.1 Documentation for the manufacturer
The following documentation shall be part of the documentation of the protective system.



EN 15233:2007 (E) 14 Documentation of functional safety assessment shall demonstrate the procedure that has been followed and the results which have been achieved. This documentation includes when relevant: a) protective system for which the assessment has been made (e.g. specifications, limits, intended use, operational description) (see 4.2 and 5.2); b) any relevant assumptions which have been made (e.g. loads, strengths, safety factors);
c) instructions for use according to 4.3, a), b), c), d); d) further information on which functional safety assessment was based (see 4.3); e) data used and the source references (e.g. data bases, accident histories, experiences gained from functional safety increasing applied to similar machinery) (the uncertainty associated with the data used and its impact on the functional safety assessment has to be taken into account); f) failures identified (see 5.3); g) result of the final functional safety estimation (see 5.4); h) safety measures implemented to eliminate identified failures or to increase functional safety (e.g. from standards or others specifications); i) result of the final functional safety evaluation (see 5.5). 6.2 Information to be provided to the user The following information from 6.1 shall be provided to the user when relevant:  6.1, items a), d), h) and i).



EN 15233:2007 (E) 15 Annex A (informative)
Example of a functional safety assessment A.1 Introduction The following is one example of a possible form how an outcome of a functional safety assessment based on the use of an FMECA (failure mode, effects and criticality analysis) can look like.
Key 1 Pressure transducer coupled to an analysing unit 2 Analysing unit for pressure transducer 3
HRD-extinguishers to suppress explosion in filter unit 4
HRD-extinguisher to isolate the filter unit from upstream process units 5
Dust concentration monitoring equipment 6 Controlling and indicating equipment (CIE) 7
Rotary lock-valve 8 Fan NOTE The example is fictitious and not complete. As such it must therefore only be read as an illustration. Figure A.1 — Explosion suppression and isolation system of a filter unit Figure A.1 shows the most important components of an explosion suppression and isolation system mounted to a filter unit. The system operation is as follows: a) In case of an explosion in the filter unit pressure will start to increase. This pressure increase is registered by the pressure transducer. The pressure-time history registered by the transducer is continuously



EN 15233:2007 (E) 16 analysed by the analysing unit. Upon reaching the alarm level (a certain explosion pressure generated within a certain time) the analysing unit will send a signal to the control unit. b) Control unit activates the two HRD-extinguishers mounted onto the filter unit to suppress the explosion there. c) Simultaneously the HRD-extinguisher mounted onto the duct leading to the filter unit, to stop explosions from running back into equipment coupled to the filter unit, is activated. It is also possible to de-activate the explosion proof rotary valve at the outlet of the filter unit in case of an explosion in the filter unit but this has not been considered in this example. Thus, the function starts inside the filter upon detection of a too high rate of pressure rise, indicating the occurrence of an explosion, and ends within the process with the triggering of the HRD-extinguishers. In case of power failure the batteries of the explosion protection system will take over. There will be power for another 4 h. The loss of the safety function after these 4 h is not considered. In case of short circuit, open circuit etc. the system will force the process to go to a safe state. In the analysis the residual risk of an explosion in the de-activated process is not taken into account.
A
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.