The Three Day Expert

It is generally acknowledged that there is a lack of expertise in defining and installing electrical equipment in hazardous areas. In the last few years the facilities for the training of technicians has improved, in Europe this has been largely due to the EEMUA initiated courses but supplemented by some other organisations. The problem of training engineers to design equipment is not too severe since most equipment is subject to third party certification, and hence there is a possibility that any significantly dangerous errors in the design will be detected. This does presuppose the certification authority is competent but that is a perennial question.

The current need is to adequately train engineers to select and specify equipment for specific applications. The problem is that no one person can know enough to ensure a satisfactorily safe installation and yet current proposals suggest that a few days training can produce a “certified” engineer who can do it all. It is obvious that this is absurd, for example the skills necessary to select and specify an intrinsically safe level gauge for installation in a Zone 20 location are a world apart from those necessary to select and specify a large electric motor for a Zone 2 location. In practice many instrument engineers who work on plants have detailed knowledge of relevant aspects of their particular installation and only a cursory knowledge of other techniques and installations. They are usually in the best position to assess and ensure the safety of their installation, and the difficult part is to sustain a responsible attitude to safety in the face of other pressures. Possibly the more difficult situation is that of the engineer working for a design contractor who may have to work on plants with quite different problems in rapid succession. In these circumstances wide experience and a network of knowledgeable acquaintances is the only hope for creating an adequately safe design.

Area classification is a part of most applications and is an art which is best practised by a team of people with complimentary skills and experience, it  is not predominantly an electrical engineering problem. There are some basic concepts but every application is different and the necessary skills cannot be taught in a few days. The situation becomes even more difficult if the “instant expert” tries to apply the risk analysis approach since this requires the Wisdom of Solomon and the direct help of whichever the expert worships. 

There is a need for training of engineers in the basics of ‘explosion protection’ techniques, and for frequent updating as the techniques develop. The case for testing to establish that a level of understanding has been achieved is less well established. However it must be recognised that training courses are only one starting point and the most that a training course can achieve is to make an engineer aware of the risk and the available solutions. Possibly the greatest benefit to be derived from training courses is the realisation of how much there is to learn and the recognition of personal limitations. In practice most engineers continuously build up experience by working on specific projects and interacting with colleagues. Training courses make only a small contribution.

The available training courses are usually organised by certifying authorities or training organisations. The better ones use engineers [usually semi -retired and not quite passed their sell-by date] who have worked on installations and have a realistic approach to the known problems. Some courses deteriorate to intensive training on how to read completely unintelligible labels and nauseating detail on the interpretation of apparatus design standards. This practice is frequently led by the obligatory multiple choice questions that form the end of course test.

Possibly a website containing basic training material could be set up by one of the engineering institutions and that could draw from the experience of its members. It might even be possible to update the information on the site and encourage discussion on known problems. The cost would be considerable and it would need a driving personality behind it, and so it is unlikely to happen. 

The fundamental need is for engineers to behave as professionals, acquire the knowledge they need, accept responsibility for what they do, and to recognise when they need to consult with colleagues. The possibility of anyone being ‘certified’ as competent in all aspects of “safety in explosive atmospheres” is too remote to be contemplated.

Ex d – a non solution to a hot problem

Background

Very occasionally someone notices that the IEC apparatus standards usually only consider ambient temperature conditions of  -20 °C to + 40 °C. This range can be extended when this is considered desirable and noted on the certificate and by marking. The usual limits are –40 °C and + 75 °C. Some concern has recently been raised as to whether measuring temperature outside this range using thermocouples [TCs] and resistance thermometers [RTDs] is adequately covered by the certification and/or is adequately safe.

Note: An interesting aside is that both the ATEX Directives apply only to gas/air mixtures ‘under atmospheric conditions’ so the Directives are not applicable and do not consider this problem

Some thermocouple installations are located at the interface between Zone 0 and Zone 1. In these circumstances the inside of the thermowell is usually a Zone 1 and the outside a Zone 0. Hence from a thermal ignition risk viewpoint it must be suitable for Zone 0

The intrinsically safe solution

It is known that ignition energy of a gas/air mixture decreases with temperature, although the available experimental data is limited. At the ignition temperature it is zero, and the way it changes between atmospheric temperature and that point is not well defined [a translation of that statement is that the author of this note does not know the answer since the limited information is partially contradictory]. Within the normal testing range for apparatus [up to +75 °C] it is usual to assume that the change is small and adequately accommodated by the large safety factors inherent in the intrinsic safety technique.

There are obvious thermal ignition problems where the process temperature approaches the ignition temperature of the gas and consequently the temperature rise of the measuring element under fault conditions must be restricted to as low a level as practicable.

Usually the TC or RTD is regarded as simple apparatus and it is the output parameters of the transmitter or IS interface, which determines the acceptability of the measurement. Fortunately most of the recently designed temperature converters, temperature alarms &c have very low safety output parameters, which make them useable with TCs and RTDs at higher temperatures. For example the MTL5074 temperature converter in TC mode has output parameters of  Uo: 6.6V, Io: 76mA and Po:17mW. The voltage is well below the ignition threshold of any gas [10 -12V], and the current is too low to create an inductance problem. The limited power means that the possible rise in temperature of the TC under fault conditions is small.

It seems reasonable therefore that provided that the output parameters of the connected instrumentation are small then the measurement of temperatures approaching the ignition temperature of the gas/air mixture is acceptably safe. The output parameters of the connected device are in accordance with the certificate; hence it can be argued that the installation is partially ‘certified’. It is adequately safe to the normally accepted level and no problem exists.

The flameproof  [Ex d] non-solution

The performance of flameproof enclosures at temperatures other than those for which they are tested is not well documented. The emphasis on the need for testing in the Ex d standards suggests that the number of interacting factors make the prediction of performance difficult. Most of the recently expressed concern relates to low temperatures and hence possibly high temperature effects are not so critical if metal enclosures are used. In the particular case of TCs and RTDs then the relatively small heat capacity [compared with a large metal box] and the possible intimate thermal contact with the process fluid calls into question the adequacy of the flameproof practice of allocating a temperature classification without considering faults.

If this argument is accepted then the use of flameproof thermocouple wells and heads is only marginally acceptable at atmospheric temperatures and the possibility of an unspecified temperature rise under fault conditions makes them unsuitable for use at elevated temperatures. The questionable performance of flameproof enclosures at temperatures lower than that for which they have been tested makes their use in these circumstances not acceptable.

Some thermocouple installations are located at the interface between Zone 0 and Zone 1. In these circumstances the inside of the thermowell is usually a Zone 1 and the outside a Zone 0. Hence from a thermal ignition risk viewpoint the installation must be suitable for Zone 0, which means that a flameproof installation is not acceptable.

The inevitable conclusion is that the majority of flameproof TC or RTD installations do not achieve the level of safety implicit in the IEC standards. Fortunately they do not have to comply with the ATEX Directives but they are probably not adequately safe.  However there are no explosion incidents attributable to the use of this type of installation known to the author so perhaps there is no call for undue panic.

Conclusion

The only acceptable technique for the measurement of temperature in using TCs or RTDs in Zone 0 and Zone 1 hazardous areas is to use intrinsically safe equipment where the interconnected interface has output parameters which have a considerable safety factor over those permitted for gas/air mixtures at atmospheric temperatures. If this is done then the safety level achieved is not well defined, but it is covered by the well-known practice of ‘making it as safe as is practically possible’. However it is unlikely to be covered by the certification.

A postcard from Rio de Janeiro

Apologies for the lack of recent additions to this blog, but an IEC meeting in Rio temporarily stemmed all rational thoughts on real hazardous area instrumentation issues. One of the compensations of attending IEC meetings is that sometimes they are held in interesting places such as Rio. It does provide an opportunity to meet old friends and adversaries, often combined in the same person.

The meetings of the three maintenance teams, which determine the content of the draft standards, dominated the intrinsic safety meetings. Sometimes I wonder how representative maintenance teams are of the real world. A few people [including myself] who do the initial drafting and take an active part in resolving the response to any comments dominate them. These few sometimes have personal axes to grind and/or an advantageous position to defend. As the IEC Ex scheme becomes more readily accepted the IEC standards become even more significant and if left to the few, could become too restrictive and impractical. Active participation by all interested parties –users, manufacturers and certifying bodies, is the ideal way to achieve a practical standard with an adequate level of safety.

The present state of the IEC standards on intrinsic safety is:

If any of these subjects is of interest then please get the documents from your national committee and provide your comments. Complaining afterwards is too late. And of course if your comments are rejected, you can always say ‘I told you so’ as you go bankrupt or your site is closed on economic grounds

The current ‘in thing’ with the cognoscenti is ‘risk analysis’ and equipment protection levels [EPLs]. There is still considerable enthusiasm for this subject for some inexplicable reason. No doubt it will find some applications when an acceptable method of analysis appears, but meanwhile the ancient technique of area classification used with compatible equipment selection will thankfully prevail

Hieroglyphics didn’t come to an end after Ancient Egypt

The marking requirements for electrical equipment for use in hazardous atmospheres has become ludicrous and is about to become even more so. The primary function of marking should be to assist in ensuring that equipment is correctly installed in its intended location. There is a need for the equipment to be readily identified and traceable back to its manufacturer, so that necessary maintenance and replacement can be safely carried out. Traceability is desirable if any questions arise about the adequacy of the safety of the equipment. In practice when a significant disaster occurs, equipment labels frequently become illegible.

The current state is that the marking requirements have been steadily increased every time a standard is revised or a new regulation is introduced. The result is a meaningless set of hieroglyphics, which can only be interpreted by a few sad characters who spend far too much time at standards meetings. [Unfortunately that includes me]. I sometimes suspect that when archaeologists in 3006 dig up a discarded instrument they will mistakenly categorise it as early Egyptian.

A typical example is a field mounted temperature transmitter intended to be mounted in a Zone 1 with its sensor mounted in Zone 0 and certified under the IEC Ex scheme. It would probably be marked

This is not very meaningful to the technician installing the equipment but is possibly the required marking. If the apparatus is also useable in dust locations Zone 20 and 21, which it probably would be, then the following additional marking required would be:

NOTE: Higher values for Co and Lo could be added but that would be even more confusing

This marking would probably be added just below the red marking for gases. The black marking is common to both gases and dust. Probably colours could not be used, but it is desirable to distinguish between the two possible causes of the hazard

Additionally the apparatus could be marked to clarify its use in both gas and dust ‘ic’ systems but hopefully most manufacturers would resist this temptation.

An additional straw [if you wish to sell in Europe] is to comply with the ATEX Directive. In addition this requires the manufacturer’s address, the year of construction, the epsilon Ex ?, the equipment group and category , for Group II equipment the letters ‘G’ and/or ‘D’ and the CE mark ?. The CE mark is followed by the registration number of the organisation responsible for the surveillance of the quality control system of the manufacturer. This completely useless piece of information is what every technician needs.

The marking then becomes

It is possible to go on to illustrate the additional requirements for the US market, but it is increasingly obvious that the marking requirements are out of control and meaningless. In fact the probability of this illustration being correct is very low.The solution is to provide the technician with enough information to ensure that he is installing the intended piece of equipment in the intended location and that he has access to any further information he may need. A manufacturer’s name, an equipment type and serial number, a web-site address and a certificate number is all that is required. The IEC Ex scheme is a move in the right direction, but the IEC standards continue to increase the marking requirements and IEC Ex is considering introducing its own mark The ideal situation where IEC Ex certificates are accepted world wide and parochial marking requirements derived from such as ATEX and OSHA are removed is unlikely in the foreseeable future. However recognition that most of it is unintelligible, possibly misleading and only there to satisfy the idiosyncrasies and egos of the writers of standards and legislation is possibly the first step. The second step is to recognise that the required information for designing and installing a safe system is available from the apparatus certificate and the manufacturer’s instructions. These are or should be readily available, ideally on the web so they are up to date. Guessing that equipment is adequately safe from the marking on the apparatus is not an acceptable practice.

A possible happy consequence of simplifying the marking would be that the content of all the competency training courses would be halved and all the numerous posters devised by manufacturers and certifying bodies would be redundant. It would make the setting of test questions almost impossible.

 

Equipment Protection Levels and all that

One of the evil side effects of the ATEX Directive is that the IEC feels compelled to follow its more whimsical requirements. However the IEC must maintain its independence and consequently it follows similar principles but modifies the marking.The most recent manifestation of this phenomenon is the creation of Equipment Protection Levels (EPLs], which are the IEC equivalent of the ATEX categories. The following table summarises a fairly complex situation.

Fortunately the EPL concept did not follow the displaced numerical marking of the ATEX categories. Using category 2 equipment in a Zone 1 still does not feel right. The EPLs follow the intrinsic safety level of protection indication of a, b and c in line with the level of protection afforded by the apparatus.The intention of the concept is to divide apparatus into categories of equal levels of risk and mark the apparatus so that a technician could decide whether the level of risk is appropriate to the location of the equipment. The fact that the technician would require an infinite knowledge of the plant operation to make such a judgement is completely ignored. [In practice no one person ever has all the information necessary to make a reasonable risk analysis]. The same technician is considered incapable of remembering which type of protection can be usually used in which Zone, hence the requirement to introduce EPLs. The most that marking can achieve is to raise doubts in the mind of the knowledgeable technician and cause him to ask questions about the suitability of the apparatus

The illusion that a piece of apparatus in isolation determines its level of safety is only held by standards writers who persist in trying to completely describe apparatus on the label. In the particular case of intrinsic safety it is the system which determines the level of safety which is achieved. For example an ‘ia’ apparatus will be marked with an EPL ‘Ga’ but if connected in an ‘ic’ system it will achieve a ‘Gc’ protection level and the label is misleading. Intrinsic safety is the method of protection which is most prone to creating this deception but all the other methods of protection suffer from the same problem to some extent.

The reality is that if IEC Ex certification is used, EPLs will emerge and will have to be marked. The marking requirements of pressure transmitter certified intrinsically safe for use in both gas and dust are incredible in every sense of the word. If by chance the device is made flameproof and dust tight then a high level of information overload is achieved and an extremely large label is required. At this point an invitation to license my pull-down labelling facility is offered.

Perhaps one day there will be support for my campaign to reduce the label to a certificate number and a website address. When this happens then the availability of full and up to date information on certification and use could be ensured. It might even be possible to satisfy the requirement to have information available in the language of the country where the equipment is being used

AN9003 Revisted

Back in the days before the Internet, Chris’ main vehicles for publishing his views on what was happening in this field were the regular Application Notes and and Technical Papers that MTL published using the prehistoric medium of printed paper.The most requested of these was AN9003- A Users Guide to Intrinsic Safety which was published 4 times over a 15 year time span. We are slowly putting the latest version together and to keep up with the times, this time it will be published on the MTL website. The first chapters can be found here.

Doubling the Risk ?

The ATEX Directives and recent IEC standards have increased awareness of the risk associated with both dust and gas hazards. However none of the existing documents cover what should be done when both dust and gas is present. This combination frequently occurs in the storage of agricultural products, the pharmaceutical industry and in some parts of the petrochemical industry and hence a solution is required. Fortunately for low power requirements such as instrumentation, intrinsic safety can usually achieve an acceptable level of safety.

Historically the solution was to choose equipment, which was considered acceptable in the gas when, considered on its own, and then consider whether this equipment was acceptable for use in the dust atmosphere. If the equipment satisfied both criteria it was considered acceptably safe. Recently the possibility that there may be interaction between the gas and dust which adversely affect the ignition properties of the combination have been aired by the cognoscenti who are well known for predicting ignition by the impact of butterfly wings. In practice there are so many unknown and unpredictable variations in the ignition mechanisms of dusts that the possibility of there being some combination which is more sensitive than the separate entities is high. However the probability of the combination occuring is likely to be low. Unfortunately there is no definitive data on what the likely increase in sensitivity will be, and a research programme to investigate all the possible variations on the combinations is impractical and consequently unlikely to take place in the foreseeable future.

The available solution follows the path beloved by the medical profession of following the ‘precautionary route’, which can roughly be translated as ‘ we do not know the answer so increase the safety factor’. Using IIC intrinsically safe equipment can largely eliminate the spark ignition risk. The inherent factors of safety required by the intrinsic safety standard and built into the ‘test apparatus’ ensure that even if the gas is hydrogen or acetylene the possibility of ignition is acceptably small. It can be argued that a IIB classification is more than adequate for most circumstances, but if a IIC solution exists this has a larger comfort factor and should be the preferred solution. If by chance you have a combined carbon disulfide and aluminium dust risk then you have my sympathy and a suggestion that a change of employment is desirable, but no practical solution exists as far as I know.

The significant risk from instrumentation in most dust locations is that of temperature ignition. If the equipment is certified for use in dusts the avoidance of high temperatures will have been established. A major advantage of intrinsically safe apparatus is that the power levels are low and consequently the temperatures created are less of a problem. The majority of field mounted apparatus [for example dp transmitters] are mounted in substantial enclosures to keep the dust out for both operational and reasons and hence there is no problem. Some sensors cannot be enclosed for operational reasons and these should be operated at a very low power level to ensure safety. A figure of 750mW is used for a dust hazard alone and this is considered safe even in extreme circumstances, but should possibly be lowered for the hybrid risk to something like 500mW. This appears to be severe but in practice is not difficult to achieve. For example an isolator for transferring temperature from an RTD [MTL 5074] has a matched power of 130mW and is adequate for all circumstances. Lower figures are achieved for switches and thermocouples.

Conclusion
The solution is usually to use IIC certified equipment in a dust tight enclosure. If there is an exposed sensor then make sure the possible fault power available is small. If when you have adopted this solution someone questions its adequacy, the response has to be ‘what would you recommend then, and what evidence do you have to support your recommendation ?’

Risky Analysis

The current answer to all hazardous area safety problems is that a risk analysis should be compiled by the plant operator, or by some hired ‘expert’. In the particular case where a plant with ‘potentially explosive atmospheres’ is being operated within the European Community then the risk analysis for the complete plant should have been completed by the end of June 2006.

The temptation is to believe that the risk analysis is an easy alternative to using the combined area classification and apparatus selection techniques, which have been used in the past. It has to be appreciated that the current accepted code of practice is based on a pragmatic approach to known problems, and is applicable to electrical equipment in hazardous areas. It provides an adequately safe solution to most situations but does not necessarily stand up to a detailed analysis of risk.

If a risk analysis is attempted then an initial requirement is to define an ‘acceptable’ risk. The ATEX Directive [1992/92/EC] relates only to the ’safety and health of workers’ but it is unlikely that the other consequences of an explosion can be ignored in any reasonable risk analysis. The problem is what is acceptable and to whom has it to be acceptable? The questions of how frequently can someone be killed or injured and/or how much money shall be invested to reduce the frequency of such an occurrence are questions no standards writing committee will ever address. There is also a problem in knowing what is the statistical probability of failure of any of the accepted methods of protection. The only certainty is that the probabilities are not identical, or even very close. Any analysis demonstrates that intrinsic safety is the safer choice, wherever it can be used.

The theoretical possibility of writing a risk analysis without using the conventional approach of area classification [IEC 60079-10] and the choice of equipment in accordance with the code of practice [IEC 60079-14] is not worth pursuing. The use of the conventional approach of area classification and apparatus selection avoids rather than answers the difficult questions but the technique is generally accepted and satisfies most authorities. More importantly it has provided a proven adequate level of safety for many years.

The practical solution to the use of electrical equipment in hazardous areas is to use the existing techniques, and all the use of other forms of risk analysis are for those exceptional circumstances and for the indulgence of those with time on their hands. The risk analysis of hazards created by mechanical equipment is a new and separate subject. This requires much greater expertise, is fraught with unanswered questions and has no history of applicable standards.