The invention relates to a safety device for an industrial boiler, the device comprising electromechanical relays connected to form an electromechanical safety chain.
The invention applies in particular to industrial boilers comprising a gas burner for producing steam or superheated water, for example. These boilers are fitted with a safety device that is located between one or more sensors and one or more actuators mounted on the boiler and triggers shutting down of the boiler via the actuators when at least one sensor detects a malfunction of the boiler. The fault may be an excess pressure, a low water level, or a problem with the burner flame.
A safety device of the above kind is more particularly adapted to open a power supply circuit of the actuators on detection of a fault by a sensor. The actuators, which may be solenoid valves, for example, are designed to trigger shutting down of the boiler as soon as they are no longer supplied with power by the power supply circuit. Each sensor supplies an alternating electrical current at 230 volts to the safety device if the boiler is operating normally and does not supply this current if a fault is detected. This kind of arrangement provides what is known as “positive” safety, in that interruption of the electrical power supply triggers shutting down of the boiler.
In the above safety device, there corresponds to each sensor a relay that is live when it receives the current supplied by the corresponding sensor, and the contacts of the relays corresponding to the various sensors are connected in series, for example, to form an electromechanical safety chain in the form of hardwired logic. The electrical circuit corresponding to this electromechanical safety chain is closed if the boiler is operating normally and is opened if there is any anomaly in the operation of the boiler. It is known in the art, in this kind of safety device, to add to the electromechanical safety chain a so-called logic safety chain operating in parallel and in a manner that is redundant with respect to the electromechanical safety chain if automatic control and regulation of the boiler become complex and necessitate the use of an industrial programmable automatic controller. The logic safety chain generally consists of a data processing circuit, such as a microprocessor, which receives as input electrical signals produced by the sensors and converted into logic signals at 5 volts, and which feeds the electrical power supply circuit of the actuators via a transistor controlling a relay. The output of the data processing circuit is wired in series in the electromechanical safety chain that constitutes the main safety chain, for example.
Standards require periodic verification that the safety sensors and their associated relay are operating correctly. This requirement leads to the installation of extensive facilities that are generally provided partly in the form of hardwired relay circuits for everything that relates directly to safety and partly in the form of a microprocessor-based system for everything that relates to the procedures and to monitoring them. When two redundant safety chains are provided, the second (logic) safety chain is generally implemented in the microprocessor-based system, but the latter system must be independent of and separate from any boiler control and automation equipment. Consequently, the measures to be taken at present and installed are increasingly extensive and complicated, with relays, dedicated units, wiring, microprocessor-based systems communicating only via wired electrical contacts. Additionally, there is the risk of an operative interfering with the hardwired logic of the electromechanical safety chain when verifying correct operation of the safety sensors, to the extent of jamming a relay in the closed position, which very seriously compromises safe operation of the boiler.
Moreover, the French standard NF D36504 more particularly specifies (see section 4.2) that the operational reliability of a logic safety chain must be evaluated by a specific test procedure that injects errors directly into the equipment to simulate an internal fault, namely failure of all the memory bits taken one by one. A test of this kind takes a particularly long time to execute and adds considerably to the tests that precede the commissioning of this kind of boiler and increase costs commensurately.
The object of the invention is to remedy these drawbacks.