The present invention relates to industrial control systems and in particular to an industrial control system for use in explosive or other hazardous environments.
Industrial controllers are special purpose computers used for controlling factory automation and the like. Under the direction of a stored program, a processor of the industrial controller examines a series of inputs reflecting the status of a controlled processor or device and changes outputs affecting control of the controlled process or device.
Generally industrial controllers are constructed in modular fashion to accommodate different applications requiring different numbers and types of input/output (I/O) circuits as is determined by the particular device or process being controlled. In such modular systems, a number of different functional modules connect together through a common backplane in a rack or the like to share data and power.
Often a controlled process may require control points (e.g., sensors or actuators) in an environment exposed to combustible vapors or airborne particles. In such hazardous environments, electrical arcing or excessive temperature in electrical equipment can cause an explosion. Electrical equipment intended for use in such hazardous environments must conform to certain safety standards intended to reduce the chance or effect of an explosion. Under such standards, the equipment may be placed in a special housing that is flame-proof or explosion-proof Alternatively, the housing may be charged with an inert gas to prevent the infusion of explosive fumes. Other methods of protection are also available for use in hazardous environments, one of particular note is intrinsic safety.
Equipment that is designed to be "intrinsically safe" generally indicates that the electrical energy used by the equipment is properly limited or constrained to avoid the occurrence of sparks with sufficient energy to ignite a flammable atmosphere during a fault condition, and the surface temperatures are constrained to be below those needed to cause spontaneous ignition. Fault conditions must be considered as well as the energy storage characteristics of the components of the equipment.
A number of agencies certify equipment to an intrinsic safety standard. See generally, Underwriter's Laboratories document UL-913,1988, Intrinsically Safe Apparatus And Associated Apparatus For Use In Class I, II, and III, Division I, Hazardous (Classified) Locations. See also, National Electrical Code Handbook, 1993, Article 500, Hazardous (Classify) Locations, Article 504, Intrinsically Safe Systems, Article 505, Class I, Zone 0, 1 and 2 Locations. See also, FM Cl. No. 3600, March 1989, Electrical Equipment for Use in Hazardous (Classified) Locations General Requirements and Cl. No. 3610, October 1988, Intrinsically Safe Apparatus and Associated Apparatus for Use in Class I, II, III, Division 1 Hazardous (Classified) Locations. See also, EN50014:1992, Electrical Apparatus for Potentially Explosive Atmospheres, EN50020:1994, Electrical Apparatus for Potentially Explosive Atmospheres--Intrinsic Safety `i` and EN50039:1980, Electrical Apparatus for Potentially Explosive Atmospheres--Intrinsically Safe Electrical Systems `i`. These documents are hereby incorporated by reference.
The terms "intrinsic safety" and "intrinsically safe" as used herein do not indicate that the equipment presents no danger or that it meets the above standards but only that it is designed to permit use in some hazardous environments without additional precautions such as explosion-proof casings and the like.
In a typical control system where a portion of the controlled process is in a hazardous area, the industrial controller will be placed a distance away in a "safe" or non-hazardous area free from combustible gases. Input and output signals to and from the portion of the controlled process in the hazardous area are carried by long cables leading from the industrial control system to the respective portion of the controlled process. Where the components of the controlled process require high power levels, those components must be shielded by specialized housings to either protect them from combustible gases or to contain any explosion caused by arcing.
Those components in the hazardous area which use low levels of electrical power (insufficient to create an arcing hazard) must still be protected from possible fault conditions where a high voltage from the non-hazardous area inadvertently is conducted along the cables into the hazardous area. For this reason, cables passing into the hazardous area from the non-hazardous area, even for low power components, must first pass through a barrier circuit or an isolating circuit (penetrator circuits).
Barrier circuits shunt hazardous energy to special ground connections. In a typical barrier circuit, electrical power passing from the non-hazardous area to the hazardous area will pass through a fuse to the cathodes of one or more voltage limiting Zener diodes having their anodes connected to ground. High voltages are thus shunted safely to ground. Current into the area is limited by a resistor following the voltage limiting Zener diodes. Isolators work by separating the two halves of a conductor so there is no direct current path for any hazardous energy from the non-hazardous side to the hazardous area. A typical isolator may use transformers, capacitors or optical-type isolators as its means of separating two halves of a conductor.
When there are many points of control in a hazardous area, the cost to the control system may be substantial driven by the cost of the barriers or isolators (both in materials and in installation) for each control point, the long runs of wiring, and the need for a separate, removed non-hazardous control area in which to place the control system.