Unlike standard power supplies, safety one ensures a SIL level of safety function integrity and maximum operational reliability by intervening in the event of input voltage problems.
Why standard power supplies cannot be used in most industrial applications? First of all, a standard power supply is not designed based on IEC 61508, and then, it does not provide FMEDA (Failure Modes, Effects, and Diagnostic Analysis) failure analysis. A redundant SIL certified power supply meets IEC 61508 and IEC 61511 functional safety requirements, while ensuring maximum operational reliability, unlike a conventional one. During parallel operation with the power supply connected to different phases, the load is always reliably supplied.
A standard system does not have redundant surge protection and therefore cannot be used in safety applications. Furthermore, the external decoupling ORing diodes used for redundancy cause a voltage drop. Power supplies are the most sensitive component of a system in case of a failure, so much that the whole measurement loop could be compromised. A power or an operation failure with a load higher than 30 Vdc can cause serious damages to people, things and environment. This is the reason why it is important to use a safety power supply in fault situations that may bring the output voltage to 0 V or outside the 2-20 Vdc range. A SIL certified power supply reduces hazardous situations with built-in diagnostics. Safety systems are also designed to remain in a safe state even in the event of lack of power.
In general, the process industry market (among others) requires power supplies that can be installed in Zone 2. Then, they have to be compact, easy to install, maintain and repair, efficient, suitable for operation in harsh environments, with high integrity up to SIL3 and equipped with surge protection circuits in 1oo2 or 1oo3 configuration (parallel duplication or triplication). A safety power supply designed for SIL2/SIL3 levels and with energized-to-safety (ETS) features allows a fire & gas system to be energized, if needed.
Redundancy features are also needed in sectors like chemical, oil & gas, pharmaceutical, offshore, and in general in applications in which power failure causes loss of data, production, and safety. Redundant power supply systems can be successfully used in power plants and in manufacturing factories where each minute of downtime is extremely expensive.
Availability and redundancy
Availability (probability that a system will function properly when required) is also essential for power systems. In Energized to Safety (ETS) applications the redundant configuration 1oo2 or 1oo3 is needed to increase SIL level and reduce nuisance trips. In De-energized to Safe (DTS) applications, SIL level with 1oo1 configuration is increased by redundant configuration. Power supplies are not fail-safe devices or with PFD=0. For instance, in the 20-30 Vdc range, failures that can damage the instrumentation occur when voltages go above 30 Vdc. This is why it is necessary to introduce a redundant protection circuit for over voltages. Voltages in the 2-20V range can also cause failures because of the load being underpowered. This condition is partially avoided with redundancy techniques but there are more general causes of failure. In a SIS designed to operate in safe (de-energized) state, the power supply may be unable to operate. In industrial plants, power systems must be reliable, i.e. protected from surges and such that a safe state can be achieved so that continuity of operation is guaranteed.
Typically, a SIL3 rated power supply in redundant configuration meets safety requirements and normally energized operations in the 20-30 Vdc range. However, SIL certification requires that the PFDavg (average probability of failure on demand) is adjusted to a specific SIL level. SIL 3 level is generally suitable for Normally Energized (NE) applications with a single power supply without redundancy, while for Normally De-energized (ND) applications SIL1/SIL2 redundant power supplies are suitable. For ND/SIL3 applications a second level of redundancy is required. A redundant configuration is necessary to achieve the required SIL in ND applications, or availability in NE applications. In case of a failure in voltage control, the power supply limits voltage output without exceeding the 30V threshold. In all systems involved in a Safety Instrumented Function (SIF), a functional safety power supply must necessarily be used since its parameters are considered together with those of the other devices impacting in a SIS. Other important features of a safety power supply are hot swapping in zone 2, integrated local diagnostics (e.g. via display), redundancy achieved via rack mounting or external wiring, protection against overloads and short circuits.
Would you like to know more? Watch our webinar “Why standard power supplies can't be used in a SIF” at GMI YouTube channel