1 February 2007
Safe Designs Dodge Downtime
A Virginia chemical plant explains the ins and outs of its bout with intrinsic safety
By Ellen Fussell Policastro
Producing chemicals to make active ingredients for important life-saving drugs can be a dangerous job. The opportunity for disaster lurks at every turn. But the process must go on, even in a hazardous atmosphere. That is why it is crucial to have instrumentation to measure flow, temperature, and flow rates in areas classified as hazardous while the plant is up and running. Implementing an explosion-proof control system might sound logical, but it is also costly and monstrous. The Boehringer Ingelheim plant, an active pharmaceutical ingredient (API) facility in Petersburg, Va., has been a long-time proponent of the traditional Entity protocol (parameters to limit the energy that can pass through a hazardous area), and it has considered the fieldbus intrinsically safe concept (FISCO) for its intrinsic safety. But Bruce Bradley, the company's senior project engineer, said the plant now uses a system that bypasses the limitations of the traditional Entity system, while offering the same benefits of FISCO. The results are more devices per segment, more power, less costs, and better ability to work on running equipment in a hazardous atmosphere.
An API produces active ingredients to sell to pharmaceutical companies that produce the final drug. The Boehringer Ingelheim plant produces ingredients for drugs designed to treat anxiety and hypertension, as well as the ingredient, nevirapine, that goes in the drug for HIV positive women, helping reduce the probability their child will contract HIV. "We started with the first fieldbus design, using old-school parameters (four devices on a segment)," Bradley said. "But we didn't get any benefit from the bus to reduce installation costs." While Entity doesn't give you a lot of power, which means fewer devices per segment, FISCO gives you more power, "but you're still limited with the number of devices," Bradley said. FISCO requires minimal engineering because it is a more system-based approach as opposed to individual component approaches. The plant's new system is still an Entity system, which requires some engineering, but it allows the plant to have more devices per segment.
What IS is
Intrinsically safe, or IS, designs are extremely safe but at the same time, very restrictive, said Mike O'Neill, fieldbus director with MooreHawke Fieldbus in Crawley, U.K. Fieldbus is plant-level networking for instruments, so by definition, there are multiple devices connected to any one line. All IS devices were created such that whether you have an explosion-proof device or an IS device, if there is an ignition source present, there won't be enough energy to ignite the environment. Since IS is restrictive and difficult to accomplish for one instrument, constructing IS fieldbus with up to 32 instruments is not possible with the level of power each instrument needs right now.
An IS system makes more sense because workers can make adjustments while machines are up and running. With the new system, "every single device drop (segment) is its own IS system," Bradley said. "You don't have to characterize it as an Entity system. I don't have to recheck parameters if I add a device. It doesn't require as much engineering as Entity because of the way it's designed. So I can get more devices on a single drop." In an IS environment, "you've given yourself the ability to work on devices without shutting the system down. You assume you can work on these devices safely, even in an explosive atmosphere." If a temperature transmitter's not working, there is no need to shut down the process. "Our process is the reason we're hazardous," Bradley said. "The IS system has been built and tested to a point that it's guaranteed."
Getting inside Entity
The Entity concept, developed by Factory Mutual in the 1950s, is based on using barriers and power suppliers to limit the amount of energy that can enter a hazardous area. In general, Entity systems are reliable, especially when based on simple resistive current-limiting. The problem from a design perspective, Bradley said, is "buses that have come out in the last few years, aren't specifically spelled out and addressed in any code book. In the past, we've followed the Entity IS installation, where you have barriers, devices, and cables, and your basic parameters, inductance, capacitance provide you with Entity parameters. In this case, you have to be the engineer," he said. Entity parameters are defined parameters developed through testing by the manufacturer and designed for use in a hazardous area. System designers have to make sure all the Entity parameters can work in the system together. "You don't want to buy a barrier and device and put a cable in that will allow you to contribute inductance to the system and cause a spark," Bradley said.
The conventional Entity solution allows 80mA per segment and hence only four times 20mA devices (80/20=4). If each segment can have only four devices, and a plant has 200 devices, that is 50 segments and two times 50 DCS cards at $3000 per pair, O'Neill said. A FISCO design stretches that to 115mA in the worst case, and 250mA if the particular gas hazard is not too severe (Group CD applications in the U.S.). "This sounds great until you realize FISCO turns out to be at least twice as expensive and has a much lower mean time to failure, or reliability, than the standard IS design, simply because the internal electronics design is complex," he said.
Fieldbus and FISCO
Fieldbus systems are suitable for use in many hazardous areas, that is, wherever 4-20mA instruments are in use. All forms of electrical protection (non-incendive, flameproof, intrinsically safe) are available to suit the requirements of any site preference or experience, but having multiple devices on the same wire pair does lead to additional design issues. IS systems are particularly difficult since it is hard enough to deliver power for a single instrument. Driving 10 or 16 devices is a real challenge, for which various solutions now exist based on Entity, FISCO, or split-architecture configurations.
FISCO is only one way to make fieldbus systems safe for hazardous locations, yet other solutions exist for instrument applications. (See accompanying piece on non-incendive issues.) Today's fieldbus instruments have no need for live access "since we make all adjustments electronically, through a laptop or workstation, and usually from the comfort of the control room," O'Neill said. Since fieldbus doesn't need the specific advantage that IS designs give (live access), the trend is moving away from using IS for fieldbus. "However, in a conservative engineering environment with vested interests, companies that almost exclusively offer IS equipment as well as companies dominated by European technology or engineering, still try to use the technology they know best irrespective of the problems it has, hence the availability of FISCO from Germany," he said.
Since the FISCO design is empirical, FISCO segments are restricted to about half the normal cable lengths as standard fieldbus. The plant's solution allows 350mA and therefore 16x20mA devices. In practice, they used eight devices per segment, but that still cut the DCS card bill in half. So, the advantages of the new mixed architecture costs less, has redundancy for power, and is prewired for fast installation. "Increasing the devices per segment reduces the number of segments overall and therefore reduces the cost," O'Neill said.
"If I need to today, I can go disconnect a fieldbus transmitter that's IS," Bradley said. "It won't conduct any energy and cause an explosion." All this testing was done years ago based on minimum energy ignition curves for a certain class of explosive or hazardous material. "So when you see Groups A, B, C, and D in the code book, they've grouped these different characteristics of different combustible materials based on how combustible they are. If our area is classified to Group C, the only materials in our area will be similar to Group C material, that's been tested to explode in certain amounts of energy."
Classes and divisions
Bradley's facility uses raw materials that are all carbon-based solvents-toluene methanol, and other types of raw materials are flammable and explosive-used for cleaning in making chemicals. This means everything onsite has to be installed via the National Electrical Code (NEC) Section 500, which tells you what types of marking and labeling all your devices have to have to be used in a hazardous classified area.
All three manufacturing buildings on Bradley's site are hazardous area classified, which includes everything from Class 1, Division 2, Groups C and D, to Class 1, Division 1, Groups C and D. Class I, Div. 1, is a location in which ignitable concentrations of flammable gases or vapors can exist under normal operating conditions. Class I, Div. 2, is a location in which ignitable concentrations of flammable gases or vapors can exist only under abnormal conditions, such as the accidental rupture of containers or systems or in case of abnormal operation of equipment. A typical Group C material is ethylene, and a typical Group D material is propane.
With an IS system, "there's no need for a hotwire permit or special sensing meters to sense an explosive environment," Bradley said.
"We just work as if we're in a general purpose area. It allows us to reduce downtime, and we don't have to evacuate the area. We don't have to take an area and make it sterile, free of hazardous gases, before we work on things. We don't have to empty the reactor or throw a batch in the trash. It may take hours to shut processes down just to work on one transmitter. With IS, we can diagnose problems without shutting down the process. It can still remain an explosive environment, and we're still able to work."
About the author
Ellen Fussell Policastro is the associate editor of InTech. Her e-mail is firstname.lastname@example.org.
It's a non-incendive issue
Fieldbus users now see non-incendive (NI) as a natural method for the protection of fieldbus segments, said Mike O'Neill, fieldbus director with MooreHawke Fieldbus in Crawley, U.K. (NI is like intrinsic safety, but rated for Div. 2, not Div. 1, and without most of the restrictions on design and use.) NI designs allow power supply redundancy (a key feature since users have 10, 12, and16 instruments on one wire pair) and still allows instruments to function properly and be disconnected live without switching off the bus, which would also switch off all the other instruments. O'Neill thinks non-incendive designs are "the way the bulk of the market is heading."
Intrinsically safe fieldbus was originally based on the Foundation fieldbus FF816 specification, which allowed Entity parameters for field devices to be at least 24V/250mA/1.2W. The barriers that were available initially only allowed around 80mA for gas groups A, B, C, D (NEC/II (IEC)), or four devices per segment, which is an unacceptably low number of devices in a practical application.
The fieldbus intrinsically safe concept (FISCO) was developed by the Physikalisch-Technische Bundesanstalt safety agency in Germany to try to overcome the limitations of standard intrinsically safe design in fieldbus applications. Intrinsic safety is a technique used to limit the available energy (voltage/current/power) in any instrumentation circuit to below that level that can cause ignition. This means even if you open boxes and short wires, nothing can produce a spark to ignite any gas or vapor, even if it were present at its ideal ignitable concentration.
Intrinsic safety technology is commonly used in Europe, even though it is hard to design and costly to make, because normal instruments and their users need access to the actual hardware on the plant, making adjustments to zero and span and changing elements or live working.
SOURCE: Mike O'Neill, fieldbus director with MooreHawke Fieldbus in Crawley, U.K.
ISA-SP12, Electrical Equipment for Hazardous Locations
Picking the Right Bus - A Comparison of Field and Device Networks (FG30C)
What Went Wrong? Case Studies of Process Plant Disasters 4th Edition