SIL 3-rated relays: The new ‘accepted industry practice’

Accepted industry practice for process safety applications has been the use of standard relays in redundant or triplicate configurations to achieve 'safe’ standard relay functionality. This functionality has included: Unfortunately, the use of standard relays has its drawbacks in comparison to the new breed of SIL-rated relays.

By Mike Garrick, Phoenix Contact, Inc. April 15, 2007

Accepted industry practice for process safety applications has been the use of standard relays in redundant or triplicate configurations to achieve ‘safe’ standard relay functionality. This functionality has included:

Amplification

Isolation

Voltage level translation

Monitoring emergency stops

Monitoring safety guards.

Unfortunately, the use of standard relays has its drawbacks in comparison to the new breed of SIL-rated relays. The first and foremost advantage of the SIL-rated relay is the SIL rating itself.

The SIL-rated product guarantees a certain level of reliability, predictability and traceability that is directly related to failure consequences as defined in IEC 61508. Achieving this rating for a device is a big deal. It’s not as easy as developing a device according to a standard or a set of regulations and then submitting it to a test facility for ‘SIL testing.’

The IEC organization TÜV begins with an audit of the facility, followed by design reviews, test procedure audits and finally, auditing the quality assurance program.

To begin to grasp why a relay can have an SIL rating, we have to be aware of the required qualifications according to IEC 61508. For sake of simplicity, a device or process that qualifies for SIL receives input, solves logic and provides output based on logic in a reliable, predictable manner (Fig. 1).

How the SIL-3-rated relay works

Discrete components create the circuitry required to monitor the input and output and solve logic based on status. The outputs are electromechanical relays and are the heart of the SIL-3-rated relay. These electromechanical relays are force-guided (positively driven) contacts connected in series with the coils for the series contacts controlled in parallel for redundancy. At a minimum, two channels of this series combination are provided to the user.

Functionality of these force-guided contacts must be described to see the value being presented. The value begins with knowing that the minimum configuration for a force-guided contact is one normally closed contact and one normally open contact that are mechanically linked. It’s not possible that the ‘NO’ and ‘NC’ contacts are in the same state. If the ‘NO’ contact welds, the ‘NC’ contact cannot close when the relay is de-energized (Fig. 2).

In regard to reliability and safety, this functionality becomes apparent when two ‘NO’ contacts from force-guided relays are wired in series, and the ‘NC’ contact is monitored. Figure 3 shows how to make sense of the monitoring ability when an ‘NO’ contact in the series connection has not opened (welded). In this case, the logic must determine that the series connection should not be energized again due to the fact that the redundancy has been defeated.

The logic in the SIL-3-rated relays monitors the series combination of the force-guided contacts. Based on input from a SIL-rated PLC, DCS or other controller, the logic determines if it is safe to energize the outputs. This ability to receive input and to determine if the output should be energized qualifies this relay as a miniature SIL-rated relay system. If the relay made the decision not to energize, the controllers can base additional decisions on the status contact provided by the SIL-rated relay to determine the next steps.

In addition to the proper functional aspects, SIL 3-rated relays have physical improvements over standard relays. These physical advantages also lead to increased reliability. The reliability increase is not only desirable for hazardous locations but is desired for industrial machines in general.

Applications for the SIL 3-rated relay include:

As a reliable, predictable relay

Use as an interposing relay on 24-V outputs from SIL-rated PLCs, SIL-rated DCSs or other SIL-rated controllers

Monitoring shaft rotation

Emergency stop or safety door.

Even with shortcomings, using series-wired contacts from standard relays has been considered ‘accepted’ industry practice. However, ‘best’ industry practice should lend itself to the best available approach. The approach has become more versatile with a relay system that can be configured with redundant or double-redundant (quadruplicate) series contacts. Again, the SIL-3-rating itself provides audited and tested reliability/safety.

Finally, integrating SIL-rated devices into the overall system will lessen the responsibility/liability of in-house safety calculations, which is possibly the most important result of their use. It makes sense to take advantage of the manufacturer’s willingness to accept responsibility for the SIL calculation of their specific device.

For these reasons, a new ‘accepted industry practice’ has been redefined for the integration of relays in systems requiring SIL-ratings.

Author Information

Mike Garrick is lead product specialist for the interface product line at Phoenix Contact, Inc., Harrisburg, PA. He is responsible for power supplies, relays and systems cabling. Garrick was formerly a lead engineer in Phoenix Contact’s automation group.