RAILWAY SYSTEMS & SOFTWARES
RS2 – Safety Relay dedicated to SIL2, SIL3 and SIL4 applications
The control of the safety systems is often done via safety relays. There is often confusion in the terms used for the notion of safety relay.
Relay “forcibly guided” according to EN 50205 standard
> In reality a lot of safety relays are simply forcibly guided relays according to EN 50205 standard, guaranteeing that it is impossible that a NO (Normally Opened) contact and a NC (normally closed) contact are established at the same time.
> Relays like the NS1 relays which meet NF F 70 030 standard, are also guaranteed to be fail-safe (not all the NS1 relays, and the RU are not). The fail-safe guarantee is obtained by the fact that the moving part of the relay is orientated in relation to earth‟s attraction.
> This way, via the effect of gravity”, the “working” contacts open if the relays coil is not powered. This implies that these relays may not be used in-board. These relays are mainly used in rail signalling facilities and are considered to be intrinsic safety relays with a SIL4 safety level.
Why has CLEARSY developed the RS2 relays?
> We have developed and set up systems like COPPILOT, COPP, DOF1 which are designed to control the screen doors of various underground rail systems. The opening function on these systems is level SIL3. The opening control is given on exiting a relay contact in the working position. The security of the safety function on our systems is based on the fact that we safely detect that the relay has remained stuck in the condition where the working contact is established.
The majority of the trade safety relays are made up of two (or more) relays “guaranteed not to overlap”. We will call these internal relays, PCB relays.
After looking into the various catalogues of those who build safety relays, we didn’t find an ‘off-the-shelf’ relay which corresponded with the desired needs:
> It integrates two PCB relays which meet NF F 50205 standard.
> The two PCB relays are coming from different series to protect against the shared modes introduced by manufacturing errors involving a single series.
> Two “working” contacts from each PCB relay are twisted in series to work out the security output.
> The distances between the internal tracks and the pins of the safety control must respect the NF F 74003 standard to guarantee the absence of a short circuit (greater than 5mm in the outer layer of the PCB)
> The distances between the control of the PCB relays and the security output strips must insist on insulation tensions of 2,000V.
> The rereading of the state of these PCB relays must be able to be done by a resting contact from each PCB relay.
Why should the rereading be done by a resting contact?
It is worth remembering that the security of the safety function on our systems is based on the fact that we will safely detect that one of the PCB relays has remained stuck in the condition where the working contact is established.
If we carry out this rereading via another working contact (reread the definition of the contact guaranteed not to overlap), we cannot be certain that the safety contact is established if the rereading contact isn’t.
On the other hand, via construction, if a resting contact is established, all the “working” contacts are not.
Hence the need to have rereading done by a resting contact from each PCB relay toward the safety automaton or the safety relay.validation circuit.
For the majority of safety relays, the resting contacts of the PCB relays are twisted together in series, it is then impossible to really detect whether one of the two or three PCB relays is “stuck”.
> Possible power supply tensions: 24V, 48V, +BT 72V (with a range of 0.75 to 1.4 times the nominal tension)
> Switching capacity: 3A under 230V or 4A under 24V
> Lifespan: >20×106
> Temperature range:-40°C à +80°C
> The relay boxes on internal PCBs are IP67.
> Performance with vibrations of 10Hz to 200Hz, a range of 0.35mm, 5g maximum