Safety interlocks are crucial considerations when designing a control system of any nature. You will find safety interlocks in many things around you, often without even realising.
Think of your microwave at home… It will not switch on unless the door is closed. This is a safety interlock that is hard wired into the circuitry to prevent it from operating.
Safety interlocks come in all sorts of shapes and sizes, but they are normally some forms of switch that is either open or closed. Closed generally indicates that the interlock is intact, and it is safe to operate the plant.
Normally Open vs Normally Closed Circuits
Safety interlocks should be wired as normally closed circuits. This means that the circuitry has to be fully made it order for the interlocked device to operate. Think of it as a complete circuit. The reason we design safety interlocks as closed circuits is to prevent the plant from operating if any part of the interlock is damaged.
If the interlock was designed as an open circuit the device would still run if somebody cut through the cable or if the device broke. There are rare occasions where this may be the case but, in most instances, this would be incorrect and unsafe.
This is an example of a simple safety interlock. The gas valve is interlocked directly with the fire alarm via a closed contact. The main supply feeding the gas valve is connected through the fire alarm such that if the fire alarm activates the supply will break and the gas valve will close.
With BMS control panels it is rare for such interlocks to be applied as directly. They will do the same thing but often through relay contacts. This is so that the BMS can also monitor the status of the fire alarm to trigger other interlocks both physically and through the software.
Typical Safety Circuits
The gas valve above is an example of a normally closed safety circuit. The circuit is closed when everything is healthy, it opens if the fire alarm activates and subsequently shuts off the gas.
Another example would be a high temperature monitoring device. This may be the high limit thermostat inside a hot water cylinder. If it is triggered, you would expect the plant serving the hot water cylinder to shut down.
This is achieved by wiring the control signals through the normally closed circuit within the high limit thermostat.
The above example shows a normally closed safety circuit wired to an interlocking relay. The relay is used so that it can provide additional signals and interlocks (if required) throughout the panel.
The high limit device is wired normally closed, if the temperature exceeds the set value the contact will switch over and break the circuit. This will result in the Rx relay de-energising which drops the supply to the valve.
Relay Rx could be used to provide a controller with an input to indicate the status of the high limit thermostat for information / graphic purposes. It could also be used to interlock other items of plant, such as immersion heaters or primary pumps.
Open / Closed Symbols
As you can see from above, I like to keep my drawings quite simple. Sometimes this is not acceptable as there are standards which should be kept to for official drawings.
Over the years these standards have changed which has resulted in many different symbols being used to indicate open / closed contacts.
Most manufacturers stick to one symbol throughout all their wiring diagrams, however, not all manufacturers have stuck with the same one.
Examples of Closed symbols
Examples of Open symbols
Common Building Management System interlocks
Building Management System control panels are designed to safely operate the plant. This plant often consists of the same type of equipment; Ventilation, heating, hot water, Air conditioning, Cold water, the list goes on.
Some interlocks will be common to the various items of plants throughout the entire system. Probably the most common interlock on any BMS control panel would be the fire alarm interlock.
Fire alarm interlock
The fire alarm will often be monitored as this will shut down many items of plant throughout the building, a few examples are:
- Heating boilers
- Gas valves
- Air handling units
- Air conditioning units
- Hot water generators
- Heat recovery units
- Natural ventilation units
The interlock should be closed when healthy. This is so that if the wires are damaged or removed, the system will shut down as if a fire has occurred, or in other words, it will fail safe.
This means that the fire alarm relay within the control panel should be energised when healthy. This results in safety circuits being wired “Normally Open” from this relay since the relay is energised when healthy. If the relay de-energises, the circuit is broken and therefore any subsequent “N.O” circuits will be broken.
In some rare occasions items of plant may require a “fire blocking signal” that is closed to prevent the plant from operating rather than closed to allow. This is rare but it does happen. In this case this interlock would be wired “Normally Closed” from the fire relay in the BMS panel. Below is a snippet from a Lindab Heat Recovery Unit manual:
Seems strange but some manufacturers do it this way!
Pressurisation Unit
The pressure within the heating system is often monitored and controlled by a pressurisation unit. Sometimes the units can provide separate high and low fault indicators, but at the very least they should provide a “common fault” output to interlock with the BMS. This may also be labelled as the “boiler interlock” connections.
Typically, this is used to shut down any heating plant and associated pumps / valves when a fault is present.
The interlock should be wired normally closed to ensure it is fail safe.
Nowadays, more often than not, pressurisation units are digital. This means that the interlocking cables are connected to a relay output on board the PCB. If the pressurisation unit has both healthy and fault outputs you would normally connect to the healthy output so that it is a closed circuit that will open on fault.
Older units have built in pressure switches that can be connected to. With this type of unit, you may need to connect to both the high and low switch in series to ensure that you are correctly interlocked.
This is an example of the connections available from a modern pressurisation unit. In this case you would normally connect the BMS cable to terminals 7 and 8 for a closed, fail safe, connection.
Fan Hold off Thermostat
It is essential that a fan hold off thermostat is installed on any system where fresh air is being blown across a heating coil connected to the heating system.
The thermostat would typically be a capillary type of thermostat installed downstream of the heating coil. The thermostat should be set and wired so that the control circuit breaks when the temperature drops below the set value.
The capillary sensor is laid out across the heating coil to take the average temperature.
When triggered the fan should be disabled and the heating plant should be enabled. This would involve opening the valve, starting pumps and enabling the heating plant.
Once the temperature at the coil increases the thermostat will automatically reset and the fan will then restart.
Without this critical safety interlock, you run the risk off freezing the heating coil which may burst resulting in a very expensive repair job.
Additional Information
For more information about physical IO points within a Building Management System check out this post!
For Building Management Systems Modbus basics check out this post!
Interested in becoming a BMS Engineer?
Check out the following link to the BCIA website for more information.
