Multi-level Protection

safety_shield

What kind of protection have you designed in your installation to guarantee the safety of your battery, your boat and the crew?  
I look at it as a cascade of protection levels designed to limit the risk of an incident turning into a major catastrophe.

Imagine you are on a sailing vessel in the English Channel.  It is night time, commercial traffic is dense and a storm is heading your way.  What if suddenly you lose energy on board?  no light, no charts, no radar, no autopilot… therefore you cannot leave the helm to see what’s the problem.  Your boat, your crew and you are at risk.  You are in the shit!

Although this example is a bit extreme, if your only protection is a fuse or a circuit breaker you could find yourself in challenging and even dangerous situations.  The same will happen if your BMS just disconnects the load when the battery voltage is low!

If you are serious about your safety and value your installation you should think of ways to avoid that.  One of the way is to anticipate by getting early warning that something is not “normal” and having time to fix the problem before it gets worse.

A multi-level protection approach will get you on the right track…

 

Multi-level protection

Think about it as a number of measures you or your BMS can take to stay in a safety zone.  I have grouped those measures in 6 levels of protection.  Level 6 is the one you do not want to get activated – but it will protect you if everything else fails!

Here are some thoughts about those levels applied to an off-grid electrical installation:

This is the responsibility of the manufacturer or installer.  It should include 

  • the use of fail-safe equipment (remain safe even in the event of a failure)
  • electric diagrams showing all the components, their connections and their location
  • implementation of standards, regulations and guidelines that apply to your installation
  • clean wiring with references to the electric diagrams
  • documentation of modifications and updates of electric diagrams as needed

These are alternators, generators, regulators, chargers… they must be:

  • fail-safe
  • adapted to lithium battery charging
  • adjustable to meet your needs in different situations (e.g. lower the charge voltage when your installation is not used)

A parameter of your installation drifting outside of the “normal” situation could be the sign of an emerging problem:

  • charge voltage above the voltage set on the charger (charger settings have changed, defective charger…)
  • current above the theoretical maximum consumption (defective equipment, short-circuit…)
  • higher temperature of one cell (poor cell connection, failing cell…)

The earlier you are informed about such situations, the more chance you have to find and fix the cause before it gets worse.

These are the actions undertaken to address the cause of of the “early warnings”.  They can be a human intervention to fix things, or an automated operation: 

  • stop all chargers
  • disconnect all non essential equipment (keep the safety equipment operational)
  • start / stop a generator
  • start /stop a  cooling or warming system for the battery enclosure
  • start / stop an equipment that will take advantage of a high charge (boiler, water maker…)

These measures are defined to avoid getting the alarms at level 5

If the corrective actions do not have the expected effect and the situation gets worse, then critical alarms must be triggered before level 6 protection.  This gives you a short time to react:
  • fix the problem
  • connect safety and essential equipment to alternative source of energy
  • get prepared for a power outage
  • shut down the system 

This is generally the disconnection of the battery bank by a circuit-breaker, a short time after the critical alarm.

It is also the protection level that gets activated instantaneously (fuse) in the case of an imminent danger like a short-circuit (no time for early warning!).

If safety matters to you, you should check that your installation / BMS do:

  • implement protection levels 3 and 4 (early warning and possibility to fix problems before battery disconnection)
  • differentiate levels 5 and 6 (the alarm is given before the battery is disconnected)
Yin-Yang_green

TAO.bms implements levels 3 to 6 in a flexible manner

User defined warnings and alarms based on voltage, temperature, current or SOC

Six outputs to command safety devices or other equipment

Leave a Reply