Multi-level protection

Imagine you are on a sailing vessel in the English Channel.  It is night time, commercial traffic is dense and a storm is heading your way.  What if suddenly you lose energy on board?  no light, no charts, no radar, no autopilot… therefore you cannot leave the helm to see what’s the problem.  Your boat and your crew are at risk.  You are in the shit!

Although this example is a bit extreme, if your only protection is a fuse or a circuit breaker you could find yourself in challenging and even dangerous situations.  The same will happen if your BMS just disconnects the load when the battery voltage is low!

The different levels of protection

Think about it as a number of measures you or your BMS can take to stay in a safety zone.  I have grouped those measures in 6 levels of protection.  Level 6 is the one you do not want to get activated – but it will protect you if everything else fails!

Here are some thoughts about those levels applied to an off-grid electrical installation:

1. Well designed, documented and implemented installation

This is the responsibility of the manufacturer or installer.  It should include 

• the use of fail-safe equipment (remain safe even in the event of a failure)
• electric diagrams showing all the components, their connections and their location
• implementation of standards, regulations and guidelines that apply to your installation
• clean wiring with references to the electric diagrams
• documentation of modifications and updates of electric diagrams as needed

---

2. Adapted charge equipment

These are alternators, generators, regulators, chargers… they must be:

• fail-safe
• adapted to lithium battery charging
• adjustable to meet your needs in different situations (e.g. lower the charge voltage when your installation is not used)

---

3. Early warning

A parameter of your installation drifting outside of the “normal” situation could be the sign of an emerging problem:

• charge voltage above the voltage set on the charger (charger settings have changed, defective charger…)
• current above the theoretical maximum consumption (defective equipment, short-circuit…)
• higher temperature of one cell (poor cell connection, failing cell…)
• …

The earlier you are informed about such situations, the more chance you have to find and fix the cause before it gets worse.

---

4. Corrective measures

These are the actions undertaken to address the cause of of the “early warnings”.  They can be a human intervention to fix things, or an automated operation: 

• stop all chargers
• disconnect all non essential equipment (keep the safety equipment operational)
• start / stop a generator
• start /stop a  cooling or warming system for the battery enclosure
• start / stop an equipment that will take advantage of a high charge (boiler, water maker…)

These measures are defined to avoid getting the alarms at level 5

---

5. Critical alarms

If the corrective actions do not have the expected effect and the situation gets worse, then critical alarms must be triggered before level 6 protection.  This gives you a short time to react:

• fix the problem
• connect safety and essential equipment to alternative source of energy
• get prepared for a power outage
• shut down the system 

---

6. Last resort protection

This is generally the disconnection of the battery bank by a circuit-breaker, a short time after the critical alarm.

It is also the protection level that gets activated instantaneously (fuse) in the case of a critical danger like a short-circuit (no time for early warning!).

Note that many BMS operate only this level of protection… so do your research.

---

If safety matters to you, you should check that your installation / BMS do:

• implement protection levels 3 and 4 (early warning and possibility to fix/ mitigate problems before battery disconnection)
• differentiate levels 5 and 6 (the alarm is given before the battery is disconnected)