Early in the design phase, engineers are faced with choices regarding how they design networks conforming to the hazardous area classifications. Many users in North America find their area classifications are Class 1, Division 2 as defined by the ANSI/NFPA standards, equivalent to "Zone 2" in IEC 60079-10. Even before the widespread use of bus technologies, users frequently deployed the "non-incendive" concept for 24-VDC instrumentation.
Non-incendive means a well-maintained system protected from casual tampering won't create enough heat or a spark of sufficient energy to ignite a hazardous atmosphere. It can also mean that the system employs current-limiting circuitry that ensures the energy of a fault will be too low to ignite a hazardous vapor.
Profibus PA and Foundation fieldbus solutions offered by suppliers such as Pepperl+Fuchs, MTL, MooreHawke, Turck, Stahl, Cobalt and others (see the Fieldbus.org website) for a complete listing of certified products) achieve hazardous area standards in a variety of ways, many of which rely on energy-limiting circuitry. Twisted pairs extending from such networks are individually current-limited, which is how the spurs preserve the non-incendive properties required for live working. This means an energy-limited spur can have enclosure covers removed, hazardous area-compliant test equipment connected, and can be worked on without a "hot work" permit.
The trunk is another matter. In solutions designed to achieve an NEC (NFPA) non-incendive rating, the trunk itself is not current-limited, and can carry in excess of 500 mA. This is great if you have heavily loaded segments and segments with power-hungry, two-wire transmitters, but 500 milliamps means there's no protection for interaction with the trunk in the classified area while you're under power. A gas test and hot work permit and, possibly, persistent monitoring, depending on local practices and concerns, are required. You can power down the trunk from the safe area, but that would mean all the devices on the segment would power down and remain out of service for the duration. I have found it very challenging to power down segments while the plant is down—let alone while the process is up and generating revenue. Powering down is not an attractive option.
Intrinsically safe (IS) solutions called "high-power trunk" preserve the high current capability of the non-incendive solution, and permit the user to have IS spurs. The issue of live working of the trunk typically is addressed by segregating the trunk terminations and enclosing them separately. You have to work at it a bit, but you could still conceivably undo the protective measures, and connect to the trunk under power.
As we design systems that will be turned over to less trained and experienced workers, maybe the choices that are "most foolproof" will be more compelling. There are solutions available that ensure even the trunk isn't an ignition source for live-working. Contemplating such scenarios, I can visualize the multitude of troubles that the heedless, untrained or ignorant can get themselves into. Live-working on the trunk during process operation is unwise for another reason: the trunk is the common-mode fault path for all the devices on the segment, and it's best to leave it be once it's landed. Nowadays we always connect test equipment at unused spurs.
