30    Chapter Three
















                                  FIGURE 3.1 Faults compromising safety.

                                  of as a function of time. We can define safety at time t as the proba-
                                  bility (i.e., quantity comprised between 0 and 1) that the item will not
                                  cause a dangerous voltage exposure as a consequence of faults. Elec-
                                  trical safety of an ECP must be referred to as the absence of “superfi-
                                  cial” dangerous potentials on its enclosure and must not be confused
                                  with its functionality. Some faults, in fact, may compromise safety
                                  against electric shock but not the operation of the equipment, which
                                  may keep working. This concept is shown in the Venn diagram in
                                  Fig. 3.1.
                                     Faults falling in set III, but not in set II, create the most hazardous
                                  situation,asthelackofsafetyisnotrevealedbythelossoffunctionality
                                  of the equipment.
                                     In formulas:

                                                              N − F(t)
                                                        S(t) =                          (3.1)
                                                                 N
                                  where N denotes the total number of identical items, while F(t)is
                                  the number of equipment among N, whose enclosure became “hot”
                                  after the time t. The numerator of Eq. (3.1) represents the number of
                                  “safe” items against electric shock after the cumulative time t during
                                  which items have been functioning. As the exposure time t to risk
                                  progresses, the number of items becoming “live” will increase and
                                  safety asymptotically will approach zero. Hypothetically speaking,
                                  after infinite time, electrical accident will surely happen, as the basic
                                  insulation as well as other deployed PMs will no longer carry out
                                  their protective functions because of their inevitable aging. On the
                                  other hand, safety is at its maximum value (i.e., unity) when either
                                  the item is not energized or its failure cannot cause any hazardous
                                                                                    1
                                  situations (e.g., the item functions at extremely low voltages ).
                                     We can link safety to the failure rate of the single PM deployed
                                  on an item (e.g., Class I equipment). If the PM malfunctions (e.g., the
                                  basic insulation fails), the system being protected becomes unsafe.
                                  The reliability of the protective measure equates to the safety against
                                  indirect contact of the entire equipment.