I'm involved in a back-and-forth with a customer over the design of an industrial server panel using an APC AP4421A rackmount Automatic Transfer Switch. The purpose of the ATS is to keep the server running should one of the two incoming 230 V AC supplies fail.
The current schematic, which goes back to before my time started at this job, has the RCD on the single output of the ATS. The reasoning behind this is as follows:
- Should an operator touch a live conductor, the imbalance between the two phases would trip the RCD and the whole circuit is then isolated.
The customer is insisting that the RCD should be at the input to the ATS and on each supply. The reasoning as to why this shouldn't be implemented and why the original circuit was designed as it is, is thus:
- Should an operator touch a live conductor, the imbalance between the two phases would trip the RCD. The ATS would then detect the first supply dropping out and switch to the second supply, continuing the exposure of the operator to the live circuit before the second RCD would trip.
Now I understand that the scenario above where the first RCD trips, the ATS would switch and then the second RCD trips would take tens of milliseconds, and the function of the RCDs would still be as intended.
A couple of important points: the panel is locked during normal operation and access restricted to qualified personnel. We are not privy to any safety devices that are installed upstream on the dual incoming supplies and neither are we in control of that.
I don't have access to any standards to refer back to, hence I'm looking for knowledge here (and in the background enquiring if we can purchase the standards below, which I believe are correct in this instance).
- IEC 60364: Low voltage electrical installations
- IEC 61439: Low‑voltage switchgear and controlgear assemblies.
Any practical advice is greatly appreciated and if any clarification is required, I can help with that.
Thank you for reading.