At the recent PSES Symposium, I attended a cou­ple of inter­est­ing work­shops on EMC and Functional Safety. One was called “Workshop on EMC & Functional Safety” pre­sented by Keith Armstrong, Bill Radasky and Jacques Delaballe. The other was a paper pre­sen­ta­tion called “Why Conventional EMC Testing is Insufficient for Functional Safety” pre­sented by Keith Armstrong.

For read­ers who are new to the idea of Functional Safety, this field deals with the abil­ity of a prod­uct or sys­tem to func­tion in it’s intended use envi­ron­ment, or in any fore­see­able use envi­ron­ments, while reli­ably pro­vid­ing the pro­tec­tion required by the users. Here’s the for­mal def­i­n­i­tion taken from IEC 61508–4:1998:

–
3.1.9
func­tional safety
part of the over­all safety relat­ing to the EUC and the EUC con­trol sys­tem which depends on the cor­rect func­tion­ing of the E/​E/​PE safety-​​related sys­tems, other tech­nol­ogy safety-​​related sys­tems and exter­nal risk reduc­tion facilities

3.2.3
equip­ment under con­trol (EUC)
equip­ment, machin­ery, appa­ra­tus or plant used for man­u­fac­tur­ing, process, trans­porta­tion, med­ical or other activities

NOTE — The EUC con­trol sys­tem is sep­a­rate and dis­tinct from the EUC.

Table 1: (E/​E/​PE) elec­tri­cal /​ elec­tronic /​ pro­gram­ma­ble elec­tronic
–
Reliability require­ments are found in two key stan­dards, ISO 13849 and IEC 61508. These two stan­dards over­lap to some degree, and do not define reli­a­bil­ity cat­e­gories in the same way, which fre­quently leads to con­fu­sion. In addi­tion there is a Machinery Sector Specific stan­dard based on IEC 61508, called IEC 62061, Safety of machin­ery – Functional safety of safety-​​related elec­tri­cal, elec­tronic and pro­gram­ma­ble elec­tronic con­trol sys­tems. These three stan­dards make ref­er­ence to EM effects on sys­tems but do not pro­vide guid­ance on how to assess these phe­nom­ena. This is where IEC TS 61000−1−2 comes into play.

All three experts are mem­bers of IEC TC 77 and are directly engaged in writ­ing the sec­ond edi­tion of IEC TS 61000−1−2 (more info on this at the bot­tom of this post). This IEC Technical Specification deals with elec­tro­mag­netic (EM) effects on equip­ment that result in func­tional safety prob­lems, like fail­ures in guard­ing cir­cuits, or fail­ures in some of the new pro­gram­ma­ble safety sys­tems. This is becom­ing an increas­ingly impor­tant issue as pro­gram­ma­ble con­trols migrate into the tra­di­tion­ally hard­wired safety world. In fact, Keith pointed out that EM effects are present even in many of our “tried and true” cir­cuits, but the fail­ures have been incor­rectly attrib­uted to other phe­nom­ena because most elec­tri­cal engi­neers have not been used to think­ing about these phe­nom­ena, espe­cially in 24Vdc relay-​​based con­trol circuits.

In the work­shop, the pre­sen­ters dis­cussed a typ­i­cal prod­uct life­cy­cle, then went on to explore the typ­i­cal envi­ron­ments that a prod­uct may be exposed to, includ­ing the EM and phys­i­cal envi­ron­ments. They went on to dis­cuss the need for an EMC-​​related Risk Assessment and then fin­ished up by look­ing at Electromagnetic Safety Planning. The whole work­shop took the entire sec­ond day of the Symposium.

A key point in the work­shop is that con­ven­tional EMC test­ing can­not prac­ti­cally prove that sys­tems are safe. This is due to the struc­ture of the EMC tests that are nor­mally under­taken, includ­ing the use of fixed mod­u­la­tion fre­quen­cies dur­ing immu­nity test­ing, fail­ure to assess inter­mod­u­la­tion effects and many other issues. In addi­tion, EMC test­ing does not and can­not test for aging effects on per­for­mance, wear & tear and other use-​​related con­di­tions. The pre­sen­ters dis­cussed a num­ber of ways that these prob­lems could be addressed and ways that test­ing could be extended in selec­tive ways to attack pre­dicted vul­ner­a­bil­i­ties. EMC test­ing does not con­sider the reli­a­bil­ity require­ments of the tested prod­uct (i.e. IEC 61508–1 SIL-​​3 or SIL-​​4).

On the fol­low­ing morn­ing, Keith Armstrong pre­sented his paper. In this paper, Mr. Armstrong went into con­sid­er­able detail on the short­com­ings of con­ven­tional EMC test­ing when it comes to Functional Safety. He sug­gested some approaches that could be used by man­u­fac­tur­ers to address these issues in safety crit­i­cal applications.

The work­shop pre­sen­ta­tions and Mr. Armstong’s paper can be pur­chased through IEEE Xplore for those that did not attend the Symposium.

The IET has pub­lished a new book, avail­able for free from their web site, enti­tled Electromagnetic Compatibility for Functional Safety. This guide will be reviewed in a future post, so keep reading!

Keith Armstrong, Bill Radasky and Jacques Delaballe are mem­bers of IEC Technical Committee 77, writ­ing IEC TS 61000−1−2 Ed 2.0, ELECTROMAGNETIC COMPATIBILITY (EMC) — PART 1–2: GENERAL — METHODOLOGY FOR THE ACHIEVEMENT OF THE FUNCTIONAL SAFETY OF ELECTRICAL AND ELECTRONIC EQUIPMENT WITH REGARD TO ELECTROMAGNETIC PHENOMENA. Edition 2 of this stan­dard should be pub­lished by Mar-​​2009 accord­ing to the IEC.

Keith Armstrong  (keitharm­strongcher­rycloughcom)  is Principal Consultant at Cherry Clough Consultants in Brocton, UK.

href=“wradaskyaolcom“>Bill Radasky works with Metatech Corporation from his office in Goleta, California.

Jacques Delaballe  (jacquesdela­balleschneider-​​electriccom)  works for Schneider Electric Industries SAS in Grenoble, France.