Why Conventional EMC Testing is Insufficient for Functional Safety

At the recent PSES Sym­po­sium, I attend­ed a cou­ple of inter­est­ing work­shops on EMC and Func­tion­al Safe­ty. One was called “Work­shop on EMC & Func­tion­al Safe­ty” pre­sent­ed by Kei­th Arm­strong, Bill Radasky and Jacques Dela­balle. The oth­er was a paper pre­sen­ta­tion called “Why Con­ven­tion­al EMC Test­ing is Insuf­fi­cient for Func­tion­al Safe­ty” pre­sent­ed by Kei­th Arm­strong.

For read­ers who are new to the idea of Func­tion­al Safe­ty, this field deals with the abil­i­ty of a prod­uct or sys­tem to func­tion in it’s intend­ed use envi­ron­ment, or in any fore­see­able use envi­ron­ments, while reli­ably pro­vid­ing the pro­tec­tion required by the users. Here’s the for­mal def­i­n­i­tion tak­en from IEC 61508–4:1998:


3.1.9
func­tion­al safe­ty
part of the over­all safe­ty relat­ing to the EUC and the EUC con­trol sys­tem which depends on the cor­rect func­tion­ing of the E/E/PE safe­ty-relat­ed sys­tems, oth­er tech­nol­o­gy safe­ty-relat­ed sys­tems and exter­nal risk reduc­tion facil­i­ties

3.2.3
equip­ment under con­trol (EUC)
equip­ment, machin­ery, appa­ra­tus or plant used for man­u­fac­tur­ing, process, trans­porta­tion, med­ical or oth­er activ­i­ties

NOTE — The EUC con­trol sys­tem is sep­a­rate and dis­tinct from the EUC.

Table 1: (E/E/PE) elec­tri­cal / elec­tron­ic / pro­gram­ma­ble elec­tron­ic

Reli­a­bil­i­ty require­ments are found in two key stan­dards, ISO 13849 and IEC 61508. These two stan­dards over­lap to some degree, and do not define reli­a­bil­i­ty cat­e­gories in the same way, which fre­quent­ly leads to con­fu­sion. In addi­tion there is a Machin­ery Sec­tor Spe­cif­ic stan­dard based on IEC 61508, called IEC 62061, Safe­ty of machin­ery – Func­tion­al safe­ty of safe­ty-relat­ed elec­tri­cal, elec­tron­ic and pro­gram­ma­ble elec­tron­ic con­trol sys­tems. These three stan­dards make ref­er­ence to EM effects on sys­tems but do not pro­vide guid­ance on how to assess these phe­nom­e­na. This is where IEC TS 61000–1-2 comes into play.

All three experts are mem­bers of IEC TC 77 and are direct­ly engaged in writ­ing the sec­ond edi­tion of IEC TS 61000–1-2 (more info on this at the bot­tom of this post). This IEC Tech­ni­cal Spec­i­fi­ca­tion deals with elec­tro­mag­net­ic (EM) effects on equip­ment that result in func­tion­al safe­ty prob­lems, like fail­ures in guard­ing cir­cuits, or fail­ures in some of the new pro­gram­ma­ble safe­ty sys­tems. This is becom­ing an increas­ing­ly impor­tant issue as pro­gram­ma­ble con­trols migrate into the tra­di­tion­al­ly hard­wired safe­ty world. In fact, Kei­th point­ed out that EM effects are present even in many of our “tried and true” cir­cuits, but the fail­ures have been incor­rect­ly attrib­uted to oth­er phe­nom­e­na because most elec­tri­cal engi­neers have not been used to think­ing about these phe­nom­e­na, espe­cial­ly in 24Vdc relay-based con­trol cir­cuits.

In the work­shop, the pre­sen­ters dis­cussed a typ­i­cal prod­uct life cycle, then went on to explore the typ­i­cal envi­ron­ments that a prod­uct may be exposed to, includ­ing the EM and phys­i­cal envi­ron­ments. They went on to dis­cuss the need for an EMC-relat­ed Risk Assess­ment and then fin­ished up by look­ing at Elec­tro­mag­net­ic Safe­ty Plan­ning. The whole work­shop took the entire sec­ond day of the Sym­po­sium.

A key point in the work­shop is that con­ven­tion­al EMC test­ing can­not prac­ti­cal­ly prove that sys­tems are safe. This is due to the struc­ture of the EMC tests that are nor­mal­ly under­tak­en, includ­ing the use of fixed mod­u­la­tion fre­quen­cies dur­ing immu­ni­ty test­ing, fail­ure to assess inter­mod­u­la­tion effects and many oth­er issues. In addi­tion, EMC test­ing does not and can­not test for aging effects on per­for­mance, wear & tear and oth­er use-relat­ed con­di­tions. The pre­sen­ters dis­cussed a num­ber of ways that these prob­lems could be addressed and ways that test­ing could be extend­ed in selec­tive ways to attack pre­dict­ed vul­ner­a­bil­i­ties. EMC test­ing does not con­sid­er the reli­a­bil­i­ty require­ments of the test­ed prod­uct (i.e. IEC 61508–1 SIL-3 or SIL-4).

On the fol­low­ing morn­ing, Kei­th Arm­strong pre­sent­ed his paper. In this paper, Mr. Arm­strong went into con­sid­er­able detail on the short­com­ings of con­ven­tion­al EMC test­ing when it comes to Func­tion­al Safe­ty. He sug­gest­ed some approach­es that could be used by man­u­fac­tur­ers to address these issues in safe­ty crit­i­cal appli­ca­tions.

The work­shop pre­sen­ta­tions and Mr. Armstong’s paper can be pur­chased through IEEE Xplore for those that did not attend the Sym­po­sium.

The IET has pub­lished a new book, avail­able for free from their web site, enti­tled Elec­tro­mag­net­ic Com­pat­i­bil­i­ty for Func­tion­al Safe­ty. This guide will be reviewed in a future post, so keep read­ing!

Kei­th Arm­strong, Bill Radasky and Jacques Dela­balle are mem­bers of IEC Tech­ni­cal Com­mit­tee 77, writ­ing IEC TS 61000–1-2 Ed 2.0, ELECTROMAGNETIC COMPATIBILITY (EMC) — PART 1–2: GENERALMETHODOLOGY FOR THE ACHIEVEMENT OF THE FUNCTIONAL SAFETY OF ELECTRICAL AND ELECTRONIC EQUIPMENT WITH REGARD TO ELECTROMAGNETIC PHENOMENA. Edi­tion 2 of this stan­dard should be pub­lished by Mar-2009 accord­ing to the IEC.

Kei­th Arm­strong is Prin­ci­pal Con­sul­tant at Cher­ry Clough Con­sul­tants in Broc­ton, UK.

Bill Radasky works with Metat­e­ch Cor­po­ra­tion from his office in Gole­ta, Cal­i­for­nia.

Jacques Dela­balle works for Schnei­der Elec­tric Indus­tries SAS in Greno­ble, France.

Author: Doug Nix

Doug Nix is Managing Director and Principal Consultant at Compliance InSight Consulting, Inc. (http://www.complianceinsight.ca) in Kitchener, Ontario, and is Lead Author and Senior Editor of the Machinery Safety 101 blog. Doug's work includes teaching machinery risk assessment techniques privately and through Conestoga College Institute of Technology and Advanced Learning in Kitchener, Ontario, as well as providing technical services and training programs to clients related to risk assessment, industrial machinery safety, safety-related control system integration and reliability, laser safety and regulatory conformity. For more see Doug's LinkedIn profile.