Why Conventional EMC Testing is Insufficient for Functional Safety

At the recent PSES Symposium, I atten­ded a couple of inter­est­ing work­shops on EMC and Functional Safety. One was called “Workshop on EMC & Functional Safety” presen­ted by Keith Armstrong, Bill Radasky and Jacques Delaballe. The oth­er was a paper present­a­tion called “Why Conventional EMC Testing is Insufficient for Functional Safety” presen­ted by Keith Armstrong. 

For read­ers who are new to the idea of Functional Safety, this field deals

At the recent PSES Symposium, I atten­ded a couple of inter­est­ing work­shops on EMC and Functional Safety. One was called “Workshop on EMC & Functional Safety” presen­ted by Keith Armstrong, Bill Radasky and Jacques Delaballe. The oth­er was a paper present­a­tion called “Why Conventional EMC Testing is Insufficient for Functional Safety” presen­ted by Keith Armstrong.

For read­ers who are new to the idea of Functional Safety, this field deals with the abil­ity of a product or sys­tem to func­tion in it’s inten­ded use envir­on­ment, or in any fore­see­able use envir­on­ments, while reli­ably provid­ing the pro­tec­tion required by the users. Here’s the form­al defin­i­tion taken from IEC 61508 – 4:1998:


3.1.9
func­tion­al safety
part of the over­all safety relat­ing to the EUC and the EUC con­trol sys­tem which depends on the cor­rect func­tion­ing of the E/​E/​PE safety-​related sys­tems, oth­er tech­no­logy safety-​related sys­tems and extern­al risk reduc­tion facilities

3.2.3
equip­ment under con­trol (EUC)
equip­ment, machinery, appar­at­us or plant used for man­u­fac­tur­ing, pro­cess, trans­port­a­tion, med­ic­al or oth­er activities

NOTE – The EUC con­trol sys­tem is sep­ar­ate and dis­tinct from the EUC.

Table 1: (E/​E/​PE) elec­tric­al /​ elec­tron­ic /​ pro­gram­mable electronic

Reliability require­ments are found in two key stand­ards, ISO 13849 and IEC 61508. These two stand­ards over­lap to some degree, and do not define reli­ab­il­ity cat­egor­ies in the same way, which fre­quently leads to con­fu­sion. In addi­tion there is a Machinery Sector Specific stand­ard based on IEC 61508, called IEC 62061, Safety of machinery – Functional safety of safety-​related elec­tric­al, elec­tron­ic and pro­gram­mable elec­tron­ic con­trol sys­tems. These three stand­ards make ref­er­ence to EM effects on sys­tems but do not provide guid­ance on how to assess these phe­nom­ena. This is where IEC TS 61000 – 1-​2 comes into play.

All three experts are mem­bers of IEC TC 77 and are dir­ectly engaged in writ­ing the second edi­tion of IEC TS 61000 – 1-​2 (more info on this at the bot­tom of this post). This IEC Technical Specification deals with elec­tro­mag­net­ic (EM) effects on equip­ment that res­ult in func­tion­al safety prob­lems, like fail­ures in guard­ing cir­cuits, or fail­ures in some of the new pro­gram­mable safety sys­tems. This is becom­ing an increas­ingly import­ant issue as pro­gram­mable con­trols migrate into the tra­di­tion­ally hard­wired safety world. In fact, Keith poin­ted out that EM effects are present even in many of our “tried and true” cir­cuits, but the fail­ures have been incor­rectly attrib­uted to oth­er phe­nom­ena because most elec­tric­al engin­eers have not been used to think­ing about these phe­nom­ena, espe­cially in 24Vdc relay-​based con­trol circuits.

In the work­shop, the presenters dis­cussed a typ­ic­al product life cycle, then went on to explore the typ­ic­al envir­on­ments that a product may be exposed to, includ­ing the EM and phys­ic­al envir­on­ments. They went on to dis­cuss the need for an EMC-​related Risk Assessment and then fin­ished up by look­ing at Electromagnetic Safety Planning. The whole work­shop took the entire second day of the Symposium.

A key point in the work­shop is that con­ven­tion­al EMC test­ing can­not prac­tic­ally prove that sys­tems are safe. This is due to the struc­ture of the EMC tests that are nor­mally under­taken, includ­ing the use of fixed mod­u­la­tion fre­quen­cies dur­ing immunity test­ing, fail­ure to assess inter­mod­u­la­tion effects and many oth­er issues. In addi­tion, EMC test­ing does not and can­not test for aging effects on per­form­ance, wear & tear and oth­er use-​related con­di­tions. The presenters dis­cussed a num­ber of ways that these prob­lems could be addressed and ways that test­ing could be exten­ded in select­ive ways to attack pre­dicted vul­ner­ab­il­it­ies. EMC test­ing does not con­sider the reli­ab­il­ity require­ments of the tested product (i.e. IEC 61508 – 1 SIL-​3 or SIL-4).

On the fol­low­ing morn­ing, Keith Armstrong presen­ted his paper. In this paper, Mr. Armstrong went into con­sid­er­able detail on the short­com­ings of con­ven­tion­al EMC test­ing when it comes to Functional Safety. He sug­ges­ted some approaches that could be used by man­u­fac­tur­ers to address these issues in safety crit­ic­al applications.

The work­shop present­a­tions and Mr. Armstong’s paper can be pur­chased through IEEE Xplore for those that did not attend the Symposium.

The IET has pub­lished a new book, avail­able for free from their web site, entitled Electromagnetic Compatibility for Functional Safety. This guide will be reviewed in a future post, so keep reading!

Keith Armstrong, Bill Radasky and Jacques Delaballe are mem­bers of IEC Technical Committee 77, writ­ing IEC TS 61000 – 1-​2 Ed 2.0, ELECTROMAGNETIC COMPATIBILITY (EMC) – PART 1 – 2: GENERAL – METHODOLOGY FOR THE ACHIEVEMENT OF THE FUNCTIONAL SAFETY OF ELECTRICAL AND ELECTRONIC EQUIPMENT WITH REGARD TO ELECTROMAGNETIC PHENOMENA. Edition 2 of this stand­ard should be pub­lished by Mar-​2009 accord­ing to the IEC.

Keith Armstrong is Principal Consultant at Cherry Clough Consultants in Brocton, UK.

Bill Radasky works with Metatech Corporation from his office in Goleta, California.

Jacques Delaballe works for Schneider Electric Industries SAS in Grenoble, France.