Machinery Safety 101

Why Conventional EMC Testing is Insufficient for Functional Safety

This art­icle was updated in May 2020. Author’s note: While this art­icle is now 12 years old, the top­ic of EMC and Func­tion­al Safety has only become more import­ant. IEC TC 77’s move to change IEC/TS 61000 – 1‑2 from a Tech­nic­al Spe­cific­a­tion to an Inter­na­tion­al Stand­ard is evid­ence of this. Con­sid­er­ing the impact of elec­tro­mag­net­ic phe­nom­ena on the func­tion­al safety of machinery and oth­er tech­nic­al sys­tems is an import­ant, and often neg­lected, part of machinery safety engin­eer­ing. I encour­age read­ers to bet­ter under­stand this aspect of design and to take steps to imple­ment addi­tion­al EMC test­ing to bet­ter val­id­ate the robust­ness of their designs. – DN

At the 2008 IEEE PSES Sym­posi­um On Product Com­pli­ance Engin­eer­ing, I atten­ded a couple of inter­est­ing work­shops on EMC and Func­tion­al Safety. One was called “Work­shop on EMC & Func­tion­al Safety” [1] presen­ted by Keith Arm­strong, Bill Radasky and Jacques Delaballe. The oth­er was a paper present­a­tion called “Why Con­ven­tion­al EMC Test­ing is Insuf­fi­cient for Func­tion­al Safety” [2], presen­ted by Keith Arm­strong.

For read­ers who are new to the idea of func­tion­al safety, this field deals with the abil­ity of a product or sys­tem to func­tion in it’s inten­ded use envir­on­ment, or in any fore­see­able use envir­on­ments, while reli­ably provid­ing the pro­tec­tion required by the users. Here are the rel­ev­ant form­al defin­i­tions:

3.1.9
func­tion­al safety
part of the over­all safety relat­ing to the EUC and the EUC con­trol sys­tem which depends on the cor­rect func­tion­ing of the E/E/PE safety-related sys­tems, oth­er tech­no­logy safety-related sys­tems and extern­al risk reduc­tion facil­it­ies

3.2.3
equip­ment under con­trol (EUC)
equip­ment, machinery, appar­at­us or plant used for man­u­fac­tur­ing, pro­cess, trans­port­a­tion, med­ic­al or oth­er activ­it­ies

NOTE – The EUC con­trol sys­tem is sep­ar­ate and dis­tinct from the EUC.

Table 1: (E/E/PE) elec­tric­al / elec­tron­ic / pro­gram­mable elec­tron­ic

IEC 61508 – 4:1998 [3]

Reli­ab­il­ity require­ments are found in two key stand­ards, ISO 13849 [4], [5], and IEC 61508 [6]. These two stand­ards over­lap to some degree and do not define reli­ab­il­ity cat­egor­ies in the same way, which fre­quently leads to con­fu­sion. In addi­tion, there is a machinery sec­tor-spe­cif­ic stand­ard based on IEC 61508, called IEC 62061, Safety of machinery – Func­tion­al safety of safety-related elec­tric­al, elec­tron­ic and pro­gram­mable elec­tron­ic con­trol sys­tems [7]. These three stand­ards make ref­er­ence to EM effects on sys­tems but do not provide guid­ance on how to assess these phe­nom­ena. This is where IEC/TS 61000 – 1‑2 [9] comes into play.

All three presenters are expert mem­bers of IEC TC 77 and are dir­ectly engaged in writ­ing the second edi­tion of IEC/TS 61000 – 1‑2 (more info on this at the bot­tom of this post). This IEC Tech­nic­al Spe­cific­a­tion deals with elec­tro­mag­net­ic (EM) effects on equip­ment that res­ult in func­tion­al safety prob­lems, like fail­ures in guard­ing cir­cuits, or fail­ures in some of the new pro­gram­mable safety sys­tems. This is becom­ing an increas­ingly import­ant issue as pro­gram­mable con­trols migrate into the tra­di­tion­ally hard­wired safety world. In fact, Mr. Arm­strong poin­ted out that EM effects are present in many of our “tried and true” cir­cuits, but the fail­ures have been incor­rectly attrib­uted to oth­er phe­nom­ena because most elec­tric­al engin­eers have not been used to think­ing about these phe­nom­ena, espe­cially in 24 V d.c. relay-based con­trol cir­cuits.

In the work­shop, the presenters dis­cussed a typ­ic­al product life cycle, then went on to explore the typ­ic­al envir­on­ments that a product may be exposed to, includ­ing the EM and phys­ic­al envir­on­ments. They went on to dis­cuss the need for an EMC-related Risk Assess­ment and then fin­ished up by look­ing at Elec­tro­mag­net­ic Safety Plan­ning. The whole work­shop took the entire second day of the Sym­posi­um.

A key point in the work­shop is that con­ven­tion­al EMC test­ing can­not prac­tic­ally prove that sys­tems are safe. This is due to the struc­ture of the EMC tests that are nor­mally under­taken, includ­ing the use of fixed mod­u­la­tion fre­quen­cies dur­ing immunity test­ing, fail­ure to assess inter­mod­u­la­tion effects and many oth­er issues. In addi­tion, EMC test­ing does not and can­not test for aging effects on per­form­ance, wear & tear and oth­er use-related con­di­tions. The presenters dis­cussed a num­ber of ways that these prob­lems could be addressed and ways that test­ing could be exten­ded in select­ive ways to attack pre­dicted vul­ner­ab­il­it­ies. Con­ven­tion­al EMC test­ing does not con­sider the reli­ab­il­ity require­ments of the tested product (i.e. IEC 61508 – 1 SIL‑3 or SIL‑4).

On the fol­low­ing morn­ing, Keith Arm­strong presen­ted his paper. In this paper, Mr. Arm­strong went into con­sid­er­able detail on the short­com­ings of con­ven­tion­al EMC test­ing when it comes to Func­tion­al Safety. He sug­ges­ted some approaches that could be used by man­u­fac­tur­ers to address these issues in safety-crit­ic­al applic­a­tions.

The work­shop present­a­tions and Mr. Arm­stong’s paper can be pur­chased through IEEE Xplore for those that did not attend the Sym­posi­um.

The IET has pub­lished a book entitled Elec­tro­mag­net­ic Com­pat­ib­il­ity for Func­tion­al Safety. Unfor­tu­nately, this book is no longer avail­able from the IET, how­ever, here is anoth­er source.

Keith Arm­strong, Bill Radasky and Jacques Delaballe are mem­bers of IEC Tech­nic­al Com­mit­tee 77. Since the ori­gin­al pub­lic­a­tion of this art­icle in 2008, IEC/TS 61000 – 1‑2 Ed 2.0, has been with­drawn and con­ver­ted to an inter­na­tion­al stand­ard, pub­lished as IEC 61000 – 1‑2 [9].

IEC TC 77 Elec­tro­mag­net­ic com­pat­ib­il­ity

Keith Arm­strong is Prin­cip­al Con­sult­ant at Cherry Clough Con­sult­ants in Broc­ton, UK.

Bill Radasky works with Met­a­t­ech Cor­por­a­tion from his office in Goleta, Cali­for­nia.

Jacques Delaballe works for Schneider Elec­tric Indus­tries SAS in Gren­oble, France.

References

[1] 2008. Work­shop On EMC & Func­tion­al Safety.

[2] K. Arm­strong, “Why Con­ven­tion­al EMC Test­ing is Insuf­fi­cient for Func­tion­al Safety,” in IEEE PSES Sym­posi­um On Product Com­pli­ance Engin­eer­ing, 2008.

[3] Func­tion­al safety of electrical/electronic/programmable elec­tron­ic safety-related sys­tems – Part 4: Defin­i­tions and abbre­vi­ations, IEC 61508 – 4. Inter­na­tion­al Elec­tro­tech­nic­al Com­mis­sion (IEC), 1998.

[4] Safety of machinery — Safety-related parts of con­trol sys­tems — Part 1: Gen­er­al prin­ciples for design, ISO 13849 – 1. Inter­na­tion­al Organ­iz­a­tion for Stand­ard­iz­a­tion (ISO), 2006.

[5] Safety of machinery — Safety-related parts of con­trol sys­tems — Part 2: Val­id­a­tion, ISO 13849 – 2. Inter­na­tion­al Organ­iz­a­tion for Stand­ard­iz­a­tion (ISO), 2003.

[6] Func­tion­al safety of electrical/electronic/programmable elec­tron­ic safety-related sys­tems, IEC 61508, sev­en parts. Inter­na­tion­al Elec­tro­tech­nic­al Com­mis­sion (IEC), 1998/2000.

[7] Safety of machinery – Func­tion­al safety of safety-related elec­tric­al, elec­tron­ic and pro­gram­mable elec­tron­ic con­trol sys­tems, IEC 62061. Inter­na­tion­al Elec­tro­tech­nic­al Com­mis­sion (IEC), 2005.

[8] Elec­tro­mag­net­ic com­pat­ib­il­ity (EMC) – Part 1 – 2: Gen­er­al – Meth­od­o­logy for the achieve­ment of func­tion­al safety of elec­tric­al and elec­tron­ic sys­tems includ­ing equip­ment with regard to elec­tro­mag­net­ic phe­nom­ena, 2nd Ed., IEC/TS 61000 – 1‑2. Inter­na­tion­al Elec­tro­tech­nic­al Com­mis­sion (IEC), 2008.

[9] Elec­tro­mag­net­ic com­pat­ib­il­ity (EMC) – Part 1 – 2: Gen­er­al – Meth­od­o­logy for the achieve­ment of func­tion­al safety of elec­tric­al and elec­tron­ic sys­tems includ­ing equip­ment with regard to elec­tro­mag­net­ic phe­nom­ena, 1st Ed., IEC 61000 – 1‑2. Inter­na­tion­al Elec­tro­tech­nic­al Com­mis­sion (IEC), 2008.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

All original content on these pages is fingerprinted and certified by Digiprove