Just a tiny bit off-topic, but an interesting analysis of functional safety in
motor-control systems, from Analog Devices' Tom Meany, a member of IEC
SC22/MT12, working on the second draft of IEC 61800-5-2
http://bit.ly/2aQOwdT
Cheers,
Barry Rowland
Muenchen
On 4 August 2016 23:18:42 CEST, Brian Gregory wrote:
>Just like CE Compliance, the scope statement is the key. OEM's should
>state carefully where and how one does these things:the best use of
>language is not to say "it's SAFE" (unless you're a paid umpire). I
>counsel my customers to say that products have been tested to be in
>compliance with the proper component (safety) standard(s). Even
>Intertek and UL stay far away from the word "safe." "Safety" testing is
>done by product standard. UL 508 and the like have sections to deal
>with control systems. The best I've seen was actually in NFPA 79.
>Woodward's nice generation control PLCs are product certified to UL
>508. I consider this primary safety (against, fire, shock, etc.), and
>all please note that safety of control systems has been termed
>"Functional Safety." Leave the software out of it for now. How one
>establishes safety of control systems (which run the software), is a
>certification to IEC 61508.61508 calls the control systems (and
>potentially, sensors): Functional Safety of
>Electrical/Electronic/Programmable Electronic Safety-related Systems
>(E/E/PE, or E/E/PES). Woodward generation control systems (like
>Mironet+) cite SIL-3 certification for one example. UL 1998 is still
>around, but in five years of searching, I've not found any products
>certified to it. There are some good presentations, UL and MTL
>Instruments are the best I've seen so far. MTL's starts simple with
>terms like ALARP “As Little As Realistically Practicable”
>and concepts and goes into some level of detail for calculating MTBF,
>"dangerous failure rates" and PFD averages. MTL certifies systems and
>sensors to 61508, apparently. Don't let the discussions of risk
>assessment/analysis make you crazy, that's just what they want! UL's
>presentation is more friendly, far reaching and less detailed. Slide #
>19 lists all the relevant standards from IEC, ISO, etc. Give it whirl,
>and watch your terminology! "Colorado" Brian GregoryPower Plant
>Electrical Engineer,Leidos, Inc.
>720-450-4933
>
>-- Original Message --
>From: "Brian O'Connell"
>To: EMC-PSTC@LISTSERV.IEEE.ORG
>Subject: Re: [PSES] SAFETTY FEATURES controlled by SOFTWARE
>Date: Wed, 3 Aug 2016 16:37:02 +
>
>Please beat a rapid and clear path to the local expert at your
>preferred conformity assessment body. In the meantime, read UL1998,
>IEC61508, MISRA, and perhaps UL991 for FIT. And there is another IEC
>standard for power systems SIL that cannot remember.
>
>As for my employer's stuff - my 'tactic' has been to prove that the
>code is NOT a safety-critical component, rather than do a certification
>that plays probabilistic games with the "likelihood of occurrence".
>
>Brian
>
>
>From: Bolintineanu, Constantin [mailto:cbolintine...@tycoint.com]
>Sent: Wednesday, August 03, 2016 7:33 AM
>To: EMC-PSTC@LISTSERV.IEEE.ORG
>Subject: [PSES] SAFETTY FEATURES controlled by SOFTWARE
>
>
>Dear Colleagues,
>
>I would like to kindly ask those who have an extensive experience
>regarding the above subject, to share their opinion about the following
>aspect:
>
>Having a circuit which is charging a battery, and having it controlled
>and protected �by SOFTWARE ONLY from the point of view of
>CHARGING , DISCHARGING, OVERCHARGING,
>
>1. How do you think that SINGLE FAULT CONDITIONS shall be applied?
>(without SOFTWARE working at all? Or by providing a fault on the
>component where the SOFTWARE is stored? OR BOTH
>2. Which conditions do you think that shall be imposed to the software
>and/or to the memory in which it is stored?
>
>Any other suggestions/observations/comments are more than welcome.
>
>Sincerely,
>
>Constantin Bolintineanu P.Eng.
>
>
>
>
>This e-mail contains privileged and confidential information intended
>for the use of the addressees named above. If you are not the intended
>recipient of this e-mail, you are hereby notified that you must not
>disseminate, copy or take any action in respect of any information
>contained in it. If you have received this e-mail in error, please
>notify the sender immediately by e-mail and immediately destroy this
>e-mail and its attachments.
>-
>
>This message is from the IEEE Product Safety Engineering Society
>emc-pstc discussion list. To post a message to the list, send your
>e-mail to
>All emc-pstc postings are archived and searchable on the web at:
>http://www.ieee-pses.org/emc-pstc.html
>Attachments are not permitted but the IEEE PSES Online Communities site
>at http://product-compliance.oc.ieee.org/ can be used for graphics (in
>well-used formats), large files, etc.
>Web