From: Douglas Beckwith@MITEL on 10/31/2001 12:00 PM
I agree with everthing that has been said so far. The trouble comes with what
the agency "deems" to be critical. My experience with approvals agencies has
been that their definition of "Safety Critical" is somewhat unscientific. I have
often found that they tend to arbitrarily define a component as safety critical
because they don't understand the function of circuit and what the component
does in the application. The application of the compnent is best understood by
the designer, not the approvals agency. I have spent many hours arguing with a
well known Canadian safety agency on this question.
I spent a number of years in the defence industry doing fault tree analysis and
failure modes, effects and criticality analysis of components and circuits, and
this to me seems like a more scientific way to approach the definition of what
components ae safety critical. I tend to follow this process in definining the
critical components, by looking at their failure modes and contribution to the
overall flammability of the circuit, and I do not allow the safety approval
agency to define them, primarily for the reason above. In fairness to the
agencies, most of the time I come up with the same list as they come up with,
but at least I have a technical reason behind the decision. I also only specify
the critical parameters in the safety report, e.g. rating only, not manufacturer
where it is not critical.
Doug Beckwith
geor...@lexmark.com on 10/31/2001 08:40:17 AM
Please respond to geor...@lexmark.com
To: emc-p...@ieee.org
cc: (bcc: Douglas Beckwith/Kan/Mitel)
Subject: Re: Definition for Safety Critical Component
There are at least two possible definitions of this term. Under the
60950 standards, these would be the components listed by an approving
agency deemed to be "safety critical". The other is any part, listed
or not, that contributes to the overall safety of the device. For
example, a metal housing will not show up on a critical parts list,
but can have sharp edges. As pointed out earlier, even a caution label
could be considered such a part.
Based on the single fault theory on which the standards are based,
the failure of a single "safety critical component" should NOT introduce
a hazard. For example, if the insulation between primary and exposed
metal parts fails in a Class I design, the fault current will go to
ground via the earthing path, and blow the fuse. At no time should the
exposed metal carry hazardous voltages. The failure of two safety
critical components can result in a hazard. If in the example given the
ground path does not exist (a second fault), the "bare" metal may bear
hazardous voltages.
George Alspaugh
-------------------------------------------
This message is from the IEEE EMC Society Product Safety
Technical Committee emc-pstc discussion list.
Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/
To cancel your subscription, send mail to:
majord...@ieee.org
with the single line:
unsubscribe emc-pstc
For help, send mail to the list administrators:
Michael Garretson: pstc_ad...@garretson.org
Dave Heald davehe...@mediaone.net
For policy questions, send mail to:
Richard Nute: ri...@ieee.org
Jim Bacher: j.bac...@ieee.org
All emc-pstc postings are archived and searchable on the web at:
No longer online until our new server is brought online and the old messages
are imported into the new server.
-------------------------------------------
This message is from the IEEE EMC Society Product Safety
Technical Committee emc-pstc discussion list.
Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/
To cancel your subscription, send mail to:
majord...@ieee.org
with the single line:
unsubscribe emc-pstc
For help, send mail to the list administrators:
Michael Garretson: pstc_ad...@garretson.org
Dave Heald davehe...@mediaone.net
For policy questions, send mail to:
Richard Nute: ri...@ieee.org
Jim Bacher: j.bac...@ieee.org
All emc-pstc postings are archived and searchable on the web at:
No longer online until our new server is brought online and the old
messages are imported into the new server.
