Re: Safety Critical etc - the future
I read in !emc-pstc that Rich Nute ri...@sdd.hp.com wrote (in 20022339.paa03...@epgc196.sdd.hp.com) about 'Safety Critical etc - the future', on Mon, 12 Nov 2001: A supply transformer of a not grounded SELV is a safety critical component. A supply transformer of a grounded SELV is a safety related component. For me, whether or not the SELV output of a safety-isolating transformer is grounded is irrelevant. Two safeguards must be interposed between the mains and the SELV. In some situations, the grounding of the SELV output winding can serve as the required grounded barrier (a supplemental safeguard to the Basic insulation, the principal safeguard). This could be confusing. SELV is usually NOT permitted to be grounded. The term 'Protected Extra-Low Voltage' (PELV) is now used for a source which is grounded but meets all the other requirements of SELV. In many fault conditions, PELV is much safer than SELV! A fault on an SELV system can persist undetected for a very long time, until a second fault, or intervention with the system, *quite unrelated*, occurs, and a very hazardous situation then arises. The earthing of PELV ensures, in almost all cases, that the first fault is not undetected and does not persist. -- Regards, John Woodgate, OOO - Own Opinions Only. http://www.jmwa.demon.co.uk Eat mink and be dreary! --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Michael Garretson:pstc_ad...@garretson.org Dave Healddavehe...@mediaone.net For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: No longer online until our new server is brought online and the old messages are imported into the new server.
Re: Safety Critical etc - the future
Hi Peter: As I have already written, I feel that safety-critical component as well as safety-related component are terms that require more consideration than is necessary. Basically, as I understand what you have said, a safety- critical component is one where its failure creates a hazardous situation. A safety-related component is one where its failure does not create a hazardous situation, and a second component now provides protection. Rather, I prefer the term safeguard. A safeguard is a device or scheme that is specifically installed in a product to provide protection against a specific injury. Unless we know how the injury occurs, we cannot prevent the injury. If we know how the injury occurs, then we can install a safeguard to prevent injury. Those components that encapsulate into one single component the 2 safety layers that are normally used to isolate the operator (and others) from a hazard. I suggest that each of the two layers are safeguards. These safeguards cannot be encapsulated into a single component because each safeguard must be independent of the other such that it is not subject to the same failure mechanism. All components that -by there function- may create a hazardous situation when defective, direct or indirect. If we have a safeguard, then the product is safe as long as the safeguard is functional. The safeguard must be independent of equipment functional failure. So, I do not accept the thesis of safety-critical component and safety-related component. Both layers of a double insulation are in themselves not a safety critical component; once they are integrated into one part -called reinforced- they are. I disagree. Each insulation within a double-insulation scheme provides a safeguard function. Because it is a safeguard, I consider it safety-critical. The fact that most safety standards require protection in the event of a fault in Basic insulation does not denigrate Basic insulation to a non-safety-critical function. Double-insulation is distinctly different from reinforced insulation. Double insulation is a scheme employing two, independent insulations, Basic and Supplementary. Reinforced insulation is a single insulation whose performance is equivalent to double insulation. A supply transformer of a not grounded SELV is a safety critical component. A supply transformer of a grounded SELV is a safety related component. For me, whether or not the SELV output of a safety-isolating transformer is grounded is irrelevant. Two safeguards must be interposed between the mains and the SELV. In some situations, the grounding of the SELV output winding can serve as the required grounded barrier (a supplemental safeguard to the Basic insulation, the principal safeguard). The art of safety thinking is finding and recognizing these double protection layers in equipment, processes and concepts (or the lack thereof). I disagree. I especially disagree with characterizing safety thinking as an art. If it is an art, then only artists can know safety. Safety is a legitimate engineering discipline, although not yet developed to the point of being included in engineering curricula. Within HP, we think of safety in terms of the 3-block model: +---++--++---+ | hazardous || energy || body | | energy|---| transfer |---| susceptibilty | | source|| mechanism|| | +---++--++---+ A hazardous energy source is any energy source whose magnitude exceeds the body susceptibility to that energy. In engineering terms: hazardous energybody susceptibility non-hazardous energybody susceptibility The energy transfer mechanism is the way that energy is transferred to the body (usually by contact with the energy source). A safeguard is a device that replaces the energy transfer mechanism and prevents energy transfer. Usually, this is an energy attenuator. (Electrical insulation is an energy attenuator that prevents sufficient energy from being transferred to the body.) This is one way in which safety can be treated as an engineering discipline. Using this model, energy sources and transfer mechanisms can be quantified, and energy attenuators can be quantified. Safety in any given situation can be an engineering problem of interposing a safeguard between the hazardous energy source and the body. When we think of safeguards as being interposed between a hazardous energy source and the body, then we can easily identify the protection layers. This is a too-short and unfortunately incomplete overview of our view of product safety. Best regards, Rich Richard Nute Hewlett-Packard Company San Diego --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web
RE: Safety Critical etc - the future
An industry specific guideline (SEMI S2, developed for the semiconductor manufacturing industry) that I spend a lot of time with has cautions against hazardous power, defined as 240VA or greater regardless of the potential. In the same industry, fire risk is a very muddy topic to sort out. In a chip fab, even the smallest amount of smoke can cause thousands of dollars damage in an ultra-clean-room. It's often difficult to get people to sort out a fire that can destroy a building from one that can credibly cause significant harm to personnel. Although fire can cause immense amounts of damage, *generally speaking*, people rather successfully avoid it unless thier egress is impeded. It seems that to truely define the potential risk of most fires, one must understand a general model of the enviroment in which they will occur. It is very difficult to frame such a general model (with consensus acceptance) with a product sitting on a test bench. There are certainly some fires that are particularly threatening to personnel, such as colorless hydrogen fires. Most fires, however, are self-revealing. Of course one must appropriately consider explosions that may precede or follow a fire. -Lauren Crane -Original Message- From: Allen, John To: emc-p...@majordomo.ieee.org Sent: 11/6/2001 4:10 AM Subject: RE: Safety Critical etc - the future Hi Folks I agree with John W - and a single fire can (and does!) kill and injure FAR more people than a single electric shock. Additionally, a large number of products are SELV and/or battery operated where there is no shock hazard but is often a fire hazard - think of the power available from modern batteries, and especially vehicle batteries. John Allen Thales Defence Communications Division Bracknell, UK -Original Message- From: John Woodgate [mailto:j...@jmwa.demon.co.uk] Sent: 05 November 2001 22:36 To: emc-p...@majordomo.ieee.org Subject: Re: Safety Critical etc - the future I read in !emc-pstc that CE-test - Ing. Gert Gremmen - ce-marking and more... cet...@cetest.nl wrote (in ABEJKCKDFONELAIPOFHNMEFCEKAA.cetes t...@cetest.nl) about 'Safety Critical etc - the future', on Mon, 5 Nov 2001: Those components that encapsulate into one single component the 2 safety layers that are normally used to isolate the operator (and others) from a hazard. In electrical safety land that's mostly an electrical hazard A safety-critical component may be related to a fire hazard, not a shock hazard. -- Regards, John Woodgate, OOO - Own Opinions Only. http://www.jmwa.demon.co.uk Eat mink and be dreary! --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Michael Garretson:pstc_ad...@garretson.org Dave Healddavehe...@mediaone.net For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: No longer online until our new server is brought online and the old messages are imported into the new server. --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Michael Garretson:pstc_ad...@garretson.org Dave Healddavehe...@mediaone.net For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: No longer online until our new server is brought online and the old messages are imported into the new server.
RE: Safety Critical etc - the future
Not to mention Lithium Batteries. An A sized LiSo2 cell can still deliver more than 90 (NINETY) Amps After being short circuited for 15 minutes. Lithiums can also explode - which is why it take many hours to verity and test the charging and ANTI-charging circuits in some products. Gregg Hi Folks I agree with John W - and a single fire can (and does!) kill and injure FAR more people than a single electric shock. Additionally, a large number of products are SELV and/or battery operated where there is no shock hazard but is often a fire hazard - think of the power available from modern batteries, and especially vehicle batteries. John Allen --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Michael Garretson:pstc_ad...@garretson.org Dave Healddavehe...@mediaone.net For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: No longer online until our new server is brought online and the old messages are imported into the new server.
Re: Safety Critical etc - the future
I think this gets back to what John W originally stated. A safety critical component is any component whose failure, modification or absence, will affect the safety of the product. Front of 950, defines also defines Safe as not causing a fire hazard. There is no clear cut list of what is safety critical and what is only functional. That is what Safety Engineers and fault testing is for. Allen, John wrote: Hi Folks I agree with John W - and a single fire can (and does!) kill and injure FAR more people than a single electric shock. Additionally, a large number of products are SELV and/or battery operated where there is no shock hazard but is often a fire hazard - think of the power available from modern batteries, and especially vehicle batteries. John Allen Thales Defence Communications Division Bracknell, UK -Original Message- From: John Woodgate [mailto:j...@jmwa.demon.co.uk] Sent: 05 November 2001 22:36 To: emc-p...@majordomo.ieee.org Subject: Re: Safety Critical etc - the future I read in !emc-pstc that CE-test - Ing. Gert Gremmen - ce-marking and more... cet...@cetest.nl wrote (in ABEJKCKDFONELAIPOFHNMEFCEKAA.cetes t...@cetest.nl) about 'Safety Critical etc - the future', on Mon, 5 Nov 2001: Those components that encapsulate into one single component the 2 safety layers that are normally used to isolate the operator (and others) from a hazard. In electrical safety land that's mostly an electrical hazard A safety-critical component may be related to a fire hazard, not a shock hazard. -- Regards, John Woodgate, OOO - Own Opinions Only. http://www.jmwa.demon.co.uk Eat mink and be dreary! --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Michael Garretson:pstc_ad...@garretson.org Dave Healddavehe...@mediaone.net For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: No longer online until our new server is brought online and the old messages are imported into the new server. --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Michael Garretson:pstc_ad...@garretson.org Dave Healddavehe...@mediaone.net For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: No longer online until our new server is brought online and the old messages are imported into the new server. -- Andrew Carson - Product Safety Engineer, Xyratex, UK Phone: +44 (0)23 9249 6855 Fax: +44 (0)23 9249 6014 --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Michael Garretson:pstc_ad...@garretson.org Dave Healddavehe...@mediaone.net For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: No longer online until our new server is brought online and the old messages are imported into the new server.
RE: Safety Critical etc - the future
Hi John and John We all know hazards come in all colours of the rainbow especially fire hazards :) My mail however, is no just targeted to electric shocks, they were just used as a familar example showing the distinction -to my opinion- between safety critical and just safety related components, and illustrating the concept of double layer of safety measures, whatever the hazard may be. -Original Message- From: owner-emc-p...@majordomo.ieee.org [mailto:owner-emc-p...@majordomo.ieee.org]On Behalf Of Allen, John Sent: dinsdag 6 november 2001 10:10 To: emc-p...@majordomo.ieee.org Subject: RE: Safety Critical etc - the future Hi Folks I agree with John W - and a single fire can (and does!) kill and injure FAR more people than a single electric shock. Additionally, a large number of products are SELV and/or battery operated where there is no shock hazard but is often a fire hazard - think of the power available from modern batteries, and especially vehicle batteries. John Allen Thales Defence Communications Division Bracknell, UK -Original Message- From: John Woodgate [mailto:j...@jmwa.demon.co.uk] Sent: 05 November 2001 22:36 To: emc-p...@majordomo.ieee.org Subject: Re: Safety Critical etc - the future I read in !emc-pstc that CE-test - Ing. Gert Gremmen - ce-marking and more... cet...@cetest.nl wrote (in ABEJKCKDFONELAIPOFHNMEFCEKAA.cetes t...@cetest.nl) about 'Safety Critical etc - the future', on Mon, 5 Nov 2001: Those components that encapsulate into one single component the 2 safety layers that are normally used to isolate the operator (and others) from a hazard. In electrical safety land that's mostly an electrical hazard A safety-critical component may be related to a fire hazard, not a shock hazard. -- Regards, John Woodgate, OOO - Own Opinions Only. http://www.jmwa.demon.co.uk Eat mink and be dreary! --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Michael Garretson:pstc_ad...@garretson.org Dave Healddavehe...@mediaone.net For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: No longer online until our new server is brought online and the old messages are imported into the new server. --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Michael Garretson:pstc_ad...@garretson.org Dave Healddavehe...@mediaone.net For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: No longer online until our new server is brought online and the old messages are imported into the new server. --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Michael Garretson:pstc_ad...@garretson.org Dave Healddavehe...@mediaone.net For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: No longer online until our new server is brought online and the old messages are imported into the new server.
RE: Safety Critical etc - the future
Hi Folks I agree with John W - and a single fire can (and does!) kill and injure FAR more people than a single electric shock. Additionally, a large number of products are SELV and/or battery operated where there is no shock hazard but is often a fire hazard - think of the power available from modern batteries, and especially vehicle batteries. John Allen Thales Defence Communications Division Bracknell, UK -Original Message- From: John Woodgate [mailto:j...@jmwa.demon.co.uk] Sent: 05 November 2001 22:36 To: emc-p...@majordomo.ieee.org Subject: Re: Safety Critical etc - the future I read in !emc-pstc that CE-test - Ing. Gert Gremmen - ce-marking and more... cet...@cetest.nl wrote (in ABEJKCKDFONELAIPOFHNMEFCEKAA.cetes t...@cetest.nl) about 'Safety Critical etc - the future', on Mon, 5 Nov 2001: Those components that encapsulate into one single component the 2 safety layers that are normally used to isolate the operator (and others) from a hazard. In electrical safety land that's mostly an electrical hazard A safety-critical component may be related to a fire hazard, not a shock hazard. -- Regards, John Woodgate, OOO - Own Opinions Only. http://www.jmwa.demon.co.uk Eat mink and be dreary! --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Michael Garretson:pstc_ad...@garretson.org Dave Healddavehe...@mediaone.net For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: No longer online until our new server is brought online and the old messages are imported into the new server. --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Michael Garretson:pstc_ad...@garretson.org Dave Healddavehe...@mediaone.net For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: No longer online until our new server is brought online and the old messages are imported into the new server.
Re: Safety Critical etc - the future
I read in !emc-pstc that CE-test - Ing. Gert Gremmen - ce-marking and more... cet...@cetest.nl wrote (in ABEJKCKDFONELAIPOFHNMEFCEKAA.cetes t...@cetest.nl) about 'Safety Critical etc - the future', on Mon, 5 Nov 2001: Those components that encapsulate into one single component the 2 safety layers that are normally used to isolate the operator (and others) from a hazard. In electrical safety land that's mostly an electrical hazard A safety-critical component may be related to a fire hazard, not a shock hazard. -- Regards, John Woodgate, OOO - Own Opinions Only. http://www.jmwa.demon.co.uk Eat mink and be dreary! --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Michael Garretson:pstc_ad...@garretson.org Dave Healddavehe...@mediaone.net For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: No longer online until our new server is brought online and the old messages are imported into the new server.
Safety Critical etc - the future - Are we professionals? Milestones not Millstones.
I read in !emc-pstc that Gregg Kervill gkerv...@eu-link.com wrote (in 003301c16614$de9ced90$7300a8c0@MENHADEN) about 'Safety Critical etc - the future - Are we professionals? Milestones not Millstones.', on Mon, 5 Nov 2001: Good Morning John, and how are you today? OK, up to now, thank you. Many thanks for your answer - I could not have hoped for a better illustration of what happens when a reader does not understand the background behind, the intent or the values of the person (or the committee) doing the writing, and then gets it totally wrong. And heaven knows I've done that often enough myself! Don't be too sure that I do not understand what you wrote. Of course, what you meant might be something other and not discernible. [snip] Whilst we all rely heavily upon IEC and other standards - what I tried to explain was that these standards are not revolutionary but evolutionary. This is not a universal rule, but is a guiding principle. Working in 'geological time' is not only a good time - it is ESSENTIAL for business. (If they were reactive industry would never keep up with the changes and we would be constantly re-certifying products.) No, that is not true. Industry is constantly pressing IEC to speed up its processes; that is why we now have new types of IEC documents - PAS, TS. The important matter of avoiding the need for re-certification is dealt with at the *regulatory* level - not in IEC at all - by the 'dow' timing rules, such as those adopted by the European Commission in conjunction with CEN, CENELEC and ETSI. What this means is that compliance engineers will face situations that do not appear in the standards. This is being dealt with - rather haphazardly, it appears to me and I am taking that point up whenever possible - by the issue of official 'interpretations', which may clarify wording that proves to need it or may specify how the standard applies in circumstances, such as new technological developments, that were not envisaged when the standard was written. Interpretations are not a new concept, but in the past they were produced by bodies other than the relevant standards committee and were not widely circulated. It means that compliance engineers will be face the day-to-day need to make up compliance criteria On-the-hoof; almost invariably under extreme pressure because we are 'responsible' for holding up the job, payment and shipment. Interpretations, widely circulated, should eliminate this. Note that *anyone*, as far as IEC is concerned, can ask for, or propose, an interpretation, but some National Committees make it next to impossible for their people to do so. The result is that the sum-total of custom and practice will flow down (via engineers such are yourself) and find its way into TC's and Standards. Hence things - and attitudes - will change. (For example - a few years ago you bitterly opposed my call for double mains fusing - yet I have seen more recent correspondence, from you, that proposed double mains fusing.) Things change. I certainly challenged you statements about it, because: - it's not mentioned at all in IEC60065 and only obscurely in IEC60950 (editions valid at that time); - it isn't necessary in UK because we don't have reversible mains plugs; - I didn't realise that the Schuko plug is reversible. When you responded and I found out about the Schuko, I accepted your argument. That's how standards committees work. Hence compliance engineers need the framework provided by standards but will be expected to work outside that framework. Again, not too far, I hope. In this meeting space we have had a broad input of specific needs (for the nuts and bolts, I have received private correspondence that I was asked to address in public - as my last email. BUT, what I was attempting was to stimulate the discussion to include how we establish the scope - content - education - interpersonal and other skills needed by compliance engineers. You did that! As compliance engineers we are free thinkers - how do me ensure and encourage that free thinking - how do we ensure that we can draw upon each others experiences (being ever conscious that many of us are consultants and cannot afford to become a free source of information to potential clients). Well, I used to get uptight about free-loaders - people who phoned to pick my brains without paying. But that anger didn't affect them, it just distracted me. So now I run a LIMITED free advice service, and I say when it stops being free! So how do we go ahead? I believe that we must continue to provide inputs for standard development. This will allowing standards to become landmarks that mark our progress: and not become millstones that hold us back. (No insult intended - quite the opposite in fact. There are some that take a view that if a hazard is not in covered by the standard they do not NEED to consider it. We know that is not the INTENT of the standard, as I listed in my last email
RE: Safety Critical etc - the future
Let's give it a try Safety Critical Components : Those components that encapsulate into one single component the 2 safety layers that are normally used to isolate the operator (and others) from a hazard. In electrical safety land that's mostly an electrical hazard Safety Related Component All components that -by there function- may create a hazardous situation when defective, direct or indirect. All safety critical components are safety related; the inverse is not necessary true. As you may all know, most protection systems in safety land consist of 2 layers. A well known concept is double insulation. Both layers of a double insulation are in themselves not a safety critical component; once they are integrated into one part -called reinforced- they are. Both insulation layers are only safety related components. They have to meet their specs; if one layer fails nothing happens. If they do not meet their specs you have a problem. That's why they are safety related. A supply transformer of a not grounded SELV is a safety critical component. A supply transformer of a grounded SELV is a safety related component. The insulation sheets (if double) are safety related each. The latter creates (when defective) a hazard only when the grounding fails. I believe that similar reasoning can be made for most hazards, although most safety related standards are not implementing this in full. Fa. a hot component needs protection for the operator in 2 ways: (1)limited access + (2) warning Both protection methods are safety related. If they are integrated in ONE, or if one measure is not possible, the other becomes safety critical. Fire protection: 2 measures: (1) limit the temperature of component + (2) no combustible materials close to it If you are not allowed to remove dangerous and flammable objects far away from a heat generating component, then the temperature limiter becomes critical. To make the measures non critical another degree of protection is required. This is called redundancy. ( in fact the second layer is redundant too, but seen from the safety perspective two layers is a minimum) Creating a safe device has everything to do with creating multiple layers of safety. Letting your PC control a Hazardous process is an often made mistake against this rule. Not only is software error-sensitive (and difficult to debug), but the hardware most often is crash vulnerable. One crash would create a hazardous situation. Hardened Personal computers will limit this risk, as does certified software, but for true safe operation on the level we are used to work with in f.a. insulations, you would need 2 computers in parallel, plus a decision device, of which the operation will then be safety critical. The safety standard EN 60730 (that I am a bit familiar with) shows many ways of creating dual safety concepts for processor controlled hazardous processes. The single fault concept we are familiar with is just a way of finding out all just safety related components and -measures, so we can finally identify the safety critical ones and take precautions. Many standards have pre-cooked these concept in lists of simple measures, more easy to use in checklist form. This does not mean we should limit ourselves to these checklists. The art of safety thinking is finding and recognizing these double protection layers in equipment, processes and concepts (or the lack thereof). And most important: not forgetting one. Regards, Gert Gremmen, (Ing) ce-test, qualified testing === Web presence http://www.cetest.nl CE-shop http://www.cetest.nl/ce_shop.htm /-/ Compliance testing is our core business /-/ === -Original Message- From: owner-emc-p...@majordomo.ieee.org [mailto:owner-emc-p...@majordomo.ieee.org]On Behalf Of Allen, John Sent: Friday, November 02, 2001 9:52 AM To: 'Rich Nute'; lcr...@tuvam.com; emc-p...@ieee.org Subject: Safety Critical etc - the future Hi Folks We have now had this discussion and it brought out a number of useful and enlightening points, and Lauren's and Rich's summaries of the various inputs are both interesting and thought-provoking. However, I now come back to a point that I made in one of my earlier messages: Where do we go from here? For most people participating in this forum, I suspect that the major contact that they have with any concept of component- criticality is in respect of simple standards (e.g. standards mandated under the LVD/EMC/RTTE or other national equivalents) compliance for a single item of equipment. Their major issue will, I guess, be the attitudes taken by the various product test and certification authorities that they deal with because those organisations directly influence what the product design and manufacturing companies need to reflect in their internal documentation and processes. Therefore, the test and certification authorities need
RE: Safety Critical etc - the future
There are a few of us lurking in the background -- I'm on the US TAG for SC77A and SC77B (Immunity) as well as convenor of SC77B WG11 and member of WG9 and SC77A WG6. I'm constantly looking for industry input to the immunity standards and will present whatever information I receive, but that doesn't mean anything will happen -- quickly, slowly or at all. The WG's and TAG's I'm involved with are represented by a broad cross section of industry -- TAG's being US; WG's being international -- and many decisions become compromises in one way or another. Even if a WG KNOWS how to improve a standard technically, if it is going to involve companies buying new testers or modifying existing ones to meet the new requirements, the chances of getting published get much smaller.. Of the groups I'm part of -- for example WG11 -- only two members are independent test facilities. Others are industry -- Siemens, Philips, Nokia, IBM, Sun, HP, Schneider, Tele Danmark, Allen Bradley, Tokin, etc... Some of these experts run labs within their companies, but they are not NRTL's or Competent Bodies. This composition is similar in the other WG's I'm familiar with, as well as the US TAG's... Mike Hopkins Thermo KeyTek -Original Message- From: Scott Barrows [mailto:sbarr...@curtis-straus.com] Sent: Friday, November 02, 2001 2:18 PM To: geor...@lexmark.com Cc: emc-p...@ieee.org; Allen, John Subject: Re: Safety Critical etc - the future Hi All, With the remarks about this topic needing to be discussed in IEC and industry committees as well as between professionals, I think it may be time to inject that there are local Product Safety Societies (or the IEEE versions) that were formed for this particular reason. Perhaps the Engineers that sit on these TAG and TC committees should join up and take an ACTIVE role in these groups. With their participation in local safety societies, the entire industry will be represented and can be considered to have a voice in the development of standards and the considerations therein. I am not so sure that the NRTL's and Notified bodies should have the only voice in this process. Scott Barrows NPSS geor...@lexmark.com wrote: John, Allow me to comment further on this issue. I seem to remember a saying that goes The proof of the pudding is in the eating. By the same token, I have always expressed within my area of influence that the truest test of our internal ITE safety policies, practices and processes is field history. We all know that standards, like many other sets of knowledge, evolve from errors over time. Another saying that makes this point is Success comes from experience. Experience comes from failure. Overall, I believe the ITE industry has a superb safety record, given the exponential growth of this industry from corporate uses to homes, dorm rooms, etc. Hundreds of people are killed or injured every day in the use of various products, e.g. vehicles, farm equipment, firearms (hunting accidents), aircraft, etc. The majority of these are due to operator error and/or poor judgement. The more complex products are the ones more likely to develop a defect that could lead to deaths, e.g. aircraft. In the eight plus years I have been in product safety, I am not aware of a reported serious injury or death from the intended use or misuse of an ITE product. This does not mean there have been none, but it does mean that ITE is not a significant cause of injury or death. This is a result of fairly sound standards, common sense, experience, and due diligence in maintaining the original certified design of each product. We probably all know of improvements we would make in this process if we got to be king for a day. Most of us handle these as internal requirements beyond the imposed external requirements. The way we define and account for the use of safety critical parts is one small aspect of a much more complex series of processes leading to protecting ITE users from harm. George Alspaugh These are personal opinions only. --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Michael Garretson:pstc_ad...@garretson.org Dave Healddavehe...@mediaone.net For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: No longer online until our new server is brought online and the old messages are imported into the new server. --- This message is from the IEEE EMC Society Product Safety Technical
RE: Safety Critical etc - the future - Are we professionals? Milestones not Millstones.
Good Morning John, and how are you today? Many thanks for your answer - I could not have hoped for a better illustration of what happens when a reader does not understand the background behind, the intent or the values of the person (or the committee) doing the writing, and then gets it totally wrong. And heaven knows I've done that often enough myself! I feel passionate about the regulatory work - I am committed to education (I sit on the IEEE Education Committee), I have lectured world-wide (not just in the UK and US) and am about to put a dozen training courses on-line. I believe that as compliance professionals we share (collectively and as individuals) enormous responsibility within our chosen profession. (As a design engineer I felt far less personal exposure for design decisions that I made then than I feel now in compliance engineering.) Whilst we all rely heavily upon IEC and other standards - what I tried to explain was that these standards are not revolutionary but evolutionary. Working in 'geological time' is not only a good time - it is ESSENTIAL for business. (If they were reactive industry would never keep up with the changes and we would be constantly re-certifying products.) What this means is that compliance engineers will face situations that do not appear in the standards. It means that compliance engineers will be face the day-to-day need to make up compliance criteria On-the-hoof; almost invariably under extreme pressure because we are 'responsible' for holding up the job, payment and shipment. The result is that the sum-total of custom and practice will flow down (via engineers such are yourself) and find its way into TC's and Standards. Hence things - and attitudes - will change. (For example - a few years ago you bitterly opposed my call for double mains fusing - yet I have seen more recent correspondence, from you, that proposed double mains fusing.) Things change. Hence compliance engineers need the framework provided by standards but will be expected to work outside that framework. In this meeting space we have had a broad input of specific needs (for the nuts and bolts, I have received private correspondence that I was asked to address in public - as my last email. BUT, what I was attempting was to stimulate the discussion to include how we establish the scope - content - education - interpersonal and other skills needed by compliance engineers. As compliance engineers we are free thinkers - how do me ensure and encourage that free thinking - how do we ensure that we can draw upon each others experiences (being ever conscious that many of us are consultants and cannot afford to become a free source of information to potential clients). So how do we go ahead? I believe that we must continue to provide inputs for standard development. This will allowing standards to become landmarks that mark our progress: and not become millstones that hold us back. (No insult intended - quite the opposite in fact. There are some that take a view that if a hazard is not in covered by the standard they do not NEED to consider it. We know that is not the INTENT of the standard, as I listed in my last email). Suggested path forward: From established compliance engineers I want to know what helped you to develop in your career. From those developing and developing other - what tools do you need From everyone - where we go from here.. Hopefully the message is a little clearer this time - sorry to all who I confused. Best regards Gregg --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Michael Garretson:pstc_ad...@garretson.org Dave Healddavehe...@mediaone.net For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: No longer online until our new server is brought online and the old messages are imported into the new server.
RE: Safety Critical etc - the future
Hi Folks Having just logged on this morning, I am somewhat surprised at some of the comments against the concept of standard definitions for safety critical, compliance critical, etc. The very fact that this thread was started in one country and has spread across national boundaries with a wide range of opinions is evidence of the confusion that exists and the need for clarifications. After all we do already a huge range of definitions in the International Electrotechnical Vocabulary (IEV) - and an additional number in individual standards - for the very purpose of making life more straightforward for all us, and avoiding confusion, reinventing the wheel, etc. I was not, and am not, arguing that IEC committees and test authorites should define absolutely what is, and what is not, a safety critical, safety related, a compliance critical (etc) component. What I am saying, at least at this stage, is that the general meanings of these terms (and/or of any other terms that are chosen) shall be clarified in that forum so that - from one person/test house/authority/country to another - we can avoid confusion between component standards-compliance critical and overall equipment/system safety critical - a distinction on which most of us (at least those have realised the difference!) already seem to agree. That is not to say that there is no overlap between the terms as a single component can be one or the other - OR BOTH - dependent on what it is and what its function(s) and failure mode(s) is (are). In fact, as is quite obvious, that a component (e.g a transistor bias resistor in an SELV circuit) in a specific item of equipment may not be compliance critical for that equipment, but could be safety critical in the context of the role that equipment (or the system into which it is then integrated) such that if the component fails (etc) the overall equipment/system fails or fails to operate in a manner which ensures that safety is assured. For example: resistor in fuel feed valve in aircraft engine fails to open circuit- fuel valve does not open -engine stops but no fire, etc.- plane falls out of sky = UNSAFE condition!! After the general definitions have been agreed, then, maybe, we can go further by concensus between all the interested parties in the definitions of - particularly - compliance critical components which is what I think sparked this whole thread off! Regards John Allen Thales Defence Communications Division Bracknell, UK --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Michael Garretson:pstc_ad...@garretson.org Dave Healddavehe...@mediaone.net For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: No longer online until our new server is brought online and the old messages are imported into the new server.
Re: Safety Critical etc - the future
I read in !emc-pstc that Doug McKean dmck...@corp.auspex.com wrote (in 004201c163fd$9beab310$3e3e3...@corp.auspex.com) about 'Safety Critical etc - the future', on Fri, 2 Nov 2001: John Woodgate j...@jmwa.demon.co.uk If you are referring to my post, I plan to report that there is discussion here on the subject, and recount some of the points made. What we need is a very-widely accepted standard definition. Thank you, John. We are here but to serve ... grin Thank you for your understanding. Now, I tried to send the following to Lauren Crane by e-mail, but the address I have for him no longer works. Lauren, are you receiving me? QUOTE You posted a digest of the discussion on safety critical components to the IEEE EMC and safety mail list, but I can't now find it. Would you please send me a copy by e-mail, as it would probably help with my proposal to discuss the matter in TC92/MT1 (now TC108/WG2). UNQUOTE Actually, all of the group mail for October has disappeared from my hard disc. I blame the EU! (;-) -- Regards, John Woodgate, OOO - Own Opinions Only. http://www.jmwa.demon.co.uk Eat mink and be dreary! --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Michael Garretson:pstc_ad...@garretson.org Dave Healddavehe...@mediaone.net For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: No longer online until our new server is brought online and the old messages are imported into the new server.
Safety Critical etc - the future - Are we professionals?
I read in !emc-pstc that Gregg Kervill gkerv...@eu-link.com wrote (in 00b101c164e7$6bcb40b0$7300a8c0@MENHADEN) about 'Safety Critical etc - the future - Are we professionals?', on Sat, 3 Nov 2001: God protect us from committee decisions! These 'committee' decisions are made by people just like you and me (especially me!). By lashing out as you have done, you demean the whole profession, and yourself with it. You clearly have no experience of standards committee work. You are just standing outside the window, cat-calling. If you think you could do better, join in and dazzle us with your prowess. -- Regards, John Woodgate, OOO - Own Opinions Only. http://www.jmwa.demon.co.uk Eat mink and be dreary! --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Michael Garretson:pstc_ad...@garretson.org Dave Healddavehe...@mediaone.net For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: No longer online until our new server is brought online and the old messages are imported into the new server.
RE: Safety Critical etc - the future - Are we professionals?
God protect us from committee decisions! Does anyone remember IEC 380 - Great electrical spec but hopeless for any other expect (except topple. Then can IEC 435 which missed flammability. Now we have 950 - which is pretty through but missing a few things... IMAGINE if the selection and definitions of Critical Components is abdicated to IEC or any other committee for that matter. What I am getting at the EDUCATION versus TRAINING We train dogs - we educate children. We produce standards to provide detail for testing and review but we caveat them with warnings: 1- It is essential that designers understand the underlying principles of safety requirements. 950 Para 0.1 2- Attention is drawn to the additional requirements which may be specified by national authorities responsible for health and safety of labor forces. 1010 Note Para 1.2 3-COMPLIANCE WITH A BRITISH STANDARDS DOES NOT.CONFER IMMUNITY FROM LEGAL OBLIGATIONS. EN61131-2 FORWARD 4- Digital's safety standard has words similar to - the product safety engineer may include any additional tests to ensure the safety of the equipment and the user. If we train engineers by rote (following the letter of standards without understanding the underlying principles of safety requirements (950) then we create a false security. viz - The product meets the standard but sinks, when it hits an iceberg - explodes, on launch - turns over when a tire bursts, etc. What I hear in these columns supports a belief that our work can be replaced by a series of check lists. That demeans our profession - and compliance engineering will be cut off as though it were a carbuncle on the bottom of RD. I believe that compliance engineering requires wider and greater specialism than does design engineering (I have equal experience in BOTH camps and feel competent to make that judgment). What I believe we need is to EDUCATE others, demonstrate and Identify ourselves as professions. I do not support abdicating OUR individual responsibilities for defining what critical items are to some conglomerate group that works in geological time. That is the day to day role of a PS engineer. Either we (as professional compliance engineers) have the knowledge and experience to judge for ourselves - or we need to broaden our experience - or we should not be in regulatory compliance. Gregg Kervill DipIM, MIMgt, MIEEE --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Michael Garretson:pstc_ad...@garretson.org Dave Healddavehe...@mediaone.net For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: No longer online until our new server is brought online and the old messages are imported into the new server.
Re: Safety Critical etc - the future
I read in !emc-pstc that scottba...@aol.com wrote (in 112.710b623.29153 2...@aol.com) about 'Safety Critical etc - the future', on Sat, 3 Nov 2001: Hello John, Very condescending answer, I am aware there are other countries. It wasn't intended to be condescending, just pointing out a factor that you appeared to have not taken into account. I am also aware that there are almost no forums for Product Safety Engineers and professionals save this one we are on, worldwide, not just in the USA or the UK or Malaysia. OK, maybe we only need one. If we have more, they may come to different conclusions, magnifying confusion. Since we are so wrong having these societies and not sharing the concept, what are the professionals in the EU doing? I didn't say, or even imply, that you were wrong to have them. I just pointed out that others don't have them. -- Regards, John Woodgate, OOO - Own Opinions Only. http://www.jmwa.demon.co.uk Eat mink and be dreary! --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Michael Garretson:pstc_ad...@garretson.org Dave Healddavehe...@mediaone.net For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: No longer online until our new server is brought online and the old messages are imported into the new server.
Re: Safety Critical etc - the future
John Woodgate j...@jmwa.demon.co.uk If you are referring to my post, I plan to report that there is discussion here on the subject, and recount some of the points made. What we need is a very-widely accepted standard definition. Thank you, John. We are here but to serve ... grin - Doug McKean --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Michael Garretson:pstc_ad...@garretson.org Dave Healddavehe...@mediaone.net For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: No longer online until our new server is brought online and the old messages are imported into the new server.
Re: Safety Critical etc - the future
I read in !emc-pstc that Doug McKean dmck...@corp.auspex.com wrote (in 001901c163c7$9e47ec80$3e3e3...@corp.auspex.com) about 'Safety Critical etc - the future', on Fri, 2 Nov 2001: John, Extremely valid question since we are it seems in the process of moving toward the world-wide concept of 'one test, one approval'. I would be very surprised if this very question has not been addresssed. If you are referring to my post, I plan to report that there is discussion here on the subject, and recount some of the points made. What we need is a very-widely accepted standard definition. -- Regards, John Woodgate, OOO - Own Opinions Only. http://www.jmwa.demon.co.uk Eat mink and be dreary! --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Michael Garretson:pstc_ad...@garretson.org Dave Healddavehe...@mediaone.net For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: No longer online until our new server is brought online and the old messages are imported into the new server.
Re: Safety Critical etc - the future
Hi All, With the remarks about this topic needing to be discussed in IEC and industry committees as well as between professionals, I think it may be time to inject that there are local Product Safety Societies (or the IEEE versions) that were formed for this particular reason. Perhaps the Engineers that sit on these TAG and TC committees should join up and take an ACTIVE role in these groups. With their participation in local safety societies, the entire industry will be represented and can be considered to have a voice in the development of standards and the considerations therein. I am not so sure that the NRTL's and Notified bodies should have the only voice in this process. Scott Barrows NPSS geor...@lexmark.com wrote: John, Allow me to comment further on this issue. I seem to remember a saying that goes The proof of the pudding is in the eating. By the same token, I have always expressed within my area of influence that the truest test of our internal ITE safety policies, practices and processes is field history. We all know that standards, like many other sets of knowledge, evolve from errors over time. Another saying that makes this point is Success comes from experience. Experience comes from failure. Overall, I believe the ITE industry has a superb safety record, given the exponential growth of this industry from corporate uses to homes, dorm rooms, etc. Hundreds of people are killed or injured every day in the use of various products, e.g. vehicles, farm equipment, firearms (hunting accidents), aircraft, etc. The majority of these are due to operator error and/or poor judgement. The more complex products are the ones more likely to develop a defect that could lead to deaths, e.g. aircraft. In the eight plus years I have been in product safety, I am not aware of a reported serious injury or death from the intended use or misuse of an ITE product. This does not mean there have been none, but it does mean that ITE is not a significant cause of injury or death. This is a result of fairly sound standards, common sense, experience, and due diligence in maintaining the original certified design of each product. We probably all know of improvements we would make in this process if we got to be king for a day. Most of us handle these as internal requirements beyond the imposed external requirements. The way we define and account for the use of safety critical parts is one small aspect of a much more complex series of processes leading to protecting ITE users from harm. George Alspaugh These are personal opinions only. --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Michael Garretson:pstc_ad...@garretson.org Dave Healddavehe...@mediaone.net For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: No longer online until our new server is brought online and the old messages are imported into the new server. --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Michael Garretson:pstc_ad...@garretson.org Dave Healddavehe...@mediaone.net For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: No longer online until our new server is brought online and the old messages are imported into the new server.
Re: Safety Critical etc - the future
John, Extremely valid question since we are it seems in the process of moving toward the world-wide concept of 'one test, one approval'. I would be very surprised if this very question has not been addresssed. Regards, Doug McKean --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Michael Garretson:pstc_ad...@garretson.org Dave Healddavehe...@mediaone.net For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: No longer online until our new server is brought online and the old messages are imported into the new server.
Safety Critical etc - the future
John, Allow me to comment further on this issue. I seem to remember a saying that goes The proof of the pudding is in the eating. By the same token, I have always expressed within my area of influence that the truest test of our internal ITE safety policies, practices and processes is field history. We all know that standards, like many other sets of knowledge, evolve from errors over time. Another saying that makes this point is Success comes from experience. Experience comes from failure. Overall, I believe the ITE industry has a superb safety record, given the exponential growth of this industry from corporate uses to homes, dorm rooms, etc. Hundreds of people are killed or injured every day in the use of various products, e.g. vehicles, farm equipment, firearms (hunting accidents), aircraft, etc. The majority of these are due to operator error and/or poor judgement. The more complex products are the ones more likely to develop a defect that could lead to deaths, e.g. aircraft. In the eight plus years I have been in product safety, I am not aware of a reported serious injury or death from the intended use or misuse of an ITE product. This does not mean there have been none, but it does mean that ITE is not a significant cause of injury or death. This is a result of fairly sound standards, common sense, experience, and due diligence in maintaining the original certified design of each product. We probably all know of improvements we would make in this process if we got to be king for a day. Most of us handle these as internal requirements beyond the imposed external requirements. The way we define and account for the use of safety critical parts is one small aspect of a much more complex series of processes leading to protecting ITE users from harm. George Alspaugh These are personal opinions only. --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Michael Garretson:pstc_ad...@garretson.org Dave Healddavehe...@mediaone.net For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: No longer online until our new server is brought online and the old messages are imported into the new server.
Re: Safety Critical etc - the future
I read in !emc-pstc that Allen, John john.al...@uk.thalesgroup.com wrote (in 999c839e7e27d41185ec00d0b7473692024cd...@norway.int.rdel.co.u k) about 'Safety Critical etc - the future', on Fri, 2 Nov 2001: I know that some of the forum participants operate in these areas, and thus ask them how we should proceed from here? I will raise the question at a meeting of what will be IEC TC108/WG2 in London later this month. -- Regards, John Woodgate, OOO - Own Opinions Only. http://www.jmwa.demon.co.uk Eat mink and be dreary! --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Michael Garretson:pstc_ad...@garretson.org Dave Healddavehe...@mediaone.net For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: No longer online until our new server is brought online and the old messages are imported into the new server.
Safety Critical etc - the future
Hi Folks We have now had this discussion and it brought out a number of useful and enlightening points, and Lauren's and Rich's summaries of the various inputs are both interesting and thought-provoking. However, I now come back to a point that I made in one of my earlier messages: Where do we go from here? For most people participating in this forum, I suspect that the major contact that they have with any concept of component- criticality is in respect of simple standards (e.g. standards mandated under the LVD/EMC/RTTE or other national equivalents) compliance for a single item of equipment. Their major issue will, I guess, be the attitudes taken by the various product test and certification authorities that they deal with because those organisations directly influence what the product design and manufacturing companies need to reflect in their internal documentation and processes. Therefore, the test and certification authorities need to jointly decide and declare the following: a) The methods and criteria for identification, selection and listing of critical components for both product standards compliance and system safety compliance b) The terms they wish to use for the various aspects of criticality. Personal Comment: I think that safety critical component is fine in the system safety context - and that is how it is already referenced in many risk-assessment standards and guidance documents. However, I am not so sure/happy about Rich's suggestion of safeguard as I think that it is similar to the term safety critical in the system-safety context but will sound rather vague to many non-knowledgable people (and is not very appropriate in the context of product standards compliance). Nevertheless it seems to me that this subject does need to be debated at a very high level (of knowledgable people!)within the IEC (notably the CB Certification organisation, CENELEC and the US/Canadian NRTL organisations with the object of reaching some mutually agreed methodologies. (Once they reach some decisions, most other organisations will follow!) I know that some of the forum participants operate in these areas, and thus ask them how we should proceed from here? This will be a long process - but I think it is essential to kick it off ASAP. Over to you guys! Regards John Allen Thales Defence Communications Division (for the moment!!) Bracknell, UK --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Michael Garretson:pstc_ad...@garretson.org Dave Healddavehe...@mediaone.net For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: No longer online until our new server is brought online and the old messages are imported into the new server.