Electromagnetic compatibility of machines and systems with integrated safety functions related to IEC 61508 or DIN EN ISO 13849

Status:

completed 02/2013

Aims:

Machinery and systems with integrated safety functions are increasingly being used in industry and construction. Should these safety functions fail during use, they may cause dangerous accidents resulting in injury.

Definition of the EMC requirements in the area of machines and systems with integrated safety functions is currently a contentious issue in the international standards committees. Some members are calling not only for very high test levels, but also for test methods, not currently standardized, with simultaneous combination of the various test phenomena.

IEC 61508 and EN ISO 13849 impose a broad range of normative requirements upon functionally safe machinery and systems. These include requirements concerning the immunity to electromagnetic interference (electrostatic discharge, burst, surge, high-frequency fields and power interruption), in order to prevent such interference from causing the equipment to fail dangerously.

This project had the purpose of examining, by means of practical EMC measurements and computer simulation, to what extent the monitoring and diagnostic methods required by IEC 61508 and EN ISO 13849 are able to detect electromagnetic interference and to bring about the safe state, and what test levels and EMC phenomena are required for satisfaction of the requirements placed upon functionally safe machines, systems and components, or conversely are exaggerated.

Activities/Methods:

An analysis was performed of the hardware and software structure required in accordance with IEC 61508 and EN ISO 13849 to ascertain to what extent the diagnostic and monitoring mechanisms already present for the purpose of functional safety are able to detect influence from electromagnetic interference fields and to bring about the safe state. Computer simulation was to demonstrate the behaviour of an electronic circuit in response to simultaneous electromagnetic interference phenomena. A microcontroller application programmed at the IFA, adjustable for its immunity to electromagnetic interference (filtering, transient protection, screening, diagnostics), was exposed to very high test levels in an EMC test that is not currently standardized (employing near-field probes and a high-frequency cell), in order to determine what mechanisms are sufficient for a safe state to be brought about. Standard remote-control electronic devices featuring integral non-safe monitoring functions were also exposed to high field strengths and mixed frequencies in the high-frequency cell, in order to determine whether they fail dangerously under these conditions. Selected functionally safe components that have already been certified were tested at the same time.

The results of the EMC tests were to be presented in the standards committees.

Results:

Electronic safety components with two channels and the diagnostic measures required for functional safety were shown to detect electromagnetic interference reliably and place the device in the safe state. It was not possible for dangerous failures to be provoked. It can be concluded from this that the required EMC is already assured in two-channel electronic systems when the fault-detection measures required for functional safety are implemented in accordance with IEC 61508 and IEC 61800-5-2/ISO 13849-1. It is not necessary to impose additional requirements in the interests of EMC beyond the elevated interference immunity requirements already provided for in IEC 61508/IEC 61326-3-1. Equally, owing to the diagnostic measure usually employed of the cross-checking of data, dangerous states need not be anticipated as a result of additional electromagnetic phenomena, a combination of electromagnetic phenomena not considered before now, or higher test levels.

The results of the studies were presented in the responsible standards committee. More stringent test requirements, for which there is no technical justification, were thus prevented.

Last Update: