Appliance Design Magazine
  Home
  Subscribe
  Subscribe to eNews
  Subscription Customer Service
  Online
  Blogs
  Calendar
  Excellence in Design
  appliance DESIGN TV
  International Appliance Manufacturing
  News Updates
  Webinars
  Web Extras
  Channels
  Controls & Displays
  Design, Engineering, and Prototyping
  Electrical
  Electronics
  Gas Technology
  Materials & Joining
  Motors
  Quality & Standards
  Smart Grid
  Software
  Issue
  Features
  Departments
  News Watch
  Products
  Resources
  Archives
  Digital Edition Archives
  eNews Archives
  Industry Links
  Career Center
  Shipments/ Forecasts
  Showrooms
  Buyers Guide
  White Papers
  Design Mart
  Market Research
  appliance Design Info
  Advertise
  Contact Us
  Reprints
  Special Collections
  Excellence in Design
Search in:  Editorial Products Companies SpecSearch


Shielding & EMI: EMC and Functional Safety
by Keith Armstrong
January 22, 2010

ARTICLE TOOLS
EmailEmailPrintPrintReprintsReprintsshareShare

Enlarge this picture
Fig. 1. The IET’s 9-Step process.
IET guide helps appliance designers reduce EMI risks.


By now everyone has surely seen the video on the web of a cell phone turning a gas oven on at full power [1]. This is a perfect illustration of how electromagnetic interference (EMI) can make products unsafe.

Functional safety has always been a concern of appliance manufacturers, and the standard IEC/UL 60335-1 has always addressed this. But until recently the standard had no tests for immunity to EMI.

EMI test standards have been a necessity for many years because many power-controlling appliances used electromechanical controls that were prone to causing radio noise emissions. But now everyone wants to use microprocessors (microcontrollers) running software (firmware) instead. This digital electronic technology is susceptible to many of the types of EMI threats that occur in an appliance’s operating environment.

When a microcontroller suffers interference, the firmware it is running can behave in very unpredictable ways. In the example above, the transmissions from a cell phone when it received a call made the microcontroller think it had received a valid command to turn on its oven at full power. Since the EMI was making the firmware operate in ways its designer had never imagined, it might have done anything, or several things, individually, or all at once.

For many years I have tested many products that used microprocessor control for immunity to EMI, and cherish my memories of the expressions on designers’ faces when their product started behaving weirdly.

Clearly, designers need to ensure that microprocessor control is not going to land their companies in court defending a product liability lawsuit resulting from safety incidents caused by EMI.

Luckily, many people (including myself) have been working on this issue for more than 10 years, and there is now available a very practical and detailed new guide [2] that shows appliance designers how to address the matter.

Functional safety risks are caused by errors or malfunctions in the way a product’s functions are controlled. The IEC published its “basic standard” on Functional Safety, IEC 61508, in 2000. But, with hundreds of pages and a focus on industrial and process control industries, it can be hard for an appliance designer to understand (though a UL resource might help [3]). The 61508 standard and microprocessor control are both relatively new, so there are few competent functional safety experts with much EMI experience.

IEC 60335-1 does not yet incorporate the requirements of IEC 61508. Until it does, appliance designers will need to become familiar with IEC 61508 and apply it to their projects.

Although IEC 61508 requires EMI to be taken into account, it does not say how. The second edition of IEC TS 61000-1-2 [4] was written so that it can be used as 61508’s “missing EMI annex,”  but because it was written in “61508-speak” it can also be hard to understand at first. And, although it says what should be done for EMI, it doesn’t say much about how to do it.

Happily, the UK’s Institution of Engineering and Technology (the IET, which used to be the Institution of Electrical Engineers, IEE) has written a practical guide on how to engineer electromagnetic compatibility (EMC) to help keep functional safety risks to tolerable levels. (EMC is the discipline of ensuring that products don’t cause EMI problems and don’t suffer unduly from EMI threats.)

For functional safety, relying solely on EMC immunity testing is inadequate, no matter how high the immunity test levels are cranked up [5]. This is because such reliance:
  • Ignores foreseeable faults, misoperation and misuse, which must all be taken into account for functional safety.
  • Ignores simultaneous EMI that can occur in real life (e.g. an RF field plus mains transients, static discharges, etc.).
  • Ignores the effects of the physical and climatic environments, wear, and aging on the EM characteristics of the product.
  • Uses test chambers and test fixtures that are unlike the EM environments experienced by appliances.
  • Uses simple test methods that only cover a fraction of the possible EMI threats.
  • Ignores the tolerances, variability, and errors that occur in serial manufacture.
  • Generally assumes that the maximum test level is always the worst-case.
  • Achieves a confidence of 50 percent to 70 percent that the product would not be unduly affected by the tested EMI threat, whereas Functional Safety needs confidence of 99.9 percent to 99.9999 percent.
  Some industries (e.g. avionics, automotive, military) use EMI tests that address some of the above issues. But a comprehensive test program that covers all the above and provides confidence that EMI would not cause intolerable functional safety risks would take decades, and be impossibly expensive.

IEC/UL 60335-1 was modified in 2004 to include some EMC immunity tests. Although these are good tests, on their own they cannot provide sufficient confidence that EMI will not cause intolerable functional safety risks.

In industrial processes, the electronic control is assumed to be unreliable, dangerous, and too complex to design for functional safety, so instead, they add simple “safety-related systems.” This may be a viable approach for some appliances. An example might be adding a circuit that senses when someone is trying to stick their fingers in rotating parts and switches off the motor. But because the electronic controls of many appliances are quite simple, cost may be saved by designing them for functional safety, making them safety-related systems as well as function controllers.

Because of the huge variety of products, systems, and installations, the IET’s Guide refers to systems that address functional safety as “Electrotechnology for Functional Safety” (EFS). Fig. 1 shows the basic project stages recommended by the IET’s 2008 Guide, for a “Simple EFS” such as a household appliance.

The Guide provides helpful annexes and a comprehensive set of checklists, useful aids for project management, design, and compliance assessment.

Manufacturers who follow the IET’s Guide should benefit from reduced financial risks, because improved immunity to EMI will help reduce the number of warranty returns and product liability lawsuits. And because the Guide requires the use of EMC expertise from the start of a project, it will also help manufacturers get their new products to market more quickly, with lower overall unit-cost-of-manufacture [6].

Here is a brief overview of the steps shown in Fig. 1:

Step 0:  Overall EM safety planning

Identify the person(s) with overall project responsibility; the project’s aims; the physical boundaries of the EFS; budgets; timescales, and the personnel, with their responsibilities and authorities. With this in place, the designated parties then manage the following steps.

Step 1: Determine the intersystem EM and physical phenomena

Before the EFS can be designed, it is necessary to determine the worst-case external (i.e. intersystem) electromagnetic (EM) disturbances to which it could be foreseeably exposed over its anticipated lifecycle.

The lifecycle exposure to physical, climatic, and user environments must also be determined, because they can severely degrade EM characteristics.  For example, exposure to liquids can corrode EMC gaskets and ground bonds, and users might leave shielding doors open or remove shielding panels.

Step 2: Determine intrasystem EM and physical phenomena

The same as Step 1, except that it deals with the effects on the EM, physical, climatic, and user environments of the EFS itself. For example, a motor might cause problems due to vibration, magnetic fields and/or heating.

Because Step 2 depends on the design of the EFS (see Step 4), we must start with a rough idea for the initial design, and refine our analysis as the design proceeds.

Step 3: Specify EM/physical phenomena versus functional performance

Applies hazard identification and risk assessment techniques to the data from Steps 1 and 2, taking EMI possibilities into account. This step produces the EMI sections of the safety specification for the EFS, which will guide its design, manufacture, and verification/validation.

Step 4: Study and design the EFS

This step applies EMC and safety design techniques to the EFS, plus mitigation techniques that reduce the effects of the EM threats and the physical, climatic, and user environments on the EFS and on any standard products used in it. There are more than 20 pages describing useful techniques. This step also creates the user instructions for necessary maintenance.

Risk assessment techniques are applied to the design as it progresses, with the final risk assessment only available at the end of the project—part of verifying compliance with the specifications identified in Step 3.

Step 5: Create EM and physical verification/validation plans

Because cost-effective verification/validation depends on the design, this step occurs in parallel with Step 4. Some of the verification activities are applied to elements of the EFS during Step 4 (e.g., calculations, simulations, experiments, design reviews, etc.).

Step 6: Select the volume-manufactured standard products to be used

These are selected so that their EM, physical, and performance specifications will, in combination with the EM/safety design (Step 4), help the finished EFS meet its specifications (Step 3).

The required EM and physical specifications should be listed in any purchasing contracts. CE marking and/or Declarations or Certificates of Conformity should not be taken as evidence of actual performance.

Step 7: Assemble/install/commission and verify the EFS

Requires that quality control techniques be employed to help prevent risks being caused by errors; poor quality materials, goods, services, workmanship, etc., during manufacture, installation, and commissioning.

The remainder of verification plans in Step 5 are applied to verify that the EM and physical performance of the elements of the EFS will achieve the specifications for the final, completed EFS (from Step 3).

Step 8: Validate the EFS

The validation plans created in Step 5 are applied to the EFS at its highest practical level of assembly (ideally completed and finished). They must demonstrate that the EM, physical, climatic, and use/misuse performance of the finished EFS complies with its specifications (from Step 3).

Step 9: Maintain the EM/physical/performance characteristics of the EFS over its lifecycle

The users follow the Instructions created during Step 4 to maintain the EFS characteristics necessary for maintaining tolerable functional safety risks during operation, maintenance, repair, refurbishment, upgrade, modification, decommissioning, disposal, etc.

Performing EMC engineering for functional safety reasons, instead of merely to pass EMC regulations, is a new and very important issue in this modern world of control by electronics and software. Luckily, the very practical IET Guide already exists, with handy checklists, to help appliance designers deal with it and maintain control of their company’s financial risks. For more information, visit: www.cherryclough.com (Editor’s note: The steps are listed here as 0-9  instead of 1-10 because that is the way they are listed in the IET Guide being discussed.)

References [1] “Hello, Oven? It’s Phone. Now Let’s Get Cooking!” Jim Dwyer, The New York Times, August 23, 2009, www.nytimes.com/2009/08/23/nyregion/23about.html?_r=2.
[2] “EMC for Functional Safety”, The IET, free from www.theiet.org/factfiles/emc/index.cfm, or purchase as colour-printed book from www.emcacademy.org/books.asp.
[3] “Introduction to Functional Safety and IEC 61508,” The UL University, www.uluniversity.us/catalog/display.resource.aspx?resourceid=190858.
[4] IEC TS 61000-1-2 Ed.2, December 2008: “EMC – Part 1-2: General – Methodology for the achievement of functional safety of electrical and electronic systems including equipment with regard to electromagnetic phenomena,” http://webstore.iec.ch/.
[5] “Why Increasing Immunity Test Levels is Not Sufficient for High-Reliability and Critical Equipment,” Keith Armstrong, 2009 IEEE International EMC Symposium Austin TX, Aug 17-21, ISBN: 978-1-4244-4285-0.
[6] “When the Going Gets Tough – Smarter Design Wins,” Keith Armstrong, The EMC Journal, Issue 81, March 2009, www.theemcjournal.com.

Keith Armstrong
Keith Armstrong, Eur Ing, is principal, Cherry Clough Consultants, Stafford, U.K.

|PrintEmail

Did you enjoy this article? Click here to subscribe to the magazine.




BNP Media