Standards and approvals
A.2 Safety of electronic controllers
D4x5
84 Manual, 05/2009
A.2 Safety of electronic controllers
Introduction
The following remarks relate to fundamental criteria and apply irrespective of the type of
controller and the manufacturer.
Reliability
Comprehensive and cost-effective measures have been taken during development and
production to increase the reliability of the devices and components as far as possible.
These include
● The selection of high-quality components
● Worst-case dimensioning of all circuits
● Systematic and computerized inspection of all supplied components
● Burn-in of all large-scale integrated circuits (e.g. processors, memory, etc.)
● Measures to prevent static discharge when handling MOS circuits
● Visual checks during various stages of manufacture
● Continuous heat testing at higher ambient temperatures for several days
● Computerized final inspection
● Statistical analysis of all returned goods so that corrective measures can be initiated
immediately
● Monitoring of the primary controller components using online tests
These measures are considered to be basic measures for safety engineering. They avoid or
control the majority of faults that may occur.
Risk
A higher degree of safety standard applies to all applications and situations where there is a
risk of material damage or injury to persons if there is a failure. Special regulations specific to
the system apply to such applications. These must be taken into account for configuration of
the controller (e.g. VDE 0116 for furnaces).
For electronic controllers with safety responsibility, the measures required for preventing or
controlling faults depend on the hazard inherent in the plant. In this respect, the basic
measures listed above are no longer adequate once the hazard exceeds a certain potential.
Additional measures (e.g. double redundancy, tests, checksums, etc.) for the controller must
implemented and certified (DIN VDE 0801).
Division into safety-critical and non-safety-critical areas
Nearly all systems contain parts that perform safety-related tasks (e.g. emergency stop
switch, protective grating, two-hand controls). To avoid having to apply safety-related criteria
to the entire controller, it is customary to divide the controller into two areas - one that is
critical to safety and one that is not critical to safety. No special demands are made
concerning safety in the area that is not safety-critical as an electronic fault would not have
To Next Page
Loading...
