Home |
Search |
Today's Posts |
#1
Posted to alt.electronics
|
|||
|
|||
Fire safety question
I need some information about the current approach to safety of new
equipment with regard to fire hazards created by a fault. I appreciate there are generic standards covering the ejection of molten metal and so on, but I am wondering about the application of the "single component failure" concept in situations where a failure could overload a semiconductor with the possible, though unlikely, result that it ignites or ignites an adjacent part. I'm not asking about *techniques* to avoid hazard, I'm asking about what is legally required. Trick question - I'm not asking for legal advice, just information concerning best current practice. I'm posting from the UK but I suspect the regs will be substantially the same in all of Europe and the US. My particular concern is a small transistor driving an external alarm. The power supply has a fuse but as it feeds several circuits, it doesn't provide much protection for the external alarm circuit. I am considering an active current limit in the supply but I still have some reservations as to whether this meets the letter of the law. For example, one scenario involves two events as follows: 1 The current limit fails spontaneously, but as this is not monitored, the defect remains undetected, waiting for the second event to happen... 2 Someone fiddles with the external wiring and causes a short. The result is that the driver overheats, catches fire and there is hell to pay. Now, it is perfectly true that this involves two independent "failures" so at first sight would meet the "single component failure" criterion. However, I suspect that a fault that is never detected (and just lies there waiting for a chance to create a hazard) may not count. Likewise, a fault that could be caused by Uncle Fred with his screwdriver is hardly a spontaneous component failure. So overall, would such a system meet the "due care" criterion? I have severe doubts as to whether much equipment is designed with this degree of concern but it would be goot to be ahead of the field - without incurring too much cost. Also, if this isn't the best newsgroup could someone point me in the right direction? Most electronics groups seem to be full of people selling stuff. TIA. |
#2
Posted to alt.electronics
|
|||
|
|||
Fire safety question
"Derek Potter" ll wrote in message ... I need some information about the current approach to safety of new equipment with regard to fire hazards created by a fault. I appreciate there are generic standards covering the ejection of molten metal and so on, but I am wondering about the application of the "single component failure" concept in situations where a failure could overload a semiconductor with the possible, though unlikely, result that it ignites or ignites an adjacent part. I'm not asking about *techniques* to avoid hazard, I'm asking about what is legally required. Trick question - I'm not asking for legal advice, just information concerning best current practice. I'm posting from the UK but I suspect the regs will be substantially the same in all of Europe and the US. My particular concern is a small transistor driving an external alarm. The power supply has a fuse but as it feeds several circuits, it doesn't provide much protection for the external alarm circuit. I am considering an active current limit in the supply but I still have some reservations as to whether this meets the letter of the law. For example, one scenario involves two events as follows: 1 The current limit fails spontaneously, but as this is not monitored, the defect remains undetected, waiting for the second event to happen... 2 Someone fiddles with the external wiring and causes a short. The result is that the driver overheats, catches fire and there is hell to pay. Now, it is perfectly true that this involves two independent "failures" so at first sight would meet the "single component failure" criterion. However, I suspect that a fault that is never detected (and just lies there waiting for a chance to create a hazard) may not count. Likewise, a fault that could be caused by Uncle Fred with his screwdriver is hardly a spontaneous component failure. So overall, would such a system meet the "due care" criterion? I have severe doubts as to whether much equipment is designed with this degree of concern but it would be goot to be ahead of the field - without incurring too much cost. Also, if this isn't the best newsgroup could someone point me in the right direction? Most electronics groups seem to be full of people selling stuff. TIA. Derek If you are in the UK, you are under EU requirements and you should be studying the appropriate IEC specs for the type of equipment you are designing. Just as a personal opinion - if there is an output that when shorted will cause a fire, then there should be some type of protection for the output. |
#3
Posted to alt.electronics
|
|||
|
|||
Fire safety question
On Fri, 13 Jan 2006 13:47:07 GMT, "Dan Hollands"
wrote: "Derek Potter" ll wrote in message ... I need some information about the current approach to safety of new equipment with regard to fire hazards created by a fault. I appreciate there are generic standards covering the ejection of molten metal and so on, but I am wondering about the application of the "single component failure" concept in situations where a failure could overload a semiconductor with the possible, though unlikely, result that it ignites or ignites an adjacent part. I'm not asking about *techniques* to avoid hazard, I'm asking about what is legally required. Trick question - I'm not asking for legal advice, just information concerning best current practice. I'm posting from the UK but I suspect the regs will be substantially the same in all of Europe and the US. My particular concern is a small transistor driving an external alarm. The power supply has a fuse but as it feeds several circuits, it doesn't provide much protection for the external alarm circuit. I am considering an active current limit in the supply but I still have some reservations as to whether this meets the letter of the law. For example, one scenario involves two events as follows: 1 The current limit fails spontaneously, but as this is not monitored, the defect remains undetected, waiting for the second event to happen... 2 Someone fiddles with the external wiring and causes a short. The result is that the driver overheats, catches fire and there is hell to pay. Now, it is perfectly true that this involves two independent "failures" so at first sight would meet the "single component failure" criterion. However, I suspect that a fault that is never detected (and just lies there waiting for a chance to create a hazard) may not count. Likewise, a fault that could be caused by Uncle Fred with his screwdriver is hardly a spontaneous component failure. So overall, would such a system meet the "due care" criterion? I have severe doubts as to whether much equipment is designed with this degree of concern but it would be goot to be ahead of the field - without incurring too much cost. Also, if this isn't the best newsgroup could someone point me in the right direction? Most electronics groups seem to be full of people selling stuff. TIA. Derek If you are in the UK, you are under EU requirements and you should be studying the appropriate IEC specs for the type of equipment you are designing. Just as a personal opinion - if there is an output that when shorted will cause a fire, then there should be some type of protection for the output. Indeed so, but my question goes a bit further as I already have protection in the shape of a foldback regulator. It's failure of this protection that I'm asking about. This is unlikely to cause an immediately hazardous condition, but, obviously, if the protection fails, the circuit is then left susceptible to any other fault. In this case it could be a fairly rare external event. The failure of the protection device may not be detected without yet more circuitry to monitor the foldback operation of the regulator! Am I being too fussy? Do most commercial and consumer devices go this far? |
#4
Posted to alt.electronics
|
|||
|
|||
Fire safety question
"Derek Potter" ll wrote in message ... On Fri, 13 Jan 2006 13:47:07 GMT, "Dan Hollands" wrote: "Derek Potter" ll wrote in message ... I need some information about the current approach to safety of new equipment with regard to fire hazards created by a fault. I appreciate there are generic standards covering the ejection of molten metal and so on, but I am wondering about the application of the "single component failure" concept in situations where a failure could overload a semiconductor with the possible, though unlikely, result that it ignites or ignites an adjacent part. I'm not asking about *techniques* to avoid hazard, I'm asking about what is legally required. Trick question - I'm not asking for legal advice, just information concerning best current practice. I'm posting from the UK but I suspect the regs will be substantially the same in all of Europe and the US. My particular concern is a small transistor driving an external alarm. The power supply has a fuse but as it feeds several circuits, it doesn't provide much protection for the external alarm circuit. I am considering an active current limit in the supply but I still have some reservations as to whether this meets the letter of the law. For example, one scenario involves two events as follows: 1 The current limit fails spontaneously, but as this is not monitored, the defect remains undetected, waiting for the second event to happen... 2 Someone fiddles with the external wiring and causes a short. The result is that the driver overheats, catches fire and there is hell to pay. Now, it is perfectly true that this involves two independent "failures" so at first sight would meet the "single component failure" criterion. However, I suspect that a fault that is never detected (and just lies there waiting for a chance to create a hazard) may not count. Likewise, a fault that could be caused by Uncle Fred with his screwdriver is hardly a spontaneous component failure. So overall, would such a system meet the "due care" criterion? I have severe doubts as to whether much equipment is designed with this degree of concern but it would be goot to be ahead of the field - without incurring too much cost. Also, if this isn't the best newsgroup could someone point me in the right direction? Most electronics groups seem to be full of people selling stuff. TIA. Derek If you are in the UK, you are under EU requirements and you should be studying the appropriate IEC specs for the type of equipment you are designing. Just as a personal opinion - if there is an output that when shorted will cause a fire, then there should be some type of protection for the output. Indeed so, but my question goes a bit further as I already have protection in the shape of a foldback regulator. It's failure of this protection that I'm asking about. This is unlikely to cause an immediately hazardous condition, but, obviously, if the protection fails, the circuit is then left susceptible to any other fault. In this case it could be a fairly rare external event. The failure of the protection device may not be detected without yet more circuitry to monitor the foldback operation of the regulator! Am I being too fussy? Do most commercial and consumer devices go this far? Generally equipment design for general use is only concerned with a single failure criteria. In my experience adding more circuitry increases the complexity to the point the failure and problems are more likely. The problem with all redundant circuits is the need to test them to insure that all of the redundant circuits are working. Statistical methods may be used to determine how often the redundant circuits must be checked to achieve a certain confidance level the system will operate properly when required. In your case I would see no need for extra circuitry Execeptions are things like Safety Shutdown systems, Intrinsically Safe Equipment to insures that sparks or hot spots don't trigger an explosion in explosive atmospheres and control systems in nuclear power plants. |
#5
Posted to alt.electronics
|
|||
|
|||
Fire safety question
No one can accurately answer your question without numbers. Up
front, numbers such as current and voltage should have been provided. Is this a 3 volt system or a 300,000 volt system? Also the environment should be considered. Which means only a generic answer can be provided. Any single point failure has a protective backup. For example, transistor switch current limited by an emitter resistor in series with a fuse, polyswitch, or overvoltage crowbar. But again, we don't even know what the danger is - with numbers. Therefore a useful answer is not possible. Derek Potter wrote: I need some information about the current approach to safety of new equipment with regard to fire hazards created by a fault. I appreciate there are generic standards covering the ejection of molten metal and so on, but I am wondering about the application of the "single component failure" concept in situations where a failure could overload a semiconductor with the possible, though unlikely, result that it ignites or ignites an adjacent part. I'm not asking about *techniques* to avoid hazard, I'm asking about what is legally required. Trick question - I'm not asking for legal advice, just information concerning best current practice. I'm posting from the UK but I suspect the regs will be substantially the same in all of Europe and the US. My particular concern is a small transistor driving an external alarm. The power supply has a fuse but as it feeds several circuits, it doesn't provide much protection for the external alarm circuit. I am considering an active current limit in the supply but I still have some reservations as to whether this meets the letter of the law. For example, one scenario involves two events as follows: 1 The current limit fails spontaneously, but as this is not monitored, the defect remains undetected, waiting for the second event to happen... 2 Someone fiddles with the external wiring and causes a short. The result is that the driver overheats, catches fire and there is hell to pay. Now, it is perfectly true that this involves two independent "failures" so at first sight would meet the "single component failure" criterion. However, I suspect that a fault that is never detected (and just lies there waiting for a chance to create a hazard) may not count. Likewise, a fault that could be caused by Uncle Fred with his screwdriver is hardly a spontaneous component failure. So overall, would such a system meet the "due care" criterion? ... |
#6
Posted to alt.electronics
|
|||
|
|||
Fire safety question
On 14 Jan 2006 17:27:08 -0800, "w_tom" wrote:
No one can accurately answer your question without numbers. Up front, numbers such as current and voltage should have been provided. Is this a 3 volt system or a 300,000 volt system? Also the environment should be considered. Which means only a generic answer can be provided. Any single point failure has a protective backup. For example, transistor switch current limited by an emitter resistor in series with a fuse, polyswitch, or overvoltage crowbar. But again, we don't even know what the danger is - with numbers. Therefore a useful answer is not possible. I know what you are driving at, but how exactly will you apply the numbers? There are plenty of regulations covering increased hazards for, say high voltage or explosive atmosphere. I did not mention these - obviously my question implied they do not apply. Hence I made it explicit that I am interested in generic standards and best practice. You should also notice that I explicitly said "small transistor" thus ruling out 300KV and 10KA systems. I would be most interested to learn how different voltage and current levels would affect your analysis, given that whatever they are, they need to fit the handling capacity of a "small transistor". How is 12V 120mA going to be any different from, say 5V 1mA or even (pushing the "small transistor" term to its limits) 48V, 1A? I also suggested the Uncle Fred might fiddle with the external wiring thus creating a hazard. Since high voltage and high current cabling is obviously not accessible, this scenario implies that the power levels are small - just enough to blow a "small transitor" but not enough to warrent physically protected cables. As for the danger, you do know what it is. I explicitly said that the failure scenario is overload of a semiconductor - the small transistor mentioned later - with the possible end result of ignition of the part. As suggested by the term "Uncle Fred", the application is domestic consumer. However, I do not have any data on Uncle Freds so I cannot provide numbers for you calculations. FWIIW ,the small transistor circuit in question is a BS160 FET driving a 12V load at 120mA but subject to possible short circuits as said. The system fuse is 1A but fuses do not blow instantly so, with the fairly high "on" resistance of the FET (rising as it heats up) there is the distinct possibility of the TO92 device dissipating many watts before failing. The electronic protection comprises a foldback regulator and is perfectly adequate unless, of course it fails first, leaving the circuit unprotected without any indication of the latent problem. Derek Potter wrote: I need some information about the current approach to safety of new equipment with regard to fire hazards created by a fault. I appreciate there are generic standards covering the ejection of molten metal and so on, but I am wondering about the application of the "single component failure" concept in situations where a failure could overload a semiconductor with the possible, though unlikely, result that it ignites or ignites an adjacent part. I'm not asking about *techniques* to avoid hazard, I'm asking about what is legally required. Trick question - I'm not asking for legal advice, just information concerning best current practice. I'm posting from the UK but I suspect the regs will be substantially the same in all of Europe and the US. My particular concern is a small transistor driving an external alarm. The power supply has a fuse but as it feeds several circuits, it doesn't provide much protection for the external alarm circuit. I am considering an active current limit in the supply but I still have some reservations as to whether this meets the letter of the law. For example, one scenario involves two events as follows: 1 The current limit fails spontaneously, but as this is not monitored, the defect remains undetected, waiting for the second event to happen... 2 Someone fiddles with the external wiring and causes a short. The result is that the driver overheats, catches fire and there is hell to pay. Now, it is perfectly true that this involves two independent "failures" so at first sight would meet the "single component failure" criterion. However, I suspect that a fault that is never detected (and just lies there waiting for a chance to create a hazard) may not count. Likewise, a fault that could be caused by Uncle Fred with his screwdriver is hardly a spontaneous component failure. So overall, would such a system meet the "due care" criterion? ... |
#7
Posted to alt.electronics
|
|||
|
|||
Fire safety question
On Sat, 14 Jan 2006 15:44:06 GMT, "Dan Hollands"
wrote: "Derek Potter" ll wrote in message ... On Fri, 13 Jan 2006 13:47:07 GMT, "Dan Hollands" wrote: "Derek Potter" ll wrote in message ... I need some information about the current approach to safety of new equipment with regard to fire hazards created by a fault. I appreciate there are generic standards covering the ejection of molten metal and so on, but I am wondering about the application of the "single component failure" concept in situations where a failure could overload a semiconductor with the possible, though unlikely, result that it ignites or ignites an adjacent part. I'm not asking about *techniques* to avoid hazard, I'm asking about what is legally required. Trick question - I'm not asking for legal advice, just information concerning best current practice. I'm posting from the UK but I suspect the regs will be substantially the same in all of Europe and the US. My particular concern is a small transistor driving an external alarm. The power supply has a fuse but as it feeds several circuits, it doesn't provide much protection for the external alarm circuit. I am considering an active current limit in the supply but I still have some reservations as to whether this meets the letter of the law. For example, one scenario involves two events as follows: 1 The current limit fails spontaneously, but as this is not monitored, the defect remains undetected, waiting for the second event to happen... 2 Someone fiddles with the external wiring and causes a short. The result is that the driver overheats, catches fire and there is hell to pay. Now, it is perfectly true that this involves two independent "failures" so at first sight would meet the "single component failure" criterion. However, I suspect that a fault that is never detected (and just lies there waiting for a chance to create a hazard) may not count. Likewise, a fault that could be caused by Uncle Fred with his screwdriver is hardly a spontaneous component failure. So overall, would such a system meet the "due care" criterion? I have severe doubts as to whether much equipment is designed with this degree of concern but it would be goot to be ahead of the field - without incurring too much cost. Also, if this isn't the best newsgroup could someone point me in the right direction? Most electronics groups seem to be full of people selling stuff. TIA. Derek If you are in the UK, you are under EU requirements and you should be studying the appropriate IEC specs for the type of equipment you are designing. Just as a personal opinion - if there is an output that when shorted will cause a fire, then there should be some type of protection for the output. Indeed so, but my question goes a bit further as I already have protection in the shape of a foldback regulator. It's failure of this protection that I'm asking about. This is unlikely to cause an immediately hazardous condition, but, obviously, if the protection fails, the circuit is then left susceptible to any other fault. In this case it could be a fairly rare external event. The failure of the protection device may not be detected without yet more circuitry to monitor the foldback operation of the regulator! Am I being too fussy? Do most commercial and consumer devices go this far? Generally equipment design for general use is only concerned with a single failure criteria. In my experience adding more circuitry increases the complexity to the point the failure and problems are more likely. The problem with all redundant circuits is the need to test them to insure that all of the redundant circuits are working. Statistical methods may be used to determine how often the redundant circuits must be checked to achieve a certain confidance level the system will operate properly when required. In your case I would see no need for extra circuitry Execeptions are things like Safety Shutdown systems, Intrinsically Safe Equipment to insures that sparks or hot spots don't trigger an explosion in explosive atmospheres and control systems in nuclear power plants. Agreed completely and I tend to think, like you, that having a little foldback regulator to guard against the occasional shorted load is probably enough. The question hinges on what comprises a "single component failure" since an external short in unprotected wiring accessible to "Uncle Fred" is not exactly a component failure. Likewise failure of the current limit doesn't create a fault in itself but, as it's not going to be monitored, this doesn't quite settle the matter - it leaves the system in a vulnerable state to an external short. I suppose, in a nutshell, the question comes down to whether protection circuits are relevant to "due care" if an undetectable failure in the protection leaves the system just as vulnerable as if the protection were not there. On another tack, I may work around this by fitting a fire-resistant sleeve over the transistor. It can burn as much as it likes then, but I was hoping to avoid the trouble. |
#8
Posted to alt.electronics
|
|||
|
|||
Fire safety question
"Derek Potter" ll wrote in message ... On Sat, 14 Jan 2006 15:44:06 GMT, "Dan Hollands" wrote: "Derek Potter" ll wrote in message ... On Fri, 13 Jan 2006 13:47:07 GMT, "Dan Hollands" wrote: "Derek Potter" ll wrote in message ... I need some information about the current approach to safety of new equipment with regard to fire hazards created by a fault. I appreciate there are generic standards covering the ejection of molten metal and so on, but I am wondering about the application of the "single component failure" concept in situations where a failure could overload a semiconductor with the possible, though unlikely, result that it ignites or ignites an adjacent part. I'm not asking about *techniques* to avoid hazard, I'm asking about what is legally required. Trick question - I'm not asking for legal advice, just information concerning best current practice. I'm posting from the UK but I suspect the regs will be substantially the same in all of Europe and the US. My particular concern is a small transistor driving an external alarm. The power supply has a fuse but as it feeds several circuits, it doesn't provide much protection for the external alarm circuit. I am considering an active current limit in the supply but I still have some reservations as to whether this meets the letter of the law. For example, one scenario involves two events as follows: 1 The current limit fails spontaneously, but as this is not monitored, the defect remains undetected, waiting for the second event to happen... 2 Someone fiddles with the external wiring and causes a short. The result is that the driver overheats, catches fire and there is hell to pay. Now, it is perfectly true that this involves two independent "failures" so at first sight would meet the "single component failure" criterion. However, I suspect that a fault that is never detected (and just lies there waiting for a chance to create a hazard) may not count. Likewise, a fault that could be caused by Uncle Fred with his screwdriver is hardly a spontaneous component failure. So overall, would such a system meet the "due care" criterion? I have severe doubts as to whether much equipment is designed with this degree of concern but it would be goot to be ahead of the field - without incurring too much cost. Also, if this isn't the best newsgroup could someone point me in the right direction? Most electronics groups seem to be full of people selling stuff. TIA. Derek If you are in the UK, you are under EU requirements and you should be studying the appropriate IEC specs for the type of equipment you are designing. Just as a personal opinion - if there is an output that when shorted will cause a fire, then there should be some type of protection for the output. Indeed so, but my question goes a bit further as I already have protection in the shape of a foldback regulator. It's failure of this protection that I'm asking about. This is unlikely to cause an immediately hazardous condition, but, obviously, if the protection fails, the circuit is then left susceptible to any other fault. In this case it could be a fairly rare external event. The failure of the protection device may not be detected without yet more circuitry to monitor the foldback operation of the regulator! Am I being too fussy? Do most commercial and consumer devices go this far? Generally equipment design for general use is only concerned with a single failure criteria. In my experience adding more circuitry increases the complexity to the point the failure and problems are more likely. The problem with all redundant circuits is the need to test them to insure that all of the redundant circuits are working. Statistical methods may be used to determine how often the redundant circuits must be checked to achieve a certain confidance level the system will operate properly when required. In your case I would see no need for extra circuitry Execeptions are things like Safety Shutdown systems, Intrinsically Safe Equipment to insures that sparks or hot spots don't trigger an explosion in explosive atmospheres and control systems in nuclear power plants. Agreed completely and I tend to think, like you, that having a little foldback regulator to guard against the occasional shorted load is probably enough. The question hinges on what comprises a "single component failure" since an external short in unprotected wiring accessible to "Uncle Fred" is not exactly a component failure. Likewise failure of the current limit doesn't create a fault in itself but, as it's not going to be monitored, this doesn't quite settle the matter - it leaves the system in a vulnerable state to an external short. I suppose, in a nutshell, the question comes down to whether protection circuits are relevant to "due care" if an undetectable failure in the protection leaves the system just as vulnerable as if the protection were not there. On another tack, I may work around this by fitting a fire-resistant sleeve over the transistor. It can burn as much as it likes then, but I was hoping to avoid the trouble. Derek It is almost impossible to make a prduct completely fail proof. All you can do by adding more components is decrease the likely hood of a problem. If the accidental shorting of external connections can cause a fire then it is prudent to add protection such as your current limit circuit. That is all you need to do. A problem will only occur if 2 unlikely events occur. If you added another current limit circuit a problem would only occur if 3 unlikely events occured. That is above and beyond what is required for normal use products. Dan |
#9
Posted to alt.electronics
|
|||
|
|||
Fire safety question
On Sun, 15 Jan 2006 20:00:31 GMT, "Dan Hollands"
wrote: "Derek Potter" ll wrote in message ... On Sat, 14 Jan 2006 15:44:06 GMT, "Dan Hollands" wrote: "Derek Potter" ll wrote in message ... On Fri, 13 Jan 2006 13:47:07 GMT, "Dan Hollands" wrote: "Derek Potter" ll wrote in message ... I need some information about the current approach to safety of new equipment with regard to fire hazards created by a fault. I appreciate there are generic standards covering the ejection of molten metal and so on, but I am wondering about the application of the "single component failure" concept in situations where a failure could overload a semiconductor with the possible, though unlikely, result that it ignites or ignites an adjacent part. I'm not asking about *techniques* to avoid hazard, I'm asking about what is legally required. Trick question - I'm not asking for legal advice, just information concerning best current practice. I'm posting from the UK but I suspect the regs will be substantially the same in all of Europe and the US. My particular concern is a small transistor driving an external alarm. The power supply has a fuse but as it feeds several circuits, it doesn't provide much protection for the external alarm circuit. I am considering an active current limit in the supply but I still have some reservations as to whether this meets the letter of the law. For example, one scenario involves two events as follows: 1 The current limit fails spontaneously, but as this is not monitored, the defect remains undetected, waiting for the second event to happen... 2 Someone fiddles with the external wiring and causes a short. The result is that the driver overheats, catches fire and there is hell to pay. Now, it is perfectly true that this involves two independent "failures" so at first sight would meet the "single component failure" criterion. However, I suspect that a fault that is never detected (and just lies there waiting for a chance to create a hazard) may not count. Likewise, a fault that could be caused by Uncle Fred with his screwdriver is hardly a spontaneous component failure. So overall, would such a system meet the "due care" criterion? I have severe doubts as to whether much equipment is designed with this degree of concern but it would be goot to be ahead of the field - without incurring too much cost. Also, if this isn't the best newsgroup could someone point me in the right direction? Most electronics groups seem to be full of people selling stuff. TIA. Derek If you are in the UK, you are under EU requirements and you should be studying the appropriate IEC specs for the type of equipment you are designing. Just as a personal opinion - if there is an output that when shorted will cause a fire, then there should be some type of protection for the output. Indeed so, but my question goes a bit further as I already have protection in the shape of a foldback regulator. It's failure of this protection that I'm asking about. This is unlikely to cause an immediately hazardous condition, but, obviously, if the protection fails, the circuit is then left susceptible to any other fault. In this case it could be a fairly rare external event. The failure of the protection device may not be detected without yet more circuitry to monitor the foldback operation of the regulator! Am I being too fussy? Do most commercial and consumer devices go this far? Generally equipment design for general use is only concerned with a single failure criteria. In my experience adding more circuitry increases the complexity to the point the failure and problems are more likely. The problem with all redundant circuits is the need to test them to insure that all of the redundant circuits are working. Statistical methods may be used to determine how often the redundant circuits must be checked to achieve a certain confidance level the system will operate properly when required. In your case I would see no need for extra circuitry Execeptions are things like Safety Shutdown systems, Intrinsically Safe Equipment to insures that sparks or hot spots don't trigger an explosion in explosive atmospheres and control systems in nuclear power plants. Agreed completely and I tend to think, like you, that having a little foldback regulator to guard against the occasional shorted load is probably enough. The question hinges on what comprises a "single component failure" since an external short in unprotected wiring accessible to "Uncle Fred" is not exactly a component failure. Likewise failure of the current limit doesn't create a fault in itself but, as it's not going to be monitored, this doesn't quite settle the matter - it leaves the system in a vulnerable state to an external short. I suppose, in a nutshell, the question comes down to whether protection circuits are relevant to "due care" if an undetectable failure in the protection leaves the system just as vulnerable as if the protection were not there. On another tack, I may work around this by fitting a fire-resistant sleeve over the transistor. It can burn as much as it likes then, but I was hoping to avoid the trouble. Derek It is almost impossible to make a prduct completely fail proof. All you can do by adding more components is decrease the likely hood of a problem. If the accidental shorting of external connections can cause a fire then it is prudent to add protection such as your current limit circuit. That is all you need to do. A problem will only occur if 2 unlikely events occur. If you added another current limit circuit a problem would only occur if 3 unlikely events occured. That is above and beyond what is required for normal use products. That's good. I shall drag you into court if we get prosecuted Seriously, I felt I was being unduly fussy but it's good to get some comments from other designers - especially if they support the common-sense view. Next topic - EMC and the need for compliant testing... |
#10
Posted to alt.electronics
|
|||
|
|||
Fire safety question
After a long response, some useful numbers. 12 volts at 120 mA is a
significant difference from, for example, a telephone wire. Telephone wire can have 100 volts. If just a consumer product operating at 12 volts, then a regulator or current limited transistor switch may be more than sufficient - depending in maximum source current and how much PC board damage is acceptable. Some use Polyswitch from Raychem (now Tyco) in series for backup protection; as noted earlier. Polyswitch, for example, is often unacceptable for phone line (low power) applications because of 60+ volts. Phone lines meet the criteria in an earlier post that did not provide numbers - which is why hedging on a Polyswitch recommendation was necessary. What are failure criteria? If 12 volts rises to say 16, will that cause a component to short circuit, then resulting in a short circuit and (maybe) fire? Some 12 volt loads can withstand 30+ volts for short periods. Others cannot. If used in automotive functions, then most regulators will not meet the load dump criteria. Criteria typically not found in computer 12 volt applications. 120 mA normal load implies a single point failure could consume significant power (amperes?). In which case a second device (ie Polyswitch) would provide good backup protection. This same protection is use on computer keyboard and mouse ports. At low voltages and currents, fuses have not been a preferred solution for maybe 20 years now. Nothing above could be recommended with an earlier post that provided no numbers. Even 12 volts verses 60 volts would change the recommendation. Again, replies will only be as good as the numbers provided. Derek Potter wrote: ... FWIIW ,the small transistor circuit in question is a BS160 FET driving a 12V load at 120mA but subject to possible short circuits as said. The system fuse is 1A but fuses do not blow instantly so, with the fairly high "on" resistance of the FET (rising as it heats up) there is the distinct possibility of the TO92 device dissipating many watts before failing. The electronic protection comprises a foldback regulator and is perfectly adequate unless, of course it fails first, leaving the circuit unprotected without any indication of the latent problem. |
#11
Posted to alt.electronics
|
|||
|
|||
Fire safety question
On 15 Jan 2006 23:39:48 -0800, "w_tom" wrote:
After a long response, some useful numbers. 12 volts at 120 mA is a significant difference from, for example, a telephone wire. Telephone wire can have 100 volts. If just a consumer product operating at 12 volts, then a regulator or current limited transistor switch may be more than sufficient - depending in maximum source current and how much PC board damage is acceptable. Some use Polyswitch from Raychem (now Tyco) in series for backup protection; as noted earlier. Polyswitch, for example, is often unacceptable for phone line (low power) applications because of 60+ volts. Phone lines meet the criteria in an earlier post that did not provide numbers - which is why hedging on a Polyswitch recommendation was necessary. What are failure criteria? If 12 volts rises to say 16, will that cause a component to short circuit, then resulting in a short circuit and (maybe) fire? Some 12 volt loads can withstand 30+ volts for short periods. Others cannot. If used in automotive functions, then most regulators will not meet the load dump criteria. Criteria typically not found in computer 12 volt applications. 120 mA normal load implies a single point failure could consume significant power (amperes?). In which case a second device (ie Polyswitch) would provide good backup protection. This same protection is use on computer keyboard and mouse ports. At low voltages and currents, fuses have not been a preferred solution for maybe 20 years now. Nothing above could be recommended with an earlier post that provided no numbers. Even 12 volts verses 60 volts would change the recommendation. Again, replies will only be as good as the numbers provided. Derek Potter wrote: ... FWIIW ,the small transistor circuit in question is a BS160 FET driving a 12V load at 120mA but subject to possible short circuits as said. The system fuse is 1A but fuses do not blow instantly so, with the fairly high "on" resistance of the FET (rising as it heats up) there is the distinct possibility of the TO92 device dissipating many watts before failing. The electronic protection comprises a foldback regulator and is perfectly adequate unless, of course it fails first, leaving the circuit unprotected without any indication of the latent problem. The long response was an attempt to clarify the fact that I was asking about best practice and the interpretation of the "single component failure" concept, not asking for circuit recommendations. Incidentally, Polyswitches may be rated at 60V but other readily available PTCs go to 265V. However, when you say "In which case a second device (ie Polyswitch) would provide good backup protection" you are not making it clear whether your recommendation is to use an active current limit *and* a Polyswitch, or just have a Polyswitch in series with the load in case there's a short. The former sounds like overkill but is the only possible design approach given a Draconian interpretation of "single component failure" as the external load and the unmonitored current limit don't count. The other is merely substituting a Polyswitch for the regulator and is subject to the same failure scenario that I was asking about. |
#12
Posted to alt.electronics
|
|||
|
|||
Fire safety question
The keyboard and mouse are connected to a 'tens of amp' power supply
with only a Polyswitch for protection. In that application, a burned PC trace is acceptable. In a machine that handled dangerous materials, we used a small regulator AND a Polyswitch, in series, because consequences of failure there were catastrophic. Only two layers of protection because voltage could never exceed a regulator's maximum input voltage. Note the difference between both solutions. Details of upstream power source and downstream consequences of failure must be considered. In one appliance, a manufacturer used a circuit breaker in series with Polyswitch. But the designer did not quite understand how failures occur. He put two 60 volt Polyswitches in series thinking that was equivalent to one 120 volt Polyswitch. When the circuit breaker failed to trip, those Polyswitch devices also failed causing a house fire. An example provided as background insight. Never used (therefore studied) those higher voltage Polyswitches; so I am hesitant to recommend them. Numbers for incoming voltages and currents that can damage the regulator/transistor/Polyswitch and the downstream consequences of a failure are necessary to better answer your question. Again, a Polyswitch alone is sufficient for keyboard power because consequences of a Polyswitch failure are not catastrophic. Derek Potter wrote: ... Incidentally, Polyswitches may be rated at 60V but other readily available PTCs go to 265V. However, when you say "In which case a second device (ie Polyswitch) would provide good backup protection" you are not making it clear whether your recommendation is to use an active current limit *and* a Polyswitch, or just have a Polyswitch in series with the load in case there's a short. The former sounds like overkill but is the only possible design approach given a Draconian interpretation of "single component failure" as the external load and the unmonitored current limit don't count. The other is merely substituting a Polyswitch for the regulator and is subject to the same failure scenario that I was asking about. |
#13
Posted to alt.electronics
|
|||
|
|||
Fire safety question
On 16 Jan 2006 19:23:23 -0800, "w_tom" wrote:
The keyboard and mouse are connected to a 'tens of amp' power supply with only a Polyswitch for protection. In that application, a burned PC trace is acceptable. Really? Who says? In the final analysis you are relying on that PCB trace to provide fuse protection in the event of your PTC failing. Is that really an example of the "best practice" I was asking about? I think not! In a machine that handled dangerous materials, we used a small regulator AND a Polyswitch, in series, because consequences of failure there were catastrophic. Only two layers of protection because voltage could never exceed a regulator's maximum input voltage. Look, Tom. I am very grateful for the effort you have put into answering some question or other, but it isn't the one I asked. You may work to "industry standards" or exceed them. Or you could be a bunch of cowboys. I don't think you are, but your ad-hoc methods aren't relevant to my question. As for the technique you describe, it is just an example of avoiding the oft-cited "single component failure" criterion. Two failures are needed to create a hazard. They are independent and, also, they are internal. However, what I asked about was whether a rare but possible external event would qualify. However, even your double protection technique is suspect as the two protection circuits are not monitored. At least, you haven'tmentioned such a vital thing, which would be odd because monitoring both would be relevant to my query. Note the difference between both solutions. Details of upstream power source and downstream consequences of failure must be considered. Obviously. In one appliance, a manufacturer used a circuit breaker in series with Polyswitch. But the designer did not quite understand how failures occur. He put two 60 volt Polyswitches in series thinking that was equivalent to one 120 volt Polyswitch. When the circuit breaker failed to trip, those Polyswitch devices also failed causing a house fire. An example provided as background insight. A pretty elementary mistake when using PTCs is to ignore thermal runaway leading to voltage stress. Presumably his design was never run past a professional engineer and never bench tested. Generic safety standards do explictly prohibit counting domino failures. So just one CB failure caused both PTCs to fail and thus only comprises a single component failure. This is yet another example of industry *bad* practice and whilst fairly amusing and possibly useful to amateurs is *not* helpful as regards the interpretation of "single component failures" in the context that I asked about, viz external cabling faults and latent (unmonitored) internal failures. Never used (therefore studied) those higher voltage Polyswitches; so I am hesitant to recommend them. Numbers for incoming voltages and currents that can damage the regulator/transistor/Polyswitch and the downstream consequences of a failure are necessary to better answer your question. Actually it wasn't a question, I was correcting your implication that PTC protection is not possible above 60V. Primary-side PTCs are frequently buried inside mains transformers. Again, a Polyswitch alone is sufficient for keyboard power because consequences of a Polyswitch failure are not catastrophic. As I stated in my original post: "I'm not asking about *techniques* to avoid hazard, I'm asking about what is legally required. Trick question - I'm not asking for legal advice, just information concerning best current practice." "Best practice" does not mean "what would you suggest?" or "what does your company do?" thanks all the same. My question was very specific, about the general principle of single component failure. I am quite capable of designing appropriate circuitry given a target performance. It's what I do. |
Reply |
Thread Tools | Search this Thread |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Forum | |||
Building a workshop in my basement? | Metalworking | |||
Suitable caps/cowls for disused chimney and living flame gas fire | UK diy | |||
Gas fire flue extract... | UK diy |