[ RadSafe ] Interlock question

Bob Westerdale Bob.Westerdale at ametek.com
Wed Oct 29 15:50:07 CDT 2014 

Hi-
I've had to deal with this situation,,, we had developed an XRF instrument 
driven by an FPGA ( Field Programmable Gate Array).
The whole safety network was  redundant ( 2 switches on virtually 
everything) but the Customer feared that the FPGA's 
failure modes ( stuck bits, memory holes, etc) were too risky to accept. 
We had to duplicate the logic with external ( ie. non-FPGA)
gates which ran in parallel with the PFGA logic.   This effectively gave 
us 4 separate decision making paths for verifying the 
X-Ray shutter was closed or the door secured. ( etc.) Each path had to be 
in agreement.    It would be difficult to design a 
digital control system that monitored/tested every decision making element 
in a complex instrument without adding more unreliability
in the process!. 
I haven't come across an EU standard that specifically prohibits 
semiconductor devices in mission-critical
safety circuits.   I'd suggest that the next revision of the N43-2  Safety 
Standard ( XRD and XRF systems) include some
basic logic/architecture guidelines.    I doubt we're going back to relays 
and knife switch disconnects anytime soon!
regards
Bob Westerdale 




From:   Ted de Castro <tdc at xrayted.com>
To:     "The International Radiation Protection (Health Physics) Mailing 
List" <radsafe at health.phys.iit.edu>, 
Date:   10/27/2014 09:11 PM
Subject:        Re: [ RadSafe ] Interlock question
Sent by:        radsafe-bounces at health.phys.iit.edu



Specifically - analytical x-ray machine ....

On 10/27/2014 2:27 PM, Ted de Castro wrote:
> I am dealing with an x-ray machine interlock design.
>
> Of course it will be redundant and failsafe and testable - but the 
> question has come up regarding using semiconductor devices in the 
> interlock circuit.
>
> When I was the x-ray safety officer at a national laboratory I 
> resolved that issue by simply not accepting semiconductor devices in 
> interlock circuits - problem solved.
>
> I maintained that when such included logic circuits that showing that 
> its was failsafe with the failure of any single component could not be 
> demonstrated - even disregarding issues with defining what constituted 
> a "component".
>
> Further testing requires that each component be isolated, exercised 
> and tested - and I maintained that is simply not possible with logic 
> circuits.  ie. - just opening the door and observing that the x-rays 
> turn off is most definitely NOT a test!
>
> Its not as simple anymore.
>
> I have heard however that there is a euro standard that prohibits the 
> use of semiconductor devices in interlock circuits.  So - I was hoping 
> someone here might know IF that were in fact so - and if so shat that 
> standard is.
>
> Thanks
>
> Ted de Castro
> _______________________________________________
> You are currently subscribed to the RadSafe mailing list
>
> Before posting a message to RadSafe be sure to have read and 
> understood the RadSafe rules. These can be found at: 
> http://health.phys.iit.edu/radsaferules.html
>
> For information on how to subscribe or unsubscribe and other settings 
> visit: http://health.phys.iit.edu

_______________________________________________
You are currently subscribed to the RadSafe mailing list

Before posting a message to RadSafe be sure to have read and understood 
the RadSafe rules. These can be found at: 
http://health.phys.iit.edu/radsaferules.html

For information on how to subscribe or unsubscribe and other settings 
visit: http://health.phys.iit.edu

More information about the RadSafe mailing list