[ RadSafe ] Interlock question

Ted de Castro tdc at xrayted.com
Wed Oct 29 16:21:30 CDT 2014


Thanks for getting back to me.

I TRUST "relays and knife switches"  I don't trust TTL gates!  For all 
the reasons stated plus.

As for ANSI N43.2 ..... good luck.  I was on the writing committee for 
the current revision and couldn't get committee concurrence on a 
proscription against any particular circuit element - even PLC's let 
alone TTL!!  In other words as per your great suggestion - I tried and I 
lost!

Actually - I have a former associate who is an electrical engineer and 
very good at interlock specifications and he has ALMOST convinced me 
that the redundant interlock chains can be made self checking and that 
ANY circuit element can be used so long as the redundant chains are 
always in agreement.  I understand the concept - essentially continual 
functional testing and assurance - and maybe agree with it - but how 
complicated will the self testing be??  And ANYTHING that involves 
software .....

Anyhow - he did have really good ideas and really good ways of analyzing 
the essentials these systems according to simple principles.  So I told 
him that he should write a book on it and that I'd be happy to be a 
proof reader.  So the long an short of it is it looks like WE are going 
to write that book.  Of course this plan is only 3 days old - so we'll 
see how far we get - but I do really want to get his principles and 
techniques in print SOMEWHERE - at least before the next N43.2 revision 
- especially since I am now retired and I'd be unlikely to be on that 
committee again and couldn't afford the travel expense if I were.

Its not an easy consideration and those pushing for their so called 
"modern" techniques are solidly convinced of their invulnerability - yet 
I maintain that interlock safety is not a "fashion statement" and have 
no trouble sticking with tried, true and incredibly simple techniques.  
HOWEVER on the current job I am consulting on - keeping a good friendly 
relation with the electrical engineer who is designing the circuit and 
therefore the one whose "face I am in" and reminding the customer that 
analytical x-ray equipment comes under the legal category of "ultra 
hazardous equipment" and is therefore subject to "Strict Liability" - 
these usually allow me to prevail.

Anyhow - on one instrument that they purchased complete from a European 
company - in reviewing the interlocks I asked that question regarding 
solid state devices in the interlock chain and they said Of course not 
since European standards didn't allow it. - so Now I am trying to track 
that down.

Ted de Castro


On 10/29/2014 1:50 PM, Bob Westerdale wrote:
> Hi-
> I've had to deal with this situation,,, we had developed an XRF instrument
> driven by an FPGA ( Field Programmable Gate Array).
> The whole safety network was  redundant ( 2 switches on virtually
> everything) but the Customer feared that the FPGA's
> failure modes ( stuck bits, memory holes, etc) were too risky to accept.
> We had to duplicate the logic with external ( ie. non-FPGA)
> gates which ran in parallel with the PFGA logic.   This effectively gave
> us 4 separate decision making paths for verifying the
> X-Ray shutter was closed or the door secured. ( etc.) Each path had to be
> in agreement.    It would be difficult to design a
> digital control system that monitored/tested every decision making element
> in a complex instrument without adding more unreliability
> in the process!.
> I haven't come across an EU standard that specifically prohibits
> semiconductor devices in mission-critical
> safety circuits.   I'd suggest that the next revision of the N43-2  Safety
> Standard ( XRD and XRF systems) include some
> basic logic/architecture guidelines.    I doubt we're going back to relays
> and knife switch disconnects anytime soon!
> regards
> Bob Westerdale
>
>
>
>
> From:   Ted de Castro <tdc at xrayted.com>
> To:     "The International Radiation Protection (Health Physics) Mailing
> List" <radsafe at health.phys.iit.edu>,
> Date:   10/27/2014 09:11 PM
> Subject:        Re: [ RadSafe ] Interlock question
> Sent by:        radsafe-bounces at health.phys.iit.edu
>
>
>
> Specifically - analytical x-ray machine ....
>
> On 10/27/2014 2:27 PM, Ted de Castro wrote:
>> I am dealing with an x-ray machine interlock design.
>>
>> Of course it will be redundant and failsafe and testable - but the
>> question has come up regarding using semiconductor devices in the
>> interlock circuit.
>>
>> When I was the x-ray safety officer at a national laboratory I
>> resolved that issue by simply not accepting semiconductor devices in
>> interlock circuits - problem solved.
>>
>> I maintained that when such included logic circuits that showing that
>> its was failsafe with the failure of any single component could not be
>> demonstrated - even disregarding issues with defining what constituted
>> a "component".
>>
>> Further testing requires that each component be isolated, exercised
>> and tested - and I maintained that is simply not possible with logic
>> circuits.  ie. - just opening the door and observing that the x-rays
>> turn off is most definitely NOT a test!
>>
>> Its not as simple anymore.
>>
>> I have heard however that there is a euro standard that prohibits the
>> use of semiconductor devices in interlock circuits.  So - I was hoping
>> someone here might know IF that were in fact so - and if so shat that
>> standard is.
>>
>> Thanks
>>
>> Ted de Castro
>> _______________________________________________
>> You are currently subscribed to the RadSafe mailing list
>>
>> Before posting a message to RadSafe be sure to have read and
>> understood the RadSafe rules. These can be found at:
>> http://health.phys.iit.edu/radsaferules.html
>>
>> For information on how to subscribe or unsubscribe and other settings
>> visit: http://health.phys.iit.edu
> _______________________________________________
> You are currently subscribed to the RadSafe mailing list
>
> Before posting a message to RadSafe be sure to have read and understood
> the RadSafe rules. These can be found at:
> http://health.phys.iit.edu/radsaferules.html
>
> For information on how to subscribe or unsubscribe and other settings
> visit: http://health.phys.iit.edu
>
>
>
> _______________________________________________
> You are currently subscribed to the RadSafe mailing list
>
> Before posting a message to RadSafe be sure to have read and understood the RadSafe rules. These can be found at: http://health.phys.iit.edu/radsaferules.html
>
> For information on how to subscribe or unsubscribe and other settings visit: http://health.phys.iit.edu



More information about the RadSafe mailing list