[ RadSafe ] Interlock question
Strickert, Rick (Consultant)
rstrickert at signaturescience.com
Wed Oct 29 17:48:14 CDT 2014
The topic of electronic/software interlocks brings to mind the Chapter 1 story of Ray Cox (pp. 13-22) in Steven Casey's book, _Set Phasers on Stun and Other True Tales of Design, Technology and Human Error_ (Aegean Publishing Co., 1993), Katie Yarborough and others (http://www.ccnr.org/fatal_dose.html).
Rick Strickert
Austin, TX
-----Original Message-----
From: radsafe-bounces at health.phys.iit.edu [mailto:radsafe-bounces at health.phys.iit.edu] On Behalf Of Ted de Castro
Sent: Wednesday, October 29, 2014 4:22 PM
To: The International Radiation Protection (Health Physics) Mailing List
Subject: Re: [ RadSafe ] Interlock question
Thanks for getting back to me.
I TRUST "relays and knife switches" I don't trust TTL gates! For all the reasons stated plus.
As for ANSI N43.2 ..... good luck. I was on the writing committee for the current revision and couldn't get committee concurrence on a proscription against any particular circuit element - even PLC's let alone TTL!! In other words as per your great suggestion - I tried and I lost!
Actually - I have a former associate who is an electrical engineer and very good at interlock specifications and he has ALMOST convinced me that the redundant interlock chains can be made self checking and that ANY circuit element can be used so long as the redundant chains are always in agreement. I understand the concept - essentially continual functional testing and assurance - and maybe agree with it - but how complicated will the self testing be?? And ANYTHING that involves software .....
Anyhow - he did have really good ideas and really good ways of analyzing the essentials these systems according to simple principles. So I told him that he should write a book on it and that I'd be happy to be a proof reader. So the long an short of it is it looks like WE are going to write that book. Of course this plan is only 3 days old - so we'll see how far we get - but I do really want to get his principles and techniques in print SOMEWHERE - at least before the next N43.2 revision
- especially since I am now retired and I'd be unlikely to be on that committee again and couldn't afford the travel expense if I were.
Its not an easy consideration and those pushing for their so called "modern" techniques are solidly convinced of their invulnerability - yet I maintain that interlock safety is not a "fashion statement" and have no trouble sticking with tried, true and incredibly simple techniques.
HOWEVER on the current job I am consulting on - keeping a good friendly relation with the electrical engineer who is designing the circuit and therefore the one whose "face I am in" and reminding the customer that analytical x-ray equipment comes under the legal category of "ultra hazardous equipment" and is therefore subject to "Strict Liability" - these usually allow me to prevail.
Anyhow - on one instrument that they purchased complete from a European company - in reviewing the interlocks I asked that question regarding solid state devices in the interlock chain and they said Of course not since European standards didn't allow it. - so Now I am trying to track that down.
Ted de Castro
On 10/29/2014 1:50 PM, Bob Westerdale wrote:
> Hi-
> I've had to deal with this situation,,, we had developed an XRF
> instrument driven by an FPGA ( Field Programmable Gate Array).
> The whole safety network was redundant ( 2 switches on virtually
> everything) but the Customer feared that the FPGA's failure modes (
> stuck bits, memory holes, etc) were too risky to accept.
> We had to duplicate the logic with external ( ie. non-FPGA)
> gates which ran in parallel with the PFGA logic. This effectively gave
> us 4 separate decision making paths for verifying the X-Ray shutter
> was closed or the door secured. ( etc.) Each path had to be
> in agreement. It would be difficult to design a
> digital control system that monitored/tested every decision making
> element in a complex instrument without adding more unreliability in
> the process!.
> I haven't come across an EU standard that specifically prohibits
> semiconductor devices in mission-critical
> safety circuits. I'd suggest that the next revision of the N43-2 Safety
> Standard ( XRD and XRF systems) include some
> basic logic/architecture guidelines. I doubt we're going back to relays
> and knife switch disconnects anytime soon!
> regards
> Bob Westerdale
>
>
>
>
> From: Ted de Castro <tdc at xrayted.com>
> To: "The International Radiation Protection (Health Physics) Mailing
> List" <radsafe at health.phys.iit.edu>,
> Date: 10/27/2014 09:11 PM
> Subject: Re: [ RadSafe ] Interlock question
> Sent by: radsafe-bounces at health.phys.iit.edu
>
>
>
> Specifically - analytical x-ray machine ....
>
> On 10/27/2014 2:27 PM, Ted de Castro wrote:
>> I am dealing with an x-ray machine interlock design.
>>
>> Of course it will be redundant and failsafe and testable - but the
>> question has come up regarding using semiconductor devices in the
>> interlock circuit.
>>
>> When I was the x-ray safety officer at a national laboratory I
>> resolved that issue by simply not accepting semiconductor devices in
>> interlock circuits - problem solved.
>>
>> I maintained that when such included logic circuits that showing that
>> its was failsafe with the failure of any single component could not
>> be demonstrated - even disregarding issues with defining what
>> constituted a "component".
>>
>> Further testing requires that each component be isolated, exercised
>> and tested - and I maintained that is simply not possible with logic
>> circuits. ie. - just opening the door and observing that the x-rays
>> turn off is most definitely NOT a test!
>>
>> Its not as simple anymore.
>>
>> I have heard however that there is a euro standard that prohibits the
>> use of semiconductor devices in interlock circuits. So - I was
>> hoping someone here might know IF that were in fact so - and if so
>> shat that standard is.
>>
>> Thanks
>>
>> Ted de Castro
>> _______________________________________________
>> You are currently subscribed to the RadSafe mailing list
>>
>> Before posting a message to RadSafe be sure to have read and
>> understood the RadSafe rules. These can be found at:
>> http://health.phys.iit.edu/radsaferules.html
>>
>> For information on how to subscribe or unsubscribe and other settings
>> visit: http://health.phys.iit.edu
> _______________________________________________
> You are currently subscribed to the RadSafe mailing list
>
> Before posting a message to RadSafe be sure to have read and
> understood the RadSafe rules. These can be found at:
> http://health.phys.iit.edu/radsaferules.html
>
> For information on how to subscribe or unsubscribe and other settings
> visit: http://health.phys.iit.edu
>
>
>
> _______________________________________________
> You are currently subscribed to the RadSafe mailing list
>
> Before posting a message to RadSafe be sure to have read and
> understood the RadSafe rules. These can be found at:
> http://health.phys.iit.edu/radsaferules.html
>
> For information on how to subscribe or unsubscribe and other settings
> visit: http://health.phys.iit.edu
_______________________________________________
You are currently subscribed to the RadSafe mailing list
Before posting a message to RadSafe be sure to have read and understood the RadSafe rules. These can be found at: http://health.phys.iit.edu/radsaferules.html
For information on how to subscribe or unsubscribe and other settings visit: http://health.phys.iit.edu
More information about the RadSafe
mailing list