[ RadSafe ] Interlock question

M K ka2mce at gmail.com
Wed Oct 29 18:29:12 CDT 2014 

Here's a more detailed report on the same incident...

On Wed, Oct 29, 2014 at 6:48 PM, Strickert, Rick (Consultant) <
rstrickert at signaturescience.com> wrote:

> The topic of electronic/software interlocks brings to mind the Chapter 1
> story of Ray Cox (pp. 13-22) in Steven Casey's book, _Set Phasers on Stun
> and Other True Tales of Design, Technology and Human Error_ (Aegean
> Publishing Co., 1993), Katie Yarborough and others (
> http://www.ccnr.org/fatal_dose.html).
>
> Rick Strickert
> Austin, TX
>
> -----Original Message-----
> From: radsafe-bounces at health.phys.iit.edu [mailto:
> radsafe-bounces at health.phys.iit.edu] On Behalf Of Ted de Castro
> Sent: Wednesday, October 29, 2014 4:22 PM
> To: The International Radiation Protection (Health Physics) Mailing List
> Subject: Re: [ RadSafe ] Interlock question
>
> Thanks for getting back to me.
>
> I TRUST "relays and knife switches"  I don't trust TTL gates!  For all the
> reasons stated plus.
>
> As for ANSI N43.2 ..... good luck.  I was on the writing committee for the
> current revision and couldn't get committee concurrence on a proscription
> against any particular circuit element - even PLC's let alone TTL!!  In
> other words as per your great suggestion - I tried and I lost!
>
> Actually - I have a former associate who is an electrical engineer and
> very good at interlock specifications and he has ALMOST convinced me that
> the redundant interlock chains can be made self checking and that ANY
> circuit element can be used so long as the redundant chains are always in
> agreement.  I understand the concept - essentially continual functional
> testing and assurance - and maybe agree with it - but how complicated will
> the self testing be??  And ANYTHING that involves software .....
>
> Anyhow - he did have really good ideas and really good ways of analyzing
> the essentials these systems according to simple principles.  So I told him
> that he should write a book on it and that I'd be happy to be a proof
> reader.  So the long an short of it is it looks like WE are going to write
> that book.  Of course this plan is only 3 days old - so we'll see how far
> we get - but I do really want to get his principles and techniques in print
> SOMEWHERE - at least before the next N43.2 revision
> - especially since I am now retired and I'd be unlikely to be on that
> committee again and couldn't afford the travel expense if I were.
>
> Its not an easy consideration and those pushing for their so called
> "modern" techniques are solidly convinced of their invulnerability - yet I
> maintain that interlock safety is not a "fashion statement" and have no
> trouble sticking with tried, true and incredibly simple techniques.
> HOWEVER on the current job I am consulting on - keeping a good friendly
> relation with the electrical engineer who is designing the circuit and
> therefore the one whose "face I am in" and reminding the customer that
> analytical x-ray equipment comes under the legal category of "ultra
> hazardous equipment" and is therefore subject to "Strict Liability" - these
> usually allow me to prevail.
>
> Anyhow - on one instrument that they purchased complete from a European
> company - in reviewing the interlocks I asked that question regarding solid
> state devices in the interlock chain and they said Of course not since
> European standards didn't allow it. - so Now I am trying to track that down.
>
> Ted de Castro
>
>
> On 10/29/2014 1:50 PM, Bob Westerdale wrote:
> > Hi-
> > I've had to deal with this situation,,, we had developed an XRF
> > instrument driven by an FPGA ( Field Programmable Gate Array).
> > The whole safety network was  redundant ( 2 switches on virtually
> > everything) but the Customer feared that the FPGA's failure modes (
> > stuck bits, memory holes, etc) were too risky to accept.
> > We had to duplicate the logic with external ( ie. non-FPGA)
> > gates which ran in parallel with the PFGA logic.   This effectively gave
> > us 4 separate decision making paths for verifying the X-Ray shutter
> > was closed or the door secured. ( etc.) Each path had to be
> > in agreement.    It would be difficult to design a
> > digital control system that monitored/tested every decision making
> > element in a complex instrument without adding more unreliability in
> > the process!.
> > I haven't come across an EU standard that specifically prohibits
> > semiconductor devices in mission-critical
> > safety circuits.   I'd suggest that the next revision of the N43-2
> Safety
> > Standard ( XRD and XRF systems) include some
> > basic logic/architecture guidelines.    I doubt we're going back to
> relays
> > and knife switch disconnects anytime soon!
> > regards
> > Bob Westerdale
> >
> >
> >
> >
> > From:   Ted de Castro <tdc at xrayted.com>
> > To:     "The International Radiation Protection (Health Physics) Mailing
> > List" <radsafe at health.phys.iit.edu>,
> > Date:   10/27/2014 09:11 PM
> > Subject:        Re: [ RadSafe ] Interlock question
> > Sent by:        radsafe-bounces at health.phys.iit.edu
> >
> >
> >
> > Specifically - analytical x-ray machine ....
> >
> > On 10/27/2014 2:27 PM, Ted de Castro wrote:
> >> I am dealing with an x-ray machine interlock design.
> >>
> >> Of course it will be redundant and failsafe and testable - but the
> >> question has come up regarding using semiconductor devices in the
> >> interlock circuit.
> >>
> >> When I was the x-ray safety officer at a national laboratory I
> >> resolved that issue by simply not accepting semiconductor devices in
> >> interlock circuits - problem solved.
> >>
> >> I maintained that when such included logic circuits that showing that
> >> its was failsafe with the failure of any single component could not
> >> be demonstrated - even disregarding issues with defining what
> >> constituted a "component".
> >>
> >> Further testing requires that each component be isolated, exercised
> >> and tested - and I maintained that is simply not possible with logic
> >> circuits.  ie. - just opening the door and observing that the x-rays
> >> turn off is most definitely NOT a test!
> >>
> >> Its not as simple anymore.
> >>
> >> I have heard however that there is a euro standard that prohibits the
> >> use of semiconductor devices in interlock circuits.  So - I was
> >> hoping someone here might know IF that were in fact so - and if so
> >> shat that standard is.
> >>
> >> Thanks
> >>
> >> Ted de Castro
> >> _______________________________________________
> >> You are currently subscribed to the RadSafe mailing list
> >>
> >> Before posting a message to RadSafe be sure to have read and
> >> understood the RadSafe rules. These can be found at:
> >> http://health.phys.iit.edu/radsaferules.html
> >>
> >> For information on how to subscribe or unsubscribe and other settings
> >> visit: http://health.phys.iit.edu
> > _______________________________________________
> > You are currently subscribed to the RadSafe mailing list
> >
> > Before posting a message to RadSafe be sure to have read and
> > understood the RadSafe rules. These can be found at:
> > http://health.phys.iit.edu/radsaferules.html
> >
> > For information on how to subscribe or unsubscribe and other settings
> > visit: http://health.phys.iit.edu
> >
> >
> >
> > _______________________________________________
> > You are currently subscribed to the RadSafe mailing list
> >
> > Before posting a message to RadSafe be sure to have read and
> > understood the RadSafe rules. These can be found at:
> > http://health.phys.iit.edu/radsaferules.html
> >
> > For information on how to subscribe or unsubscribe and other settings
> > visit: http://health.phys.iit.edu
>
> _______________________________________________
> You are currently subscribed to the RadSafe mailing list
>
> Before posting a message to RadSafe be sure to have read and understood
> the RadSafe rules. These can be found at:
> http://health.phys.iit.edu/radsaferules.html
>
> For information on how to subscribe or unsubscribe and other settings
> visit: http://health.phys.iit.edu
> _______________________________________________
> You are currently subscribed to the RadSafe mailing list
>
> Before posting a message to RadSafe be sure to have read and understood
> the RadSafe rules. These can be found at:
> http://health.phys.iit.edu/radsaferules.html
>
> For information on how to subscribe or unsubscribe and other settings
> visit: http://health.phys.iit.edu
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: therac.pdf
Type: application/pdf
Size: 304158 bytes
Desc: not available
URL: <http://health.phys.iit.edu/pipermail/radsafe/attachments/20141029/0fd900b0/attachment-0001.pdf>

More information about the RadSafe mailing list