safety standards & ongoing safety testing (ost) standards...this is most definitely not just a...

Roland Hill – Fellow of SAIEE, Chairman AFSEC TC13 and Chairman BSI PEL/13/-/13+ Hardware Systems Architect, Safety & Dependability Expert @ Landis+Gyr, UK+ GB member on IEC TC13 WG11/14/15, IEC SC23K WG1, IEC TC47 WG5,

IEC SC47E WG8, IEC TC56 WG2/WG4/PT 4.8, IEC SEG8, IEC SEG9CENELEC TC13 WG01, AFSEC SMC and AFSEC TC13 PT1

+ BEAMA member on BSI PEL/13, DS/1, PEL/23, PEL/57, PEL/205, EPL/47, GEL/50, SMG TC

Safety Standards & Ongoing Safety Testing (OST)

Roland Hill | 3rd African Smart Grid Forum | Sept 2018

The Recent Rapid Evolution of Safety Thinking

2


IEC guide 104 – Basic, Group & Product Safety Stds

3

IEC Standards Management Board (SMB)-> Mandatory adherence by all IEC TC’s

IEC Advisory Committee on Safety (ACOS)-> Oversight of all TC safety publications

Relevant Basic Safety Publications- IEC 60068 series (48): Environmental testing (TC104)- IEC 60529: Degrees of protection - IP code (TC70)- IEC 60664 series (5): Insulation coordination for LV eqpt (TC109)- IEC 60695 series (36): Fire hazard testing (TC89)- IEC 61508 series (26): Functional safety of systems (SC65A)

Relevant Group Safety Publications- IEC 60364 series: Electrical installations – protection (TC64)- IEC 61010 series: Test and measurement equipment (TC66)- IEC 60999-2: Connecting devices (SC121A)

Relevant Product Safety Standards- IEC 62052-31: Electricity meter – Product safety req’s (TC13)- IEC 60950-1 & -22: Safety of IT equipment (TC108)- IEC 62368 series (3): Safety of electronic equipment (TC108)- Many others (see table on next slide)


AMI meter lifetime safety2018 to 2033+

Era’s of safety1 - Black Box2 - Type Test3 - Risk Assess4 – PEI systems5 – Funct. safe

~ 40 Standards~ 3,148 pages

Decades of international meter safety standards

4


Beyond Type Testing – Era of OST, ISST and AI/ML

5

Type Teston one sample

ERA 2

Lifetime AssuranceOngoing Safety Tests (OST)

ERA 3

ERA 4

In-Service Safety Testing (ISST)

ERA 5

AI & ML: System safety, Remote diagnostics, Field stress profile analysis, Forensic audit trails


Manufacturers: Ongoing Safety Testing (OST)

6

Die

lect

ric

Test

sH

eat

Ris

eO

RT/

OD

T


Every Manufacturers legal “Duty of Care” requires

7

1. Manufacturers have an obligation under their “Duty of Care”, to do what is reasonably practicable to prevent danger;

2. The level of safety of a product, as well as the system, must be judged according to the general knowledge & standards of the times;

3. When there is developing knowledge, Manufacturers must keep reasonably abreast of it, and not be to slow to apply it;

4. When the Manufacturer has greater than average knowledge of the risks, he is obliged to take more than the standard precautions;

5. Compliance with a relevant code of practice or regulatory instrument, may afford a defence to a claim of negligence, but there are significant circumstances where it does not do so. For instance:

a. It may be shown that the code of practice or regulatory instrument is compromised because the standards that it requires havebeen lowered as a result of heavy lobbying by affected parties ; (e.g the EU LVD provides an exemption for electricity meters)

b. Because it covers a field in which apathy and fatalism has prevailed; (e.g. where the metering industry has failed to engage the safety of the installed meter, when subjected to a variety of fusing, mounting, environmental and operational misuse conditions)

c. Because the regulatory instrument has failed to keep abreast of the latest technology and scientific understanding. (The LVD in Europe is 40 years old and desperately in need of revision. A year long consultation to revise the LVD is underway)

6. Therefore an appropriate risk analysis must be carried out from time to time (annually)…to provide evidence that the Manufacturer has exercised reasonable care and skill, and as to the reasonable foreseeability of the relevant risk(s);

7. Because standards, regulations and best practice continuously evolve, responsible Manufacturers must periodically (re)assess the risk of continued use of their legacy products, and act accordingly under their “Duty of Care” when appropriate.

The legal principles listed above, were extracted from the UK Crown judgement – Smith vs UKPN, dated 17 Sep 2012https://www.crownofficechambers.com/2012/09/20/smith-v-ukpn-michael-kent-qc-jack-macaulay-represent-victims-fire-damage-tcc/

https://www.crownofficechambers.com/2012/09/20/smith-v-ukpn-michael-kent-qc-jack-macaulay-represent-victims-fire-damage-tcc/


Dame Judith Hacket – Statements on Grenfell fire

8

This is most definitely not just a question of the specification (of cladding systems or refrigerator backing panel flammability), but of an industry that has not reflected and learned for itself, nor looked to other sectors. The key issues underpinning the system failure include:

1. Ignorance – regulations and guidance are not always read by those who need to, and when they do the guidance is misunderstood and misinterpreted.

2. Indifference – the primary motivation is to do things as quickly and cheaply as possible rather than to deliver quality homes which are safe for people to live in. When concerns are raised, by others involved in building work or by residents, they are often ignored. Some of those undertaking building work fail to prioritise safety, using the ambiguity of regulations and guidance to game the system.

3. Inadequate regulatory oversight and enforcement tools – the size or complexity of a project does not seem to inform the way in which it is overseen by the regulator. Where enforcement is necessary, it is often not pursued. Where it is pursued, the penalties are so small as to be an ineffective deterrent.

4. Lack of clarity on roles and responsibilities – there is ambiguity over where responsibility lies, exacerbated by a level of fragmentation within the industry, and precluding robust ownership of accountability.


AFSEC TC13 members – Harmonising AMI Std’sMEMBER’S NAME ALTERNATE’S NAME REGION COUNTRY LANGUAGE

Roland HILL (chairman) <Don Taylor> n/a n/a English

Khaled ZAKY (secretary) Randa REZK North Egypt Arabic

Habiballa ELBAGIR Amany IBRAHIM Sudan Arabic

Abdoulaye SANOGO Omar BAKAYOKO West Cote d’Ivore French

John BATURE Tasiu WUDIL Nigeria English

Bukari DANLADI Azeriwie AGALISI Ghana English

Souleymane NDIAYE <vacant> Senegal French

Alain Konzi MPIANA Clovis MAFUTA Central Dem Rep Congo French

Charles NDUNGU <vacant> East Kenya English

Casimir NYIRINKINDI Theoneste ISHIMWE Rwanda English

Phillip CHINDARA <vacant> Zimbabwe English

Ackim ZULU, Dr Joseph MALAMA South Zambia English

Gerhard WILSNACH Shawn PAPI South Africa English

Jona HAMBATA Rudolf OUSEB Namibia English


Forecasted improvements to IEC 62052-31 (Ed.2)

Decade (Era) 1990’s (1) 2000’s (2) 2010’s (3) 2020’s (4) 2030’s (5)

Method Black Box Type Test HBRA & RR PEI systems Functional

Primary IEC standards

61010-1 &61010-2-30

62052-31 Ed.1effective 2019!

Guide 116 &62368-1 & 2

ACOS 116 Ed.362052-31 Ed.2

JTC1 SC7/25 62368-3 DC

Supply voltage < 600 Vac < 1000 Vac & < 1500 Vdc Islanding LVDC select

Heat rise 25K or 35K Cls 10, ‘52-31 BS 7856 Ann.C Hazard assess Dependability

Enclosure Foil & Flash Creep & Clear Lifetime, OST V-0 and IP54 Mng’d temp.

Disturbances 6kV, OVC IV 4kV, ok in EU! 4kV + MOV’s? OVC IV, global Funct ranges

Arc-flash test Required No test req’d! Enedis test Add to 52-31 Ed.2 Site PSCC’s

Control switch No switches 62055-31UK=UC1, ZA=UC2

62052-31BS 7856:2017, UC3

62054-31?UC4 to UC6, Iovl=1.45

Control f/w

OCPD co-ord Not req’d None! (Imax=Imax) Iovl = 1.45*Imax Coordinated Selected

EU LV safety None Exempt > DtC Exempt > DtC Safety guide LVD: 2020

IEC TC/WG IEC TC66 TC13 WG11 IEC TC108 IEC TC64, TC8 SyC SE/LVDC

10

Thank you for your attention


Roland HillHardware Systems [email protected]

… so your Homework Assignment is;- Review the additional twelve slides- Read the detailed manuscript- Engage your AFSEC TC13 experts- Apply your learnings at your work- Support your National Safety efforts

mailto:[email protected]


Arc Fault with low PSCC - Load side fusing hazard

12


Example of thermal runaway on mV test results

13

Failure of a SCS having a single pair of contacts is shown opposite.

The test was aborted when the mV value reached 0.4 mV (40 W)

L+G have evidence of SCS contacts reaching 0.6 mV on a 100A Imax meter.


Thermal issues – Safety under single fault condition

14

Meter10W

1mOhmALCS24W

6mOhm

63A37AMax

100A

Meter10W

1mOhmADPS60W

6mOhm

100A0AMax

100A

63A fuse

100A fuse 100A fuse

34W 70W

An ALCS is not designed to withstand this condition

Internalfire

ignition

Thermal damage to EV tail


Periodic heat rise test method and analysis process

15

Contact resistance degradation is the major thermal safety hazard

The thermal integrity and spread of fire safety of an electricity meter must be measured and analysed based on:

1. The requirements of clause 10 of IEC 62052-31. This defines the basic test method and requirements;

2. The supplementary requirements of BS 7856:2017. This corrects the errors and omissions in 62052-31;

3. L+G’s best safety practice based on acquired knowledge of SCS failure hazards.

The thermal integrity and lifetime of a meter is critically dependant on the quality of the SCS contact tips, as shown opposite.


Controlling the Operational mV drop characteristics

16

The operational mV drop of three meters shall be determined from the average value, of a 100 point moving average, of the mV values measured during the BS 7856 endurance test (Normative Annex D.2). Results similar to those shown opposite from three different meters done for 10 000 cycles, are recorded as part of the meter safety assessment records;

a. Heat rise testing of SCS contacts must be periodically performed to ensure safety conformity as OEM manufacturers may cost reduce the composition of the contact tips or the contact tip material composition/processing may change without their knowledge.

b. Irreversible contact damage can also occur due to tamper attacks that repeatedly switch the SCS onto intentional short circuit conditions, excessive use beyond the rated endurance and/or poor material/component/design in the switch mechanism. Lifetime contact ageing - mV measurements from

BS 7856:2017 Annex D.2 endurance testing


Long term heat rise test – BS 7856:2017 (for each SCS)

17

Long-term heat rise test on E470 100mm to BS 7856:2017 Annex C- with “typical new” SCS contacts, at ambient temperature of 23C

The long-term heat rise test as specified in Normative Annex C of BS 7856:2017 shall be performed under the defined conditions.

The heat rise test is run for two hours at Imax, followed by two hours at Iovl (1.45*Imax), followed by two hours with no current flow. Typical results are shown opposite.

Care must be taken to ensure consistent placement and naming of thermocouple measurement points, so that results can be compared between similar meter types (e.g comparison of 100mm with 120mm or comparison of 100mm with or without ALCS fitted or with SCS from 2nd

source).

Preferred names of the measurement points in the E470 meters are shown in the heat rise analysis template.


Thermal safety assessment and test record (TCF)

18

Having measured the heat rise at ambient temperatures (Step 3), the results are placed into an assessment template to evaluate the thermal margins over the product lifetime, and with different ambient temperatures, up to the maximum specified operational temperature of the meter.

This heat rise assessment does not cover the SCS thermal failure safety condition as that will be tested and reported separately, when the PEL/13 committee has agreed the test method, conditions and pass/fail criteria.

In cases where the heat rise safety/reliability assessment indicates an unsafe and/or undesirable temperature rise, the severity of the risk is analysed and declared in the Hazard Based Risk Assessment document. The HBRA is a defined part of the Technical Construction File (TCF) and follows IEC Guide 116 and CENELEC Guide 32 (Annex D)hazard-based risk assessment procedure.

An incomplete example of a thermal safety assessment is shown on the next slide.


ROUTINE end-of-line production safety test

19

Era 1 – Foil and “flash” test (erroneous use of design validation stress test method)Era 2 – IEC 60950-1 Hi-Pot test (adjust to avoid “flash” damage with two or more

layers of dielectric in series. Review creepage and clearance distances;

Era 3 – Ignore Annex I of IEC 62052-31, instead use Annex F of IEC 61010-1- method based on IEC 62368-1 hazard based risk assessment (HBRA);- test method and limits based on ageing characteristics of each isolation;- clarification of process to identify voltage zones to be added;- clarification of process to decide on zone interconnection rules;- zoning to identify and reduce all system safety hazards with all possible

combinations of modules and build versions;- need to list all “critical to safety” components and establish supplier

lifetime quality assurance specification for all CTS components;- introduce IEC TC13 standardised method for OST evaluation of plastic

enclosure dielectric ageing properties.


Risk Assessment Techniques – IEC Guide 116 Ed.2

20IEC Guide 116 Ed.2 Safety risk assessment and risk reduction of Low Voltage equipment


Periodic Hazard Based Risk Assessment (HBRA)

21

The CENELEC Guide 32 Annex D is used for the L+G HBRA in Europe as it complements ISO/IEC Guide 51 and it provides useful guidelines for achieving safety in low voltage (LV) equipment. These guidelines include risk assessment, in which the knowledge and experience of the design, use, incidents, accidents and harm related to low voltage equipment are brought together to assess the risks during the relevant phases of the life of the equipment, and to form a platform for further risk reduction measures.

The CENELEC guide does not cover basic or CTS components whose risk assessment depends to a very large extent on how they are used and incorporated into a machine, electrical system or installation.

❖ The scope of the exclusion of basic components should not be misunderstood and extended to items like lamps, starters, fuses, switches for household use, elements of electrical installations, etc., which, even if they are often used in conjunction with other electrical equipment and have to be properly installed in order to deliver their useful function, are themselves to be considered electrical equipment in the sense of the Guide.

❖ When the risk assessment identifies aspects not directly related to health and safety, such as environment protection, energy consumption, climate change, etc., the risk reduction for health and safety related risks, in particular with respect to persons, overrules the priority of those other aspects. However, regulations related to the other aspects shall be taken into account.


Risk assessment - CENELEC Guide 32 Annex D

22


Safety recalls – L+G CAPA, BS PAS 7100, EU prosafe

23

L+G quality crisis management and resolution procedure: D000054362

EU prosafe (EMARS II) corrective action guide

safety standards & ongoing safety testing (ost) standards...this is most definitely not just a...

Documents