There are many kinds of risk
For example: the risk of being late for an appointment; the risk of buying a lottery ticket but not winning a prize; the risk of designing and manufacturing a new product that might not sell well enough, etc.
The above are examples of non-safety-related risks, but safety-related risks also exist.
EMC1 Risk Management (or, the Risk Management of EMC)
Another example of a non-safety-related risk, is the EMC Directive’s requirement for suppliers to demonstrate, in a Technical File, how they have made sure that the risk that an individual unit of manufacture might not comply with the Directive’s Essential Requirements, is low.
This requires a risk analysis that lists all the possible things that might cause non-compliance, and describes how they will each be managed to ensure a low risk of non-compliance for each unit manufactured.
The overall process is usually either called EMC Risk Management or the Risk Management of EMC, and it is a non-safety-related risk – because the EMC Directive has nothing to do with safety!
It is often forgotten that the Essential Requirements of the European EMC Directives have never covered safety issues. For example, in the latest version, 2014/30/EU, Clause 13 states: “This Directive should not deal with the safety of equipment, since that is dealt with by separate Union or national legislation.”
So, we could say:
EMC Risk Management, or the Risk Management of EMC — a product can fully comply with the EMC Directive’s requirements, yet still be too unsafe due to the possible effects of EMI!
But what about the possibility of actual safety-related risks that could be caused by electromagnetic interference (EMI)? See below…..
Functional Safety, and the need for Electromagnetic Resilience
An example of a safety-related risk that has become a huge topic in recent decades because designers now use microprocessors, software, and other digital computing technologies to control functions that, if they suffered errors, malfunctions, or failure, could increase human safety risks.
The problem with modern computer hardware and software is that it has so many possible digital states that it is impossible to prove, by testing alone, that it can’t suffer undesirable errors, malfunctions, or failures. We simply don’t have enough time to do the testing!
But there’s another problem: digital technologies are non-linear so we can’t interpolate (like we can for linear analogue circuits) between the results of the few tests that we do have enough time to do.
So, even if we could prove by testing a safety-related computerised system that (say) 80% of its possible digital states were safe – this would not give us any idea as to whether the untested 20% of its states were safe or not. See [1] and [2] for a detailed discussion of this, that also show why trying to prove by testing that EMI cannot cause unacceptable levels of human safety risks is even more impossible!
This impossibility of proving, by testing alone, that digital computer technologies could be used in safety-related control systems without causing unacceptable levels of safety risks, was first recognised in the 1970s. A lot of work in academia and industry eventually resulted in the publication of IEC 61508 in 2000, the IEC’s Basic Publication on the new safety engineering discipline called Functional Safety.
Since 2000, many application-specific functional safety standards have been written, based on IEC 61508 (see the list in [1]), and IEC 61508 itself was published as Edition 2 in 2010. A problem with them all is that they gloss over the possible effects of EMI on functional safety risks.
Since 1987 my various Working Groups under the IEE2, IET3, and IEEE4 have developed the material on EMI missing from these functional safety standards. This was first published by IET Standards in 2017 as the “IET Code of Practice on Electromagnetic Resilience in support of functional safety”, https://shop.theiet.org/code-of-practice-for-electromagnetic-resilience.
The editors at IET Standards invented the new term Electromagnetic Resilience because it was very tedious to keep having to repeat “techniques and measures for the management of functional safety risks as regards the effects of electromagnetic disturbances5” throughout nearly 100 pages of text.
An earlier version was published free on-line by the IET in 2013. This is no longer available, but I have posted a copy at https://www.emcstandards.co.uk/overview-of-ts-ms-for-emc-for-fs-as-published. If you intend to use Electromagnetic Resilience in a real project, you should use the 2017 Code of Practice instead – it is not at all costly.
Better still, use the more up-to-date IEEE Standard 1848 “Techniques & Measures to Manage Functional Safety and Other Risks with Regard to Electromagnetic Disturbances” when it is published in the summer of 2020. This IEEE Standard was developed from IET 2017 by my IEEE Working Group, and it also uses the term Electromagnetic Resilience that was first introduced by IET 2017.
It is important to understand that Electromagnetic Resilience is only about managing Functional Safety risks, ignoring everything to do with complying with any EMC regulations. So, we can say:
Electromagnetic Resilience — a thing can be Functionally Safe as regards the effects of EMI, even if it does not comply with the EMC Directive
In Functional Safety engineering, a likelihood of deadly failure of less than one in ten million per year6 is generally considered to be just-about acceptable for Electromagnetic Resilience.
However, EMC Regulations (such as the European EMC Directive) focus on whether equipment would pass specified immunity and/or emissions tests. A 1% risk that an individual unit of manufacture would fail to comply with EMC Regulations would be considered perfectly acceptable. So, we can say that:
Electromagnetic Resilience is about 5 orders of magnitude (i.e. 100,000 times; 105 times; 100dB) more difficult to achieve than the Risk Management of EMC
Where we have an item of equipment or a system that is safety-related and has a control system that uses modern digital technology, we almost always need it to comply with the EMC Directive (or other EMC Regulations outside of the EU) – which means that we need to achieve both Electromagnetic Resilience and the Risk Management of EMC.
The important issue here, is to understand that Electromagnetic Resilience concerns the effects of EMI on safety risks, whilst the Risk Management of EMC is concerned with complying with EMC Regulations which have nothing to do with safety.
Unfortunately, when people use the term EMC in the context of Functional Safety, it tends to cause confusion between Electromagnetic Resilience and the Risk Management of EMC, even though these two concepts are different by about 100dB!
People do one, and mistakenly assume they are also getting the other!
For the above reasons, I always strongly recommend that the term “EMC” is only ever used in the context of EMC Regulations, for example compliance with the EMC Directive 2014/30/EU.
And I also strongly recommend that the term “EMC” is never ever used in the context of managing Functional Safety risks.
The confusion has all been caused by the new EMC Directive, 2014/30/EU
Those of you who have read my old scribblings on what we now call Electromagnetic Resilience, for example the various documents and presentations posted at https://www.emcstandards.co.uk/emiemc-risk-management, will have noticed that I and other authors have not always heeded the above advice in the past.
Indeed, the name of the section “EMI/EMC Risk Management” in the above URL is clearly incorrect (I must get it changed).
The reason for this is my colleagues and I have been developing what we now call Electromagnetic Resilience since 1997, and for most of that time the EMC Directive was only concerned about passing EMC tests – the word “risk” does not appear anywhere in 89/336/EEC or in 2004/108/EC!
But the New Legislative Foundation (NLF) – sometimes called The EU Single Market Version 2 – introduced the requirement to manage the risks of non-compliance to all CE-marking directives.
So, when the EMC Directive was upgraded by the NLF to 2014/30/EU, it included – for the first time – a requirement to manage the risks of non-compliance with its EMC Requirements, which, as we have seen above, have nothing whatsoever to do with any kinds of safety risks.
Up until then, we could merrily mix and match our terminology, and if we used a phrase such as “EMC for Functional Safety”, no-one got confused because most people knew that the EMC Directive had nothing to do with Functional Safety! (Those who didn’t know this still used to get confused, but it was easy to put them right.)
But after 2014, we have had to be very careful to only use the term “EMC” in the context of complying with regulatory EMC requirements, such as the EMC Directive.
And to never ever use the term “EMC” in the context of Safety risks or Functional Safety risks.
As you can now appreciate, the confusion has all been caused by the new EMC Directive, 2014/30/EU!
References
- K. Armstrong, “Why Do We Need an IEEE EMC Standard on Managing Risks?” in 2016 IEEE EMC Magazine – Volume 5 – Quarter 1, http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=7477140
- Davy Pissoort and Keith Armstrong, “Why do we need new standards on reducing Functional Safety risks due to EMI?”, three articles in Safety Systems, the magazine of the Safety-Critical Systems Club (www.scsc.uk), Vol. 27 No. 2, October 2019, SCSC-155, pp17-24
- For many very useful free publications on Functional Safety Risk Assessment by the UK’s Health and Safety Executive (HSE), visit www.hse.gov.uk/pubns and search by “ALARP risk assessment”.
Footnotes
- EMC = Electromagnetic Compatibility: the ability of equipment to function satisfactorily in its electromagnetic environment without introducing intolerable electromagnetic disturbances to other equipment in that environment. (The EMC Directive, 2014/30/EU, Article 3.)
- IEE = The Institution of Electrical Engineers, Savoy Place, London, UK, since 1871.
- IET = The Institution of Engineering and Technology, Savoy Place, London, UK, created by combining the IEE with some other technology Institutions, in 2006.
- IEEE = The Institution of Electrical and Electronic Engineers, New Jersey, USA, since 1884.
- Electromagnetic disturbance: an electromagnetic phenomenon that, in a specified situation, could cause EMI.
- One in ten million a year – why?
The level of risk of death due to a malfunctioning item of equipment that is considered acceptable for the general population is one in a million per year – in the UK, at least, see [3]. Larger risks of death generally need documented justifications based on the value of the extra lives predicted to be lost (see [3]).
However, there are many reasons why electrical/electronic safety-related equipment might malfunction, and the effects of electromagnetic disturbances is only one of them. So, it is usual in hazard and risk assessments under IEC 61508 or its ‘daughter’ standards to apportion 1/10th of the overall risk of death to EMI causes. Unless, of course, there are specific technical reasons for giving a different apportionment.