BSI Standards PublicationElectromagnetic compatibility EMC Part 6-7: Generic standards — Immunity requirements for equipment intended to perform functions in a safety-related system func
Terms and definitions
For the purposes of this document, the terms and definitions given in IEC 60050-161, as well as the following apply
Additional definitions essential for applying various tests, which are not found in IEC 60050-161 or this standard, can be found in the basic EMC publications of the IEC 61000 series.
AE equipment necessary to provide the equipment under test (EUT) with the signals required for normal operation and equipment to verify the performance of the EUT
A dangerous failure occurs when an element, subsystem, or system integral to a safety function either fails to operate when needed or malfunctions continuously, resulting in the equipment under control (EUC) being placed in a hazardous state This type of failure not only prevents the safety function from performing its duty but also reduces the likelihood of the safety function operating correctly when necessary.
DC distribution network local DC electricity supply network in the infrastructure of a certain site or building intended for connection of any type of DC-powered equipment
A connection to a local or remote battery, power supply, PELV, SELV, or UPS is not classified as a DC distribution network if it solely serves a single piece of equipment; in such cases, these connections are treated as signal lines.
E/E/PE based on electrical (E) and/or electronic (E) and/or programmable electronic (PE) technology
EXAMPLE Electrical/electronic/programmable electronic devices include
– solid-state non-programmable electronic devices (electronic);
– electronic devices based on computer technology (programmable electronic);
Note 1 to entry: The term is intended to cover any and all devices or systems operating on electrical principles
3.1.5 enclosure port physical boundary of the apparatus through which electromagnetic fields may radiate or impinge on
3.1.6 equipment electrical and electronic subsystems, apparatus, modules, devices and other assemblies of products intended to be used to construct safety-related systems, and which are
• intended to comply with the requirements of IEC 61508 and/or other sector-specific functional safety standards, and
• intended to be operated in industrial locations as described in 3.1.15
EUC equipment, machinery, apparatus or plant used for manufacturing, process, transportation, medical or other activities
Note 1 to entry: The EUC control system is separate and distinct from the EUC
Note 2 to entry: This note applies to the French language only
[SOURCE: IEC 61508-4:2010, 3.2.1, modified – note 2 has been added.]
EUT equipment (products, devices, appliances and systems) subjected to immunity tests
ELV any voltage not exceeding the relevant voltage limit specified in IEC 61201
3.1.10 functional earth port cable port other than signal/control or power port, intended for connection to earth for purposes other than electrical safety
Functional safety is a crucial aspect of overall safety concerning the Equipment Under Control (EUC) and its control system It relies on the proper operation of electrical, electronic, and programmable electronic safety-related systems, along with other measures aimed at risk reduction.
3.1.12 functional safety application system, equipment or product that is intended for use in a safety-related system but is not itself a complete safety-related system
Note 1 to entry: This definition refers to aspects of the safety functions of the safety-related system within which it will be used
3.1.13 harm physical injury or damage to the health of people, or damage to property or the environment [SOURCE: IEC 60050-351:2013, 351-57-02]
3.1.14 hazard potential source of harm
The term encompasses both immediate dangers to individuals, such as fire and explosion, as well as long-term health risks, like the release of toxic substances.
[SOURCE: IEC 60050-351:2013, 351-57-01, modified – the note has been modified.]
3.1.15 industrial location location characterized by a separate power network, supplied from a high- or medium-voltage transformer, dedicated for the supply of the installation
Note 1 to entry: Industrial locations can generally be described by the existence of an installation with one or more of the following characteristics:
– items of equipment installed and connected together and working simultaneously;
– significant amount of electrical power is generated, transmitted and/or consumed;
– frequent switching of heavy inductive or capacitive loads;
– high currents and associated magnetic fields;
– presence of industrial, scientific and medical (ISM) equipment (for example, welding machines)
The electromagnetic environment in industrial settings is primarily generated by the equipment and installations present Certain types of industrial installations exhibit more intense electromagnetic phenomena compared to others.
Note 2 to entry: Examples of industrial locations are metalworking, pulp and paper, chemical plants, car production
PELV system electric system in which the voltage cannot exceed the value of extra low voltage and is connected to PE
– under single fault conditions, except earth faults in other electric circuits
Note 1 to entry: PELV is the abbreviation for protective extra low voltage
3.1.17 port particular interface of the equipment which couples this equipment with or is influenced by the external electromagnetic environment
The enclosure port serves as the physical boundary of the apparatus, facilitating radiated and electrostatic discharge (ESD) energy transfer In contrast, other ports are designed for conducted energy transfer, as illustrated in Figure 1, which highlights various ports of interest.
Note 2 to entry: Though Figure 1 describes the situation for equipment, it applies to products and systems as well
A power port is the connection point for a conductor or cable that supplies the necessary primary electrical power, whether alternating current (AC) or direct current (DC), required for the operation of equipment and its associated components.
Note 1 to entry: Different types and numbers of power ports are possible on one item of equipment
3.1.19 product item that is commercially available on the market, from manufacturers or their agents
A safety function is a critical component of an E/E/PE safety-related system or other risk reduction measures, designed to achieve or maintain a safe state for the equipment under control (EUC) in response to specific hazardous events.
AC voltage with an r.m.s value not exceeding 50 V, or ripple-free DC voltage not exceeding 120 V, is considered safe in an electric circuit This applies to both the voltage between conductors and between any conductor and reference earth Such circuits must have galvanic separation from the supplying electric power system, typically achieved through a separate-winding transformer.
Note 1 to entry: Maximum voltage lower than 50 V AC or 120 V ripple-free DC may be specified in particular requirements, especially when direct contact with live parts is allowed
Note 2 to entry: The voltage limit should not be exceeded at any load between full load and no-load when the source is a safety isolating transformer
Ripple-free refers to an r.m.s ripple voltage that is no more than 10% of the DC component For a nominal 120 V ripple-free DC system, the maximum peak value should not exceed 140 V, while for a nominal 60 V ripple-free DC system, it should not exceed 70 V.
The Safety Integrity Level (SIL) system consists of four discrete levels, with each level representing a range of safety integrity values Among these, SIL 4 signifies the highest level of safety integrity, ensuring optimal safety performance.
3.1.23 signal/control port port at which a conductor or cable intended to carry signals is connected to the equipment
Note 1 to entry: Examples are analog inputs, outputs and control lines; data buses; communication networks; etc
3.1.24 system combination of apparatus and/or active components constituting a single functional unit and intended to be installed and operated to perform (a) specific task(s)
Note 1 to entry: "Safety-related systems" are specifically "designed" equipment that both
– implement the required safety functions necessary to achieve or maintain a safe state for controlled equipment;
– are intended to achieve on their own or with other safety-related equipment or external risk reduction facilities, the necessary safety integrity for the safety requirements
3.1.25 type test conformity test made on one or more items representative of the production
Abbreviations
DS (performance criterion) “defined state”, see 5.1
E/E/PE electrical/electronic/programmable electronic
ISM Industrial, scientific and medical
PELV protective extra low voltage
SELV safety extra low voltage
Conformance to IEC Guide 107
This generic standard applies when there are no specific product-family or product standards addressing electromagnetic influences on functional safety Typically, product-family or product standards provide more detailed requirements and are prioritized over generic standards If a product-family or product standard specifies less stringent test values for certain phenomena or only partially addresses them, a technical justification must be included in that standard.
IEC 61508 does not mandate that sufficient immunity be proven solely through immunity tests; alternative methods, such as design and analysis, can also be utilized to demonstrate adequate immunity.
NOTE 2 If fail-safe happens too often in real life operation it becomes a significant nuisance to the owner or operator and might result in a higher level of risk.
Conformance to IEC/TS 61000-1-2
This part of IEC 61000 specifies immunity testing taking into account the principles of Clause
9 of IEC/TS 61000-1-2:2008 It is important to note that this standard and the process described herein shall only be applied in accordance with the processes detailed in IEC/TS 61000-1-2
This standard pertains specifically to the verification phase of the functional safety process outlined in IEC/TS 61000-1-2 To achieve acceptable functional safety risks, it is essential to fully implement the requirements of IEC/TS 61000-1-2 Key requirements include addressing the safety lifecycle, developing a safety requirements specification (SRS) that encompasses safety function and integrity requirements, incorporating EMC-specific steps beyond just immunity testing, and effectively managing EMC in relation to functional safety.
Immunity testing is crucial during the verification phase, and it is important to also consider additional testing to assess the effects of aging Conducting this type of testing on an accelerated lifetime basis can provide valuable insights.
The diverse range of equipment and electromagnetic environments in industrial settings means that the specified electromagnetic disturbances and immunity levels for functional safety may not fully capture the complexity of the electromagnetic environment or may be overly stringent for specific applications Therefore, the test requirements for functional safety must align with the anticipated or defined electromagnetic environment for the equipment.
NOTE 1 The applicable test requirements for known applications are discussed and agreed with the end-user, where at all possible (see Annex F of IEC/TS 61000-1-2:2008 for more details)
Testing alone cannot prove that equipment meets safety standards; however, confidence in safety can increase if the equipment fails to a defined safe state during tests This confidence is limited by potential environmental differences between testing conditions and actual operation Normal operation at any test level does not guarantee safety upon failure Therefore, no fixed set of immunity tests can ensure that a safety-related system will maintain an acceptable level of functional safety when exposed to electromagnetic disturbances throughout its lifespan.
Strategy for the availability of functions intended for safety applications
This section of IEC 61000 outlines the functional safety requirements specifically for the equipment covered in this document It is important to note that the stipulations of this standard are exclusively applicable to safety-related functions and do not extend to other functionalities.
The design process and essential features for ensuring functional safety in electrical, electronic, and programmable electronic safety-related systems are outlined in IEC 61508 This standard specifies design requirements that enhance system tolerance to electromagnetic disturbances (IEC 61508-2) For more comprehensive guidance on electromagnetic compatibility (EMC) design, Annex B of IEC/TS 61000-1-2:2008 is recommended Additionally, IEC/TS 61000-1-2 provides a methodology for achieving functional safety in E/E/PE systems concerning electromagnetic phenomena.
The requirements outlined in IEC 61000 must align with the safety lifecycle criteria specified in IEC/TS 61000-1-2 This standard indicates that while not all safety lifecycle phases from IEC 61508 are influenced by electromagnetic factors, several are Compliance with the electromagnetic tests detailed in this part of IEC 61000 fulfills the minimum requirements of Clause 6 of IEC/TS 61000-1-2:2008 for relevant equipment Additionally, the design, implementation (Clause 7), and verification and validation phases (Clause 8) of the safety lifecycle must also consider electromagnetic aspects Meeting the requirements of IEC/TS 61000-1-2 is essential for declaring equipment's systematic capability concerning electromagnetic phenomena.
Most EMC product standards focus solely on standard EMC tests and do not address functional safety concerning electromagnetic phenomena The immunity requirements outlined in these standards are often based on technical and economic compromises deemed sufficient for non-safety-related systems, which may not be appropriate for safety-related applications.
Performance criterion for functional safety applications
Performance criteria are essential for evaluating the response of the Equipment Under Test (EUT) to electromagnetic phenomena In the context of safety applications, this standard defines a specific performance criterion, referred to as DS, which pertains to the functions of the EUT designed for safety-related uses.
1) are not affected outside their specification, or
The Equipment Under Test (EUT) may experience temporary or permanent effects, including component destruction, if it responds to disturbances by maintaining or achieving a detectable state within a specified timeframe Additionally, functions not designed for safety applications may also be subject to temporary or permanent disturbances.
NOTE 1 It is possible for the defined state to be outside normal operating limits
Generalized performance criteria A, B, and C, as outlined in generic EMC standards, along with more specific criteria from EMC product or product family standards, were not specifically designed for functional safety applications Nonetheless, performance criterion A is consistently deemed acceptable.
NOTE 3 Other standards or projects in the area of EMC and functional safety use the term performance criterion
FS instead of performance criterion DS, however, the definitions may not be the same
Understanding the detectable and defined states is crucial, as they result from a specific design and must be specified prior to immunity testing Simply observing the Equipment Under Test (EUT) during a test and interpreting any failure mode as the defined state for that function is inadequate.
Application of the performance criterion DS
This performance criterion applies exclusively to functions of the EUT designed for functional safety applications, encompassing all electromagnetic phenomena without distinction between continuous and transient types.
Equipment covered by this standard must operate as intended for functional safety applications, ensuring it behaves in a specified manner to achieve or maintain safe conditions It is essential that the behavior of the equipment is understood under all relevant conditions to ensure safety.
In the safety requirements specification of a safety-related system, the designer outlines both the normal operation and the expected behavior during failures or faults Additionally, this specification may include time constraints, which can vary from the general performance criteria A, B, or C.
C as defined in EMC immunity standards not covering functional safety
NOTE 2 See also 4.2 with reference to the approach given in IEC/TS 61000-1-2
When equipment serves both functional safety and non-safety applications, only the requirements for functional safety are relevant to the functions designed for safety purposes.
General
A test plan shall be established prior to testing It shall contain as a minimum the elements given in 6.2 to 6.5
Based on the electrical characteristics and usage of specific equipment, certain tests may be deemed inappropriate and unnecessary In these instances, the decision and rationale for not conducting the tests should be documented in the test plan.
NOTE See also 4.2 with reference to the approach given in IEC/TS 61000-1-2.
Configuration of EUT during testing
General
Often, safety-related systems do not have a fixed configuration The type, number and installation of different sub-assemblies may vary from system to system
The EUT arrangement must reflect a standard installation as defined by the manufacturer to accurately simulate real-world conditions EMC testing should be conducted as type tests under the normal conditions outlined by the manufacturer.
In case of safety communications such as defined for example in the IEC 61784-3 series, the specified test beds and operational conditions are highly recommended to be observed.
Composition of EUT
All devices, racks, modules, boards, etc., which are potentially relevant to EMC and belonging to the EUT shall be documented.
Assembly of EUT
When testing an EUT with various internal or external configurations, it is essential to conduct type tests using the manufacturer's most susceptible configuration Each module type must undergo testing at least once, and the reasoning behind the selected configuration should be documented in the test plan Additionally, potential electromagnetic interactions between equipment items must be considered when determining the most susceptible configurations.
I/O ports
When multiple I/O ports of the same type and function are available, connecting a cable to just one port is adequate, as long as it is demonstrated that additional cables do not significantly impact the results This rationale must be documented in the test plan.
Auxiliary equipment
To accurately simulate actual operating conditions for the Equipment Under Test (EUT), it is essential to select at least one item from each type of auxiliary equipment provided This auxiliary equipment can be effectively simulated to ensure realistic testing scenarios.
Cabling and earthing (grounding)
The cables and earth (ground) shall be connected to the EUT in accordance with the manufacturer's specifications There shall be no additional earth connections.
Operational conditions of EUT during testing
Modes
In safety-related applications, it is often impractical to test every operating mode Therefore, it is essential to select the most critical operating modes, along with those most vulnerable to electromagnetic disturbances, for thorough testing.
The test plan must outline the criteria for selecting the tested modes and provide descriptions of any operational modes intended for functional safety applications that were not included in the testing.
In case of safety communications such as defined for example in the IEC 61784-3 series, the specified test beds and operational conditions are highly recommended to be observed.
Environmental conditions
Testing must occur within the manufacturer's designated environmental operating range, including factors such as ambient temperature, humidity, and atmospheric pressure, as well as within the rated supply voltage and frequency Additional tests may be conducted beyond these specified ranges, and it is essential to account for equipment aging before testing.
EUT application software during test
The application software must operate in various normal modes to effectively simulate the maximum simultaneous functions of the Equipment Under Test (EUT) Documentation of the software used for different operational modes is essential This software should identify the worst-case operating scenarios for applications, including input and output safety data exchange and configuration of safety EUTs Additionally, safety devices utilizing safety-related communication profiles from the IEC 61784 series must comply with the EMC test requirements outlined in IEC 61784-3 and the relevant profiles.
Specification of functional performance
Functional performance characteristics for each port and test shall be specified, where possible, as quantitative values.
Test description
The test plan must specify each test to be conducted, detailing the tests, methods, characteristics, and setups as outlined in the basic standards referenced in Tables 1 to 6 While the test plan does not need to reproduce the contents of these standards, it should include any additional information necessary for the practical implementation of the tests.
Test performance
General
Immunity testing for functional safety is typically conducted alongside standard immunity testing due to the distinct operational modes, test levels, and performance criteria involved Nevertheless, it is possible to integrate both standard and functional safety immunity tests into a single assessment.
When conducting immunity testing for the safety-related functions of equipment or systems, the performance criterion DS is utilized The equipment under test (EUT) may respond to electromagnetic disturbances, provided it meets its specified performance requirements in accordance with criterion DS Consequently, various aspects must be taken into account due to this permissible reaction.
Aspects to be considered during application of DS
The Performance criterion DS indicates that an Equipment Under Test (EUT) must either function as intended or transition to a defined state A test is considered successful if the EUT operates as specified; however, if it enters an undefined state, the test fails Additionally, if the EUT responds to a disturbance by reaching the defined state, it is essential to confirm that this outcome is consistent and reproducible Verification of reproducibility must adhere to the guidelines outlined in Table 1 related to the application of this criterion.
Table 1 – Reaction of EUT during test
Test Reaction of EUT during test How to continue with testing
Transient a The EUT goes to a defined state and an interaction of the user is needed to continue operation
The Equipment Under Test (EUT) must be restored to normal operation, and the test should be conducted three times at the specified test level and polarity, ensuring that the EUT consistently meets the performance criterion DS If the EUT complies, the testing will proceed to the next test level or polarity as outlined in the basic standard.
The Equipment Under Test (EUT) reaches a defined state and suffers permanent damage, necessitating its replacement or repair The test must then be repeated three times at the same test level and polarity, with the EUT consistently meeting the performance criterion DS Following this, testing can proceed to the next test level or polarity as outlined in the basic standard.
The Equipment Under Test (EUT) reaches a specified state at a designated test frequency It must undergo three retests at this frequency, consistently demonstrating compliance with the performance criterion DS in each instance.
If the EUT reacts each time in the same way, the subsequent frequencies may only be tested one time per frequency a Tests according IEC 61000-4-2, IEC 61000-4-4, IEC 61000-4-5, IEC 61000-4-11, IEC 61000-4-29,
IEC 61000-4-34 b Tests according IEC 61000-4-3, IEC 61000-4-6, IEC 61000-4-8, IEC 61000-4-16
This standard is applicable to equipment and systems as defined in Clause 1, particularly when there is no specific product or product family standard addressing the same subject It also applies when a dedicated standard exists but fails to justify why its specified severity levels are less stringent than those outlined in this standard.
When the electromagnetic environment is understood through measurements or prior experience, the appropriate phenomena and severity levels are chosen In cases where the electromagnetic environment is unknown, this standard serves as a guideline This applies to situations lacking measurements or when a product supplier is uncertain about the installation location but indicates the maximum environment for which the products are intended.
Tables 2 to 6 outline the immunity test requirements for equipment covered by this standard These requirements must be applied alongside the relevant non-functional safety product, product family, or generic EMC standards.
Certain electromagnetic phenomena may only statistically relate to the operational state of equipment, such as the timing of impulses in digital circuits or signal transmissions To enhance confidence in safety-related systems and equipment designed for higher safety integrity levels (SIL) against electromagnetic disturbances, it is essential to conduct immunity tests involving a greater number of impulses than those specified in the basic EMC standards.
Certain tests outlined in Tables 2 to 6 may have limitations related to the test equipment and setups used Any deviations from the specified requirements in the relevant basic standards must be thoroughly documented and justified in the test report, considering the applicable operating modes.
Table 2 – Immunity test requirements for equipment – Enclosure port
Phenomenon Basic standard Tests for functions intended for safety applications
(ESD) IEC 61000-4-2 6 kV contact discharge a, b , (8 kV e )
2.2 Electromagnetic field f IEC 61000-4-3 80 MHz to 1,0 GHz
2.3 Electromagnetic field f IEC 61000-4-3 1,4 GHz to 2,0 GHz
2.4 Electromagnetic field f IEC 61000-4-3 2,0 GHz to 6,0 GHz
2.5 Rated power frequency magnetic field IEC 61000-4-8 30 A/m d (50 Hz/60 Hz) DS a Levels shall be applied in accordance with the environmental conditions described in IEC 61000-4-2 on parts which may be accessible by persons other than trained personnel in accordance with defined procedures for the control of ESD but not to equipment where access is limited to service personnel only b For EUT intended to be used in safety integrity level (SIL) 3 or 4 applications (according to IEC 61508), the number of discharges at the highest specified level shall be increased by a factor of 3 compared to the number as given in the basic standard c These increased values shall be applied in frequency ranges as given in Table 7 used for mobile transmitters in general d Applicable only to EUT containing devices susceptible to magnetic fields Tests need to be performed for power frequencies only which are relevant for the EUT and its intended use e The higher test levels apply in case the discharge is done onto cabinet enclosures f If hand held radio transmitters could be used closer than 20 cm a warning shall be given in the safety manual that the equipment concerned could be disturbed g The test level specified is the r.m.s value of the unmodulated carrier h IEC 61000-4-3 requires the test to be performed with 80 % 1 kHz AM modulation However, the test may be extended to other modulation schemes
Table 3 – Immunity test requirements for equipment –
Input and output AC power ports
Phenomenon Basic standard Tests for functions intended for safety applications
5 kHz or 100 kHz, see NOTE 1
4 kV, line to ground, see NOTE 2
2 kV, line to line, see NOTE 2
DS 3.3 Conducted RF IEC 61000-4-6 150 kHz to 80 MHz c
3.6 Conducted common- mode voltage f IEC 61000-4-16 1 V to 10 V increasing with 20 dB/decade (1,5 kHz to
If coupling/decoupling networks do not exist for high currents, tests may be carried out under partial load conditions
NOTE 1 The use of 5 kHz repetition frequency is traditional; however 100 kHz is closer to reality In the actual edition, a test with either of the two frequencies is sufficient In future editions, a test with 100 kHz might become mandatory
NOTE 2 The required immunity for functional safety purposes can be achieved through the use of external protection devices a For EUT intended to be used in safety integrity level (SIL) 3 or 4 applications (according to IEC 61508), the duration of the test at the highest specified level shall be increased by a factor of 5 compared to the duration as given in the basic standard b For EUT intended to be used in safety integrity level (SIL) 3 or 4 applications (according to IEC 61508), the number of pulses at the highest specified level shall be increased by a factor of 3 compared to the number as given in the basic standard c The increased value shall be applied in frequency ranges as given in Table 8 used for mobile transmitters in general d The test level specified is the r.m.s value of the unmodulated carrier e “10/12 cycles” means “10 cycles for 50 Hz test” and “12 cycles for 60 Hz test” (and similarly for 25/30 cycles and 250/300 cycles) Tests need to be performed for power frequencies only which are relevant for the EUT and its intended use f This test does not need to be applied to equipment for which by design and installation instructions occurrence of this phenomenon is avoided
Table 4 – Immunity test requirements for equipment –Input and output DC power ports
Phenomenon Basic standard Tests for functions intended for safety applications
5 kHz or 100 kHz, see NOTE 1
2 kV, line to ground, see NOTE 2
1 kV, line to line, see NOTE 2
DS 4.3 Conducted RF IEC 61000-4-6 150 kHz to 80 MHz c
4.4 Voltage dips IEC 61000-4-29 40 % U T for 10 ms
4.5 Short interruptions IEC 61000-4-29 0 % U T for 20 ms DS
4.6 Conducted common- mode voltage e IEC 61000-4-16 1 V to 10 V increasing with 20 dB/decade (1,5 kHz to
10 V (continuous: DC, 16 2/3 Hz, 50 Hz, 60 Hz, 150 Hz,
100 V (short duration 1 s: DC, 16 2/3 Hz, 50 Hz, 60 Hz) f
DC connections between parts of equipment/system which are not connected to a DC distribution network are treated as I/O signal/control ports (see Tables 5 and 6)
NOTE 1 The use of 5 kHz repetition frequency is traditional; however 100 kHz is closer to reality In the actual edition, a test with either of the two frequencies is sufficient In future editions, a test with 100 kHz might become mandatory
NOTE 2 The required immunity for functional safety purposes can be achieved through the use of external protection devices a For EUT intended to be used in safety integrity level (SIL) 3 or 4 applications (according to IEC 61508), the duration of the test at the highest specified level shall be increased by a factor of 5 compared to the duration as given in the basic standard b For EUT intended to be used in safety integrity level (SIL) 3 or 4 applications (according to IEC 61508), the number of pulses at the highest specified level shall be increased by a factor of 3 compared to the number as given in the basic standard c The increased values shall be applied in frequency ranges as given in Table 8 used for mobile transmitters in general d The test level specified is the r.m.s value of the unmodulated carrier e This test does not need to be applied to equipment for which by design and installation instructions occurrence of this phenomenon is avoided f 50/60 Hz (150/180 Hz) means 50 Hz (150 Hz) for equipment for use in environments with 50 Hz mains frequency and 60 Hz (180 Hz) for equipment for use in environments with 60 Hz mains frequency Tests need to be performed for power frequencies only which are relevant for the EUT and its intended use
Table 5 – Immunity test requirements for equipment – I/O signal/control ports
Phenomenon Basic standard Tests for functions intended for safety applications
5 kHz or 100 kHz, see NOTE 1
(1,2/50 às) c, d, e 2 kV, See NOTE 2 DS
5.3 Conducted RF IEC 61000-4-6 150 kHz to 80 MHz f
IEC 61000-4-16 1 V to 10 V increasing with 20 dB/decade (1,5 kHz to
10 V (continuous: DC, 16 2/3 Hz, 50 Hz, 60 Hz, 150 Hz,
100 V (short duration 1 s: DC, 16 2/3 Hz, 50 Hz, 60 Hz) i
NOTE 1 The use of 5 kHz repetition frequency is traditional; however 100 kHz is closer to reality In the actual edition, a test with either of the two frequencies is sufficient In future editions, a test with 100 kHz might become mandatory
Test setup
Safety-related systems can be complex and installed in various configurations, making practical immunity testing challenging according to the basic standards outlined in Clause 7 Therefore, it is preferable to conduct corresponding immunity tests at the equipment level as described in section 8.2.
In case of a physically small safety-related system, corresponding immunity tests can be applied to the entire safety-related system which is described in 8.3
The configurations used for the tests shall be in accordance with the test plan specified in Clause 6
When using safety logic solver software in accordance with IEC 61508, it is essential to conduct immunity tests on at least one typical equipment combination Proof of immunity for other combinations can be established through suitable analytical evidence.
Test philosophy
Functional safety necessitates the proper operation of the entire system, which includes sensors, logic solvers, and actuators; however, individual devices can be tested separately Each device intended for use in a safety-related system must be thoroughly specified, detailing its intended function and permissible behavior in the event of a failure The goal of immunity testing is to demonstrate that the specifications are met concerning the relevant electromagnetic phenomena.
Equipment designed for safety-related systems, but not provided as a complete system, must specify its intended functions and defined states during failures The potential danger of a disturbed function is uncertain, as it relies on its future application within a safety-related system Consequently, testing must demonstrate the behavior of the equipment under test (EUT), ensuring that any deviation from normal functions is detectable and aligns with the defined states.
The DS performance criterion imposes extra requirements on equipment designed for safety-related applications, even when it is not provided as a complete safety system Table 9 illustrates the general approach to applying performance criteria across various function types.
Table 9 – Applicable performance criteria and observed behaviour during test for equipment within the scope that is intended for use in safety-related systems
This article discusses the application of functions designed for safety purposes, emphasizing the importance of EMC tests as outlined in generic immunity standards or specific product family standards It highlights the necessity of conducting tests as specified in the relevant standards and adhering to performance criteria established by those standards.
– B, but only the defined states
– C, but only the defined states
Test configuration
To ensure compliance with the standard, the Equipment Under Test (EUT) must undergo testing to verify its functionality During this process, the EUT's interfaces will be connected to various elements, such as sensors, logic solvers, actuators, or other loads that mimic the characteristics of real components The testing setup should reflect a typical operating configuration.
The EUT shall interface with the devices which are necessary for the function of the EUT and for performing the specified function of the EUT intended for safety applications
Auxiliary devices essential for safety applications must be installed in a secure electromagnetic environment to prevent interference from electromagnetic disturbances During testing, these devices should not encounter electromagnetic levels that could disrupt their proper functioning.
The relevant I/O ports of the Equipment Under Test (EUT) must be connected to the appropriate ports of the necessary devices to ensure the EUT functions correctly and meets safety application requirements.
Lines and I/O ports of the EUT that are not used shall be terminated as specified by the manufacturer
Only cables specified by the manufacturer of the EUT or the safety system shall be used in the test setup
In case of safety communications such as defined for example in the IEC 61784-3 series, the specified test beds and operational conditions are highly recommended to be observed.
Monitoring
During testing the specified functions of the EUT intended for safety applications shall be monitored
The monitoring system shall have sufficient accuracy and resolution, both in time and in amplitude of the measured quantity, to determine that the EUT complies with its manufacturer’s specification
For this, the monitoring system shall detect, if applicable:
• the data communication between the EUT and the devices, which are necessary for the function of the EUT and for performing the function intended for safety applications; and
• the status of the outputs whose functions are intended for safety applications
9 Test results and test report
The test results shall be documented in a comprehensive test report with sufficient detail to provide for test repeatability The test report shall contain the following minimum information:
– a description of the EUT including the hardware and software versions;
– the specified functions and their defined states;
– the performance criteria as defined by the manufacturer;
– the behaviour of EUT during each test, whether it functioned as intended or reached the defined state(s);
This article provides a comprehensive overview of the test procedures, including detailed descriptions of each test setup, the utilization of screened cables, and other mitigation devices It also outlines the uncertainty budget for the measurement instrumentation, available upon user request, in accordance with standards such as IEC/TR 61000-1-6 Additionally, the article discusses the monitoring of the Equipment Under Test (EUT) functional performance during the testing phase, along with the uncertainty budget for the monitoring system, which can also be provided upon request.
– photographic evidence of EUT test and monitoring setup
Strategy for functions intended for safety applications
Extreme cases of electromagnetic disturbances can occur at any location, but their probability of occurrence is not considered in product/product family or generic EMC standards
Increased immunity test levels are defined phenomenon by phenomenon where necessary in this part of IEC 61000
The elevated immunity test levels outlined in IEC 61000, combined with the safety lifecycle requirements of IEC/TS 61000-1-2, are essential systematic measures designed to mitigate the risks of hazardous failures due to electromagnetic disturbances.
There is no relationship between electromagnetic disturbances and random failures There is however, a relationship between electromagnetic disturbances and systematic failures
Increased immunity test levels apply solely to equipment meeting the performance criterion DS and linked to a safety function, and do not pertain to the evaluation of other functional aspects.
The safety-related system designed to execute a specific safety function must meet the safety requirements outlined in IEC 61508 This specification details all pertinent requirements for the intended application, including the maximum electromagnetic environment as defined by IEC/TS 61000-1.
Equipment designed for safety-related systems must meet the applicable requirements outlined in the IEC 61508 safety requirements specification, as detailed in the equipment requirements specification found in Annex D of IEC/TS 61000-1-2:2008.
The performance criterion DS relates to a safety function that either fails safely or experiences a decrease in redundancy Frequent fail-safe occurrences during actual operations can become a major inconvenience for owners or operators, potentially leading to increased risk levels.
IEC 60050-161, International Electrotechnical Vocabulary (IEV) – Part 161: Electromagnetic compatibility
IEC 60204-1:2009, Safety of machinery – Electrical equipment of machines – Part 1: General requirements
IEC 61000-1-1:1992, Electromagnetic compatibility (EMC) – Part 1: General – Section 1: Application and interpretation of fundamental definitions and terms
IEC 61000-2-5, Electromagnetic compatibility (EMC) – Part 2: Environment – Section 5: Classification of electromagnetic environments
IEC 61000-6-2:2005, Electromagnetic compatibility (EMC) – Part 6-2: Generic standards – Immunity for industrial environments
IEC/TS 61000-6-5:2001, Electromagnetic compatibility (EMC) – Part 6-5: Generic standards – Immunity for power station and substation environments
IEC 61326-1:2012, Electrical equipment for measurement, control and laboratory use – EMC requirements – Part 1: General requirements
IEC 61508-2, Functional safety of electrical/electronic/programmable electronic safety-related systems – Part 2: Requirements for electrical/electronic/programmable electronic safety- related systems
IEC 61508-4:2010, Functional safety of electrical/electronic/programmable electronic safety- related systems – Part 4: Definitions and abbreviations
IEC 61511 (all parts), Functional safety – Safety instrumented systems for the process industry sector
IEC 61784-3 (all parts), Industrial communication networks – Profiles
IEC 62061:2005, Safety of machinery – Functional safety of safety-related electrical, electronic and programmable electronic control systems
ISO 13849-1:2006, Safety of machinery – Safety-related parts of control systems – Part 1: General principles for design
ISO 13849-2:2012, Safety of machinery – Safety-related parts of control systems – Part 2: Validation