Achieving Safety Integrity Through the Selection of Components
In today’s increasingly complex and competitive world, the compliance and safety of electrical equipment have become a top management challenge for fulfilling all of the demanding regulations.
The safety of electrical equipment raises an important question, who is responsible for prioritizing safety above all when equipment is designed, implemented in production, installed, operated, and maintained? Manufacturing “safe” equipment has come to be a catchphrase, affecting and influencing the minds of many designers and manufacturers. But this is no longer enough. Instead, building a safety culture at the organizational and professional levels has become a must.
The present article (Part 1 of a two-part series), is intended to make a small contribution toward this goal of building a safety culture around electrical equipment.
A Terminology Issue: Safe, Safety, and Reliable
Before discussing safety in electrical equipment, we must first clarify what it means for electrical equipment to be safe and reliable.
Safe and Safety
The term safe is used to represent the state of being protected from identified hazards that are likely to cause physical harm. In real life, there is no such thing as being absolutely safe or achieving a total elimination of the risk of harm. Because of this reality, safe equipment is equipment that poses an acceptable risk of the occurrence of harm. This goal of safety requires the implementation of knowledge, adequate construction, and a correct selection of the components.
Unsafe equipment may be the immediate cause of most accidents, and companies should not leave that door open for such unwanted events. They should strive for ways to promote safe equipment development and manufacturing. Very often, safety programs call for a change in attitude; as attitudes change, equipment safety will increase. At the same time, focusing directly on the attitudes that lead to unsafe products may not be enough. Sometimes people tend to maximize gain instead of minimizing risk. And this attitude is a real danger. Applying risk management requires a clear understanding of what constitutes unnecessary risk, and when benefits actually outweigh the costs.
The term safety is used to represent a state in which hazards and conditions leading to physical or material harm are controlled to protect the health and well-being of individuals and the community. Safety is both objective and subjective as it deals with both perceptions of being safe and the status of the surrounding conditions. Safety is achieved by reducing the risks of harm to an acceptable level.
Risk acceptance is not as straightforward a matter as it may appear at first glance. Acceptable risk is determined by searching for the optimal balance between the ideal of absolute safety and the requirements with which a product must comply, and other factors such as the benefit to the user, its suitability for its intended purpose, its cost-effectiveness, and conformity with the conventions of society. This means that the acceptable level of risk must be continually reviewed, especially when developments in both knowledge and technology can lead to economically feasible improvements that attain the risk compatible with the use of equipment. But it is important to always remember that “safe” and “safety” are never an absolute assurance of risk of harm .
I want to discuss a few details about safety concepts in the context of reliability .
Safety and reliability are not only different product characteristics. Sometimes, they even conflict with each other. A reliable product is not necessarily safe, and a safe product is not necessarily reliable. Reliability engineers often assume that reliability and safety are synonymous, but this assumption is only true in particular cases. In general, safety has a broader scope than mere failures, and failures may not compromise safety in every situation. A reliable component (for example, one with a high mean time between failure) is not necessarily safe, and a safe component does not have to be reliable. In some instances, increasing reliability can actually decrease safety. For example, if equipment continues to operate even though that behavior is unsafe in its current environment, the safest behavior under certain conditions may be to stop operating and switch to a fail-safe mode.
There is obviously an overlap between reliability and safety, but many accidents occur without any component failure. That is, individual components were operating exactly as specified or intended. The opposite is also true that components may fail without an accident.
Reliability engineering is concerned primarily with component failures and failure rate reduction. Thus, the approach to safety is focused on failure as the cause of hazards and/or accidents. While these techniques are often effective in increasing reliability, they do not necessarily increase safety. In fact, their use under some conditions can actually reduce safety.
Most accidents are caused not by the product ceasing to fulfill its intended use (reliability deficiency). Rather, most accidents are caused by the product operating while doing something unsafe (i.e., producing electrical shock, fire, unwanted radiation, etc.). Serious accidents have occurred while all equipment components were functioning exactly as specified.
The Intersection of Safety and Reliability
If only failures are considered in a safety analysis, many potential accidents will be missed. In many situations, failing is not the most important safety issue with a component. Most accidents are caused not by the component discontinuing operation; rather, most accidents are caused by the component operating in an unsafe mode. In addition, the engineering approaches to preventing failures (increasing reliability) and preventing hazards (increasing safety) are different concepts and sometimes conflict with each other. It is relatively easy to protect the equipment against total failure, but it is much more difficult to protect it against intermittent unsafe component operation. In fact, within a given piece of equipment, accidents are much more likely to result from dysfunctional and unsafe interactions among normally operating (not failed) components.
Accidents may be caused by equipment operation outside the parameters and time limits upon which the reliability analyses are based. Therefore, equipment may have high reliability and still have a high risk of accidents. In addition, accidents are often not just the result of a simple combination of component failures.
Safety is an emergent property that arises at the equipment level when components are operating together. The events leading to an accident may be a complex combination of equipment failure, faulty maintenance, instrumentation and control problems, human actions, and design errors. Reliability analysis considers only the possibility of accidents related to failures. It does not investigate potential damage that could result from the successful operation of the individual components.
Reliability uses a bottom-up approach (e.g., failure mode and effects analysis, or FMEA) to evaluate the effect of component failures on equipment function. Safety requires a top-down approach that evaluates how hazardous states can occur from a combination of both incorrect and correct component behavior, such as proper behavior of a component at an improper time or under the wrong environmental conditions.
Care must be taken when applying reliability assessment techniques to safety. Since accidents are not necessarily caused by events that can be measured by reliability assessment techniques, reliability should not be used as a measure of risk. Reliability assessment measures the probability of random failures, not the probability of hazards or accidents. Also, if a design error is found in equipment, safety will be more effectively enhanced by removing the design error than by measuring the design error to convince someone that it will never cause an accident. High reliability numbers do not guarantee safety, and safety need not require ultra-high reliability.
Component Selection for Safety
Now that we have clarified what we mean by “safe” and “safety,” we turn to the application of these concepts to component selection.
The business of electrical equipment requires evidence of compliance with appropriate safety standards focusing on component selection, construction requirements, and testing. For electrical equipment to be safe, the materials and components used in the construction of that equipment also need to be safe. To achieve this goal, these materials and components should be selected and arranged to perform reliably for the anticipated (expected) safe service life of the equipment. That is, the selected materials and components are to remain within their manufacturers’ ratings without generating any hazard during normal operating mode and even in foreseeable fault conditions. When the components have not been previously investigated, the probability of failure is much higher and may generate unacceptable risks of harm.
While safety is important in the selection of all components of electrical equipment, it is especially important in safety-critical components.
Safety-critical components are components whose failure could result in a hazardous situation. As their name suggests, safety-critical components are critical to the safety of equipment. Generally speaking, these are components that are intended to prevent (along with the design, manufacturing, packaging, transportation, installation, use, maintenance, and service of the equipment) any injuries or damages due to identifiable hazards which may arise during the life of the equipment.
Safety-critical components include, but are not limited to:
- AC and DC motors and fans
- Appliance inlets/outlets
- Battery protection and management circuitry (BPM)
- Battery charging circuitry
- Capacitors (high voltage)
- Circuit breakers
- Conductive coatings
- Crimp connectors
- DC-DC converters
- DC-AC inverters
- Fuses and fuse-holders
- Heating elements
- Internal wiring
- Interlock switches for safety purposes
- Isolating devices (non-optical)
- Laser modules
- LEDs (non-laser)
- Line EMI/RFI filters
- Main switches
- Main transformers
- Motor start capacitors
- NTC and PTC (thermistors)
- Optical fiber cables
- Overcurrent protective devices
- Power entry modules
- Power supply assemblies
- Power supply cords
- Printed wiring boards
- Protective devices on USB
- Programmable controllers
- Pulse transformers
- Heat shrink tubing
- Strain relief for power supplies cords
- Surge suppressors
- Terminal blocks
- Thermal cut-off devices
- Thermoplastic materials
- Triple insulated wires
- Voltage selectors 
Such components are those that have been evaluated against relevant national or international component standards and are provided with a third-party/certification body approval, such as UL Listing or Recognition, CSA certification, VDE, IMQ, PSE, etc., and are normally marked with the mark of the certification body. In some situations, due to limitations on dimensions, the marking is done on the packaging. (Note that CE marking, the Mark recognized by the European Union, is not required by law for components.)
The regulatory compliance and approval of critical components should be documented with a copy of the approval certificate or by the license for the component (the use of catalog data sheets is not the proper way to prove compliance).
Particular attention needs to be paid to the Conditions of Acceptability for correct application and use of the components in the end-use equipment. Specified electrical ratings (included in the test reports of certification bodies) shall be taken into account and should never be exceeded.
In situations when there is no published component standard for specific safety-critical components, components identified as critical can be tested for compliance with the end-use product safety standard.
Each test report template based on a product safety standard shall include safety-critical components in a table designated as List of Critical Components or List of Components and Circuits Relied Upon for Safety. In addition, details should be provided for each critical component, including component name, manufacturer/trademark, type/model, technical specifications, applicable standard, a mark of conformity (approval status), and the approval file number.
Technical specifications should be considered as relevant technical information that may influence the safety features, such as flammability class, maximum operating temperature, maximum voltage, maximum current, breakdown voltage, insulation resistance, electric strength voltage, minimum thickness, dimensions, color, drawing numbers, etc.
In general, in electrical equipment, the failures of safety-critical components are manifested by electrical/electronic performance deficiencies depending on the type of component (e.g., short circuit; open; passive components not meeting their tolerance or temperature coefficient specifications; analog components not meeting the frequency response specifications; digital devices not meeting rise time specifications; etc.). These failures may lead to harmful effects on humans and the environment.
To prevent such situations, some safety-critical components are designed, manufactured, and tested in a special way that includes these components in a special category, referred to as high-integrity components.
High Integrity Components
High integrity components (HIC), also considered as infallible, are designed not to fail in such a way that failure could be dangerous or detrimental. Such claims are made where the probability of failure must be so low as to be effectively discounted from further safety analyses .
High integrity components are components where one or more characteristics ensure that the component function is fault-free (“Incredibility of Failure” claim) in relation to the safety requirements of a standard during the expected service life and reasonably foreseeable misuse of the equipment. When a failure occurs, an HIC always works the same as in normal operation, and additional protection is not required. When a fault in a particular safety-critical component can generate an unacceptable risk of harm, it is recommended that this component be switched out in favor of one with high-integrity characteristics.
In the case of HIC, it is required to prove that the probability of failure over the lifetime of the equipment is less than that required to reduce the risk to acceptable. As an example, suppose a piece of equipment could generate moderate severity thermal harm. To reduce the risk of harm to an acceptable level, a component “T” is used for which the acceptable probability of failure might be around 1/10,000 per year. If the lifetime of the equipment is seven years, the probability of failure of the T component should be less than 1/100,000 per year. If the reliability assumption for the component T is such that T will meet this requirement without problems, the component T could be considered a valid high-integrity component. The use of reliability engineering techniques such as highly accelerated life testing (HALT) or highly accelerated stress screening (HASS), average expected functional life (with random failures), the point of expiration (wear-out failures), etc., will help with the estimation of the component’s probability of failure.
In Part 1 of this article, we’ve provided a detailed explanation of the differences between safe, safety, and reliability and focused on aspects related to component selection. We’ve also worked to clarify the differences between safety-critical components and high integrity components. In Part 2 of this article, we’ll address the issue of high integrity components in greater depth.
- S. Loznen, C. Bolintineanu, J. Swart, Electrical Product Compliance and Safety Engineering, Artech House, Norwood, MA, USA, 2017.
- C. Bolintineanu, S. Loznen,” Product Safety and Third-Party Certification”, in The Electronic Packaging Handbook, Edited by Glenn R. Blackwell, Boca Raton, CRC Press LLC, 2000.
- S. Loznen, C. Bolintineanu, Electrical Product Compliance and Safety Engineering, vol. 2, Artech House, Norwood, MA, USA, 2021.