Get our free email newsletter

Testing Safety Into Products

In a recent discussion with a third-party certifier, there was an implication that a product cannot be deemed safe until it has been tested. It was further implied that the outcome of the testing could not be predicted. The general attitude of this discussion and other similar discussions that I have had is that we must test the safety into the products. In other words, the safety of the product is not known until it is tested.

For the product designer, this attitude is almost like “buying a pig in a poke.” In the worst case, the designer proceeds with the design without advance knowledge as to the requirements that will be applied to his work. The product safety professional tells the designer to design his product and after the design is complete and is tested, the product safety professional tells him whether or not his work is acceptable, i.e., passed the tests.

Indeed, this is the safety certification process. The certification professional only works with a fully functional product. He compares the actual construction to the various applicable requirements in the standard.

- Partner Content -

A Dash of Maxwell’s: A Maxwell’s Equations Primer – Part One

Solving Maxwell’s Equations for real-life situations, like predicting the RF emissions from a cell tower, requires more mathematical horsepower than any individual mind can muster. These equations don’t give the scientist or engineer just insight, they are literally the answer to everything RF.

The designer wants to know what requirements apply to his product so that he can account for them in the initial design. However, many safety professionals refuse to review the design until they have a sample in their hand. They say they don’t know what requirements will apply until after they see the product.

Fortunately, most designers have been through the process at least once, so they know the ropes and can usually design the unit so that it passes most or all the tests the first time through the test protocol. The new designers get help and advice from the experienced designers so as to minimize the changes that might result from the safety testing and “eyeball” examination of the hardware.

Unfortunately, some safety professionals and some certification professionals don’t believe they’re doing a good job unless they can find something wrong with the product. So, no matter how thorough a job by the designer, something will be found that will require a change.

Is it possible to design safety into the product such that we can predict successful outcome to both testing and “eyeball” examination BEFORE the first prototype is built? Can a prototype be deliberately and overtly designed and constructed such that it passes all tests and the “eyeball” examination the first time?


Henry Petroski, in his book “To Engineer Is Human,” says, “The process of engineering design may be considered a succession of hypotheses that such and such an arrangement of parts will perform a desired function without fail.”

- From Our Sponsors -

This is an intriguing statement, “…perform a desired function without fail.” Does or can this statement apply to the safety function of the product?

Petroski is a civil engineer. In his book, Petroski uses bridges and similar structures for examples to support his thesis that an engineer can indeed predict the successful outcome of design, including the successful outcome of the safety functions of a particular design.

Bridges, upon completion, are not subject to tests equivalent to the hi-pot test, the leakage current test, the mold-stress relief test, the enclosure impact test, etc.

How, then, can we accept the safety of a bridge with no safety testing (on the finished product), when we cannot accept the safety of an electronic product without successful safety testing of the finished product?

The answer, of course, is Petroski’s assertion that design is hypotheses that the arrangement of parts will perform the desired function without fail. By understanding the various parameters of the materials used in the bridge, and by hypothesizing the static and dynamic loads applied to the bridge, the designer can reasonably predict that the arrangement of parts will safely withstand the static and dynamic loads.

Petroski points out that when a bridge fails, the designer’s hypotheses are proven wrong. Fortunately, very few bridges fail, but when they do, the failure is spectacular. And, the failure is subject to rigorous analysis such that other bridge designers don’t use a flawed hypothesis.

The same process, hypothesizing the arrangement of parts for successful outcome of testing, can be used in the design of electronic products.

The issue for the electronic product designer is, what are the desired safety functions?

If the designer knows the desired safety function, then he could apply the process of engineering such that his selection and arrangement of the parts will obtain the safety function without incurring a failure.

There are only a handful of safety tests for products. If we know what facets of the design are critical to the successful outcome of the tests, then we can predict successful results from testing.

Let’s examine the more common safety tests.


Hi-pot or electric strength test

This test is applied between mains and ground, and between mains and secondary circuits. It tests the insulation between the mains on the one hand, and the ground and secondary circuits on the other hand. The insulation is comprised of solid material and air in parallel.

If we have sufficient distance through these two insulating media, then the product will pass the test.

For all practical purposes, electric strength is proportional to distance through the insulating media.

To predict success in the hi-pot test, the distances through the insulating media must be greater than the product of the hi-pot test voltage and the volts-per-unit-distance rating for each particular insulating medium.

We can largely ignore distance through solid insulation as almost any solid insulation at almost any thickness greater than zero will easily pass the common 1500-volt hi-pot test. One wag reported that one layer of Charmin is good for 3000 volts!

If the distance in air between any part of the mains circuit and any part of either the ground circuit or the secondary circuit is nowhere less than 1.8 mm, then the product will pass the 1500-volt hi-pot test. As a rule-of-thumb, the volts-per-unit-distance rating of air is about 1.2 kV/mm for 1500 volts.

So, if we know all the distances are adequate, we can predict success for the hi-pot test. The only trick to predicting success is to find all the paths in air around edges of transformer insulation and similar constructions.

(For the purposes of my point, I have ignored the requirements contained in the various standards for distances through insulation and through air.)


Leakage current test

Leakage current in the grounding wire of a product is a function of the insulation resistance and the discrete and distributed capacitance between mains and ground, and between mains and grounded secondary circuits.

Insulation resistance in modern insulations is sufficiently high that it can be ignored as significant to the measured value of leakage current.

Capacitance, both discrete and distributed, are the significant contributors to leakage current.

Discrete capacitors contributing to leakage current are those used for line filters and those sometimes used in switching mode power supplies between the dc and ground. Using Ohm’s Law and the capacitive reactance of this total capacitance we can calculate a minimum value of the leakage current.

One distributed capacitance contributing to leakage current is that of the transformer primary to core, to shield, and to secondary. The value of these capacitances will depend on the particular transformer construction, with layer-wound transformers being somewhat higher than triple-flange transformers.

Another distributed capacitance is the power cord itself. An 18 AWG SVT cord will contribute about 5 microamperes per meter.

And, of course, the primary circuits themselves have distributed capacitance to ground. Usually, this is the least value of the various distributed capacitances.

So, we can predict leakage current from the parameters of the various components of the primary circuit. We may not be able to predict an exact number, but we can at least predict pass or fail.


I could continue with other safety tests such as the enclosure impact test, the component fault tests, etc. Some years ago, the Product Safety Newsletter published an article on how to predict the outcome of the stability (inclined plane) test.

So, it is possible to design safety into the product such that we can predict successful outcome to both testing and “eyeball” examination BEFORE the first prototype is built!

In fact, I measure myself on the number of test failures of the products I am involved with. My goal is zero failures per product at any time during the product development program. That is, each and every prototype should meet the complete set of safety requirements. I achieve that goal.

Let me make a distinction between product safety professionals and certification house safety professionals. The product safety professional who advises designers can achieve a goal of no test failures. The certification house safety professional must necessarily take a “show-me” attitude as he is not involved in advising the designers. Having said that, the certification house safety professional should nevertheless be able to “eyeball” a product and predict success or failure for a large number of the tests.

Product safety is a matter of prediction. As professionals, our job is to predict the future, to predict success of the safety function of the products we work with such that injuries will not occur just as civil engineers predict that bridges do not fall.

If we are to predict a safe future for the users of the product, then we should be able to predict successful outcome of safety testing. We should not rely on the testing to prove the safety of the product, but rather use the testing to prove our ability to predict the future.

Copyright 1993 by Richard Nute. Originally published in the Product Safety Newsletter,  Vol. 6, No. 3, May-June 1993

author_nute-richardRichard Nute is a product safety consultant engaged in safety design, safety manufacturing, safety certification, safety standards, and forensic investigations.

Related Articles

Digital Sponsors

Become a Sponsor

Discover new products, review technical whitepapers, read the latest compliance news, and check out trending engineering news.

Get our email updates

What's New

- From Our Sponsors -

Sign up for the In Compliance Email Newsletter

Discover new products, review technical whitepapers, read the latest compliance news, and trending engineering news.