Functional Safety for Programmable Electronics Used in PPE: Best Practice Recommendations
Prepared by Safety Requirements, Inc. – NIOSH Contract 200-2003-02355
Background
The objective of this contract was to establish and document recommendations for using a System Safety Approach to ensure the safe design and use of high-tech personal protective equipment throughout its complete life cycle. An analysis of failures associated with electronic safety equipment used by emergency responders illustrated the need to clarify performance requirements. The implementation of a System Safety Approach will ensure the safe design, manufacture, and use of PPE that contains embedded electronic hardware and software. In addition, these guidance documents will support the NFPA Electronic Safety Equipment (ESE) Technical Committee in developing standards by providing a means to assess and ensure the functional safety performance of ESE. This activity supports Strategic Goals 1 and 3, Reduce Exposure to Inhalation Hazards and Reduce Exposure to Injury Hazards. The integration of a System Safety Approach will ensure the safe design, manufacture, and use of PPE with embedded electronic hardware and software.
Manufacturers of PPE use electronics and software technology to improve the safety of emergency responders and increase the likelihood of survival of victims. Electronics and software components embedded in PPE now provide protection, monitoring, and communication functions for emergency responders.
For example, innovative electronics and software engineers are accepting the challenge to design PPE that reduce reliance on audible communications. These products use radio and cellular frequencies to communicate digital information to the unit commander and among the various emergency responder agencies present on scene (i.e., police, fire, and rescue).
Innovators are also embedding electronics in turnout gear and taking advantage of newer materials. The result is more complex products including those that integrate products developed by different manufacturers. Although use of electronics and software provides benefits, the added complexity, if not properly considered, may adversely affect worker safety.
Hazardous situations which require rapid and effective intervention by emergency personnel are growing in scope and complexity. Effective protection of emergency responders is an ever-increasing problem. Equipment used to provide protection for emergency responders will likely be designed and manufactured by a diverse group of suppliers; therefore, proper compatibility and interaction of the components to achieve an integrated, hybrid package is essential to system success and personnel safety. Ultimately, the PPE/support system worn by emergency responders will be an integrated package of components from a diverse group of manufacturers. Proper integration is the key, for instance, to ensure the compatibility and sufficiency of power supplies, computer controllers, component isolation and lack of inter-component interference, and failure mode contingencies. Thus, it is recognized that the systems design process will necessarily involve a heavy integration requirement, and the means to meet it, must be instilled in all component manufacturers early in the design process.
These commercial entities need a “roadmap” which helps guide them through the proper steps for ensuring that the best practices, as well an any impinging standards, are met. Since many of the processes may be new or unfamiliar to the manufacturers, an important issue is to determine the pitfalls, problems, and expected hurdles that must be overcome.
Programmable electronic components and software fail in ways that are not always detectable solely by pre-delivery functional and acceptance testing. At present, the existing safety standards that address the use of personal protection equipment do not sufficiently consider requirements for functional safety of the programmable electronics and software.
Specifically, reliance on programmable electronics and software requires that additional risk analysis, design for safety and other safety engineering practices be followed. To address potential failures for electronics and software, two consensus standards have emerged that are applied when electronics are used in safety applications. These standards are ANSI UL 1998 Standard for Software in Programmable Components and IEC 61508 Functional Safety: E/EE/PE Safety-Related Systems. The standards are based on the following reduced-risk engineering concepts:
- Safety Life Cycle
- Risk Analysis
- Design for Safety
- Verification, Validation, and Test
- Management of Change
- Development of a Safety File
These guidelines address the critical life-safety issues identified.
The Report Series
The report series contains best practice recommendations for the design and implementation of personal protection equipment and systems (PPE). The best practice recommendations apply to systems, protection layers, and devices using electronics and software embedded in or associated with PPE. The entire series provides information for use by life safety equipment manufacturers including component manufacturers, subassembly manufacturers, final equipment manufacturers, systems integrators, installers, and life safety professionals.