If two thermal cutouts required for water cooling system?

Roland chung

Trusted Information Resource
#1
Hello all,

Our equipment employ a water cooling system which consist of water tank, pump, heat sink and fan to cool down the temperature of light source. There are a water level sensor, water pressure sensor inside the cooling system to prevent leakage or disconnection of fluid. There is also a thermal cutout inside the water tank to prevent the fault conditions (e.g. fan failed).

The test house told me that one thermal cutout is not enough. If thermal cutout short-circuited, the fault can not be detected and belongs to normal condition. Two thermal cutouts are therefore required.

According to the definition of SINGLE FAULT CONDITION (condition in which a single means for reducing a RISK is defective or a single abnormal condition is present), there are actually two independent SINGLE FAULT CONDITIONs if the fan and the thermal cutout is defective simultaneously. I think, that is not the intention of the standard. During any test under SINGLE FAULT CONDITION, only one fault at a time shall be applied.

Furthermore, if all faults can not be detected are regarded as normal, I would argue disconnection of protective earth is also undetected. But this obviously deviates the standard.

Please kindly advise it. Thanks and regards.
 
Elsmar Forum Sponsor

Stijloor

Staff member
Super Moderator
#2
Hello all,

Our equipment employ a water cooling system which consist of water tank, pump, heat sink and fan to cool down the temperature of light source. There are a water level sensor, water pressure sensor inside the cooling system to prevent leakage or disconnection of fluid. There is also a thermal cutout inside the water tank to prevent the fault conditions (e.g. fan failed).

The test house told me that one thermal cutout is not enough. If thermal cutout short-circuited, the fault can not be detected and belongs to normal condition. Two thermal cutouts are therefore required.

According to the definition of SINGLE FAULT CONDITION (condition in which a single means for reducing a RISK is defective or a single abnormal condition is present), there are actually two independent SINGLE FAULT CONDITIONs if the fan and the thermal cutout is defective simultaneously. I think, that is not the intention of the standard. During any test under SINGLE FAULT CONDITION, only one fault at a time shall be applied.

Furthermore, if all faults can not be detected are regarded as normal, I would argue disconnection of protective earth is also undetected. But this obviously deviates the standard.

Please kindly advise it. Thanks and regards.
Can someone help Roland?

Thank you!!

Stijloor.
 

Peter Selvey

Staff member
Super Moderator
#3
This is actually a mistake in the standard which I expect will be rectified as time goes by.

The double fault (one undetected) originates from high risk devices where it is reasonable to consider as a general case. However, for electrical safety it should only apply in special cases. But in both situations, the correct path is to consider double faults but leave the final decisions to risk management. Under ISO 14971, this is the stage of checking if the residual risk is acceptable.

In electrical safety, the residual risk is normally acceptable if reliable protection system is in place, such as an approved thermal cut-out or fuse. I expect the standard to be amended in the future to indicate approved components, used within their ratings, are not to be considered as "undetected faults".

However, if you are interested in the theory, or need to convince the test lab, read on:

In your case you have a control system (temp control) and a protection system (thermal cut out, or TCO).

There are 4 factors in the decision for a risk control:
P1 = probability of failure of the control
P2 = probability of failure of the protection
P3 = probability of harm, if both control and protection fail
n = lifetime of the device

P1, P2 are expressed in events / device / year; P3 has no units

The overall probability of harm in the last year of use is:

Pt = 0.5 x P1 x P2 x P3 x n

If Pt is above the acceptable criteria (e.g. 0.000001 for death) then you should apply a risk control. The risk control can include periodic checking (e.g. annual test of the TCO), redundancy (2 TCOs) or buying a more reliable TCO, and so on.

However, the problem is test labs tend to overestimate probabilities, while manufacturers go the other way and underestimate. For each factor, the under or over estimate is not high (5~10). But accumulated "error" for three factors (P1, P2, P3) can be very high (100~1000), and I have seen difference of over 1,000,000 between test lab's and manufacturer's estimates of probability. The true figure is somewhere in between.

One way to get a reasonable estimate is to look for a range of probabilities which are realistic. The true probability is expected to be in the middle of this range. For example, failure / year of a control system:

P = 1 : unrealistic (too high)
P = 0.1: unrealistic (too high)
P = 0.01: possible
P = 0.001: possible
P = 0.0001: possible
P = 0.00001: unrealistic (too low)
--> this indicates that the true probability is ~ 0.001 failures / year

Use this method to estimate P1, P2 and P3. Note again that P3 is frequently overestimated (most test labs assume P3 = 1) but in the real world even if control and protection fail, most cases are a blow fuse, a bit of smoke and not much else.

Anyway, key point is the decision is the result of risk management, not an automatic decision that 2 x TCOs are needed.

If you test lab still does not agree, look for another test lab!
 

Roland chung

Trusted Information Resource
#4
Thanks for the detailed suggestion.

For the formula Pt = 0.5 x P1 x P2 x P3 x n, why factor 0.5 is employed?

For the Pt acceptable criteria, how to determine a "suitable" value? I am afraid the value we determined may not be accepted by test lab.
 

Peter Selvey

Staff member
Super Moderator
#5
The 0.5 factor is there because with a double fault over a long period of time, the order of failure is important: protection first, control second is dangerous; control first, protection second is no harm. Thus, 50% of double faults will not result in harm. This factor is not new, you can find it even in IEC 60601-1:2005, rational for Clause 11.2.1 (b) (3).

The criteria for probability is up to you, but the "1 in a million" for death is frequently applied. Personally I prefer "1 in 10 million", because if we assume "1 in a million" / year, and we live for nearly 100 years, and there are ~100 electrical devices around us everyday, the cumulative effect would be 1 in 100 chance of being killed by an electrical device.

Death by electrical goods of 1 in a 1000 sounds more reasonable, which corresponds to 1 in 10,000,000 / year / device.
 

Roland chung

Trusted Information Resource
#6
Good point of view. In your assumption, there are ~100 electrical devices around us everyday, So the units for 1 in 100 chance of being killed by an electrical device is per day. Is it right? If so, the probability seems too high as you said.
 

Peter Selvey

Staff member
Super Moderator
#7
No, the 1 in 100 figure is per lifetime (i.e. cumulative over 100 years). And realistically that's not too bad, since we all have to die from something someday :), and there are more significant problems around.

But still a rate of 1 in 1000 (over a 100 year lifetime) is more reasonable target for death from electrical goods (fire / shock).
 

Roland chung

Trusted Information Resource
#8
Our equipment is not used in conjunction with OXYGEN RICH ENVIRONMENTS. Just interesting in subclause 11.2.2.1 b)3), the standard seems to consider the probability of harm = 1. That said, the fire is certain to cause burn or death. From the point of worst condition, it is reasonable. However, I would think that it is not always be the case if fire enclosure used. Whether I missed something?
 
S

Shine Zhang

#9
Hi Roland,

Just ask your test lab: did they test mains transformer which employed a approved built in thermal cutout(link) as protective device, short circuit(it seems can not be short circuit due to built in winding) or ask for such a new transformer without this thermal cutout(link), for overlaod test?

they are the same problem, no matter it used for your water cool system or used in transformer, thermal cutout still thermal cutout, bears the same characteristic, if they used within they declared specification. [FONT=Arial,Italic][FONT=Arial,Italic]
[/FONT][/FONT]
 

Peter Selvey

Staff member
Super Moderator
#10
Our equipment is not used in conjunction with OXYGEN RICH ENVIRONMENTS. Just interesting in subclause 11.2.2.1 b)3), the standard seems to consider the probability of harm = 1. That said, the fire is certain to cause burn or death. From the point of worst condition, it is reasonable. However, I would think that it is not always be the case if fire enclosure used. Whether I missed something?
The presumption behind the standard is that the presence of elevated oxygen (above 25%), non-flammable materials are flammable.

It is a while ago now but when researching the subject and I came to the conclusion that there are again a lot of unknowns (e.g. at what level of oxygen does non-flammable material become flammable), so they have just assumed the worst case.
 
Thread starter Similar threads Forum Replies Date
D Transformers and Thermal Cutouts IEC 60601 - Medical Electrical Equipment Safety Standards Series 2
I Lifetime Support Calculation - Thermal Operating Profile Reliability Analysis - Predictions, Testing and Standards 7
S Ring Gage Thermal Expansion General Measurement Device and Calibration Topics 4
E Solder thermal profiles for PPAP - Automotive IATF 16949 - Automotive Quality Systems Standard 1
V Regrinding Material - Thermal properties Manufacturing and Related Processes 4
x-files [Thermal Power plant KOSTOLAC, SERBIA] Sucessfully certified to ISO 50001 Sustainability, Green Initiatives and Ecology 1
x-files [Thermal powerplant] Why "Generation of electricity" is a special process? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
x-files Thermal Powerplant - 7.5.3 Identification and Traceability ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
S Thermal Sensitivity Testing - Heat Lamp - ILY - Increased blood circulation IEC 60601 - Medical Electrical Equipment Safety Standards Series 2
x-files [Exclusions] 7.3 Design and development vs. Thermal Powerplant ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
x-files Global Timeline Plan of IMS/QMS Activities for a Thermal Power Plant ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
Marc Acronym CTE - Coefficient of Thermal Expansion Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 2
O AECQ 200 Revision D vs. Revision C - Thermal Shock & Thermal Cycling Other ISO and International Standards and European Regulations 2
U Is there such a thing as 1-part thermal cure epoxy? Manufacturing and Related Processes 11
J IPC-A-610 E Thermal Plane Acceptance Criteria for D-Pak Component Other ISO and International Standards and European Regulations 2
M Transport Vehicle Thermal Regulation - How would you interpret this requirement? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
O Thermal Shock Test with conditions specified in AEC-Q200 Various Other Specifications, Standards, and related Requirements 3
M Diebond adhesive blowholes seen after thermal curing on chip to plastic bottle mount Manufacturing and Related Processes 4
somashekar The Plasma Thermal Destruction and Recovery (PTDR) Waste-to-Energy Technology Sustainability, Green Initiatives and Ecology 4
S AMS2771 - Soak Time Interpretation (Thermal Conditioning) - T6 or T61? Manufacturing and Related Processes 8
T International Reference or SOP for the Thermal Validation of Incubators, Cold Rooms General Measurement Device and Calibration Topics 2
M Thermal Mapping Concepts - Drug store with dimensions 75m x25m x13m General Measurement Device and Calibration Topics 10
somashekar Optical epoxy for LED having good thermal shock resistance. Manufacturing and Related Processes 2
C Thermal Accelerated Aging Test(s) for Epoxy Reliability Analysis - Predictions, Testing and Standards 6
S Oven Qualification - Thermal profile during the OQ of a vacuum oven General Measurement Device and Calibration Topics 6
somashekar Hazardous waste rules - India - Carbon paper and thermal transfer printer ribbons Miscellaneous Environmental Standards and EMS Related Discussions 7
T Standard for "Simulating Long Term Effects on Materials / Thermal Disinfecion" needed Other ISO and International Standards and European Regulations 3
T Detergents for Washer-Thermal Disinfector of Plastic Materials ISO 13485:2016 - Medical Device Quality Management Systems 3
E GMW3172 - Thermal Shock and PTC cycles required to validate an electronic system Reliability Analysis - Predictions, Testing and Standards 2
J Temperature cycling thermal chamber accuracy and Gage R&R Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 2
M GMW3172 - Electrical/Electronic - Temperature cycling and Thermal shock Customer and Company Specific Requirements 4
D Process Qualification - Heat Treatment Process Furnace - What is Thermal Mapping? Manufacturing and Related Processes 7
I Is SRN required for a contract manufacturer EU Medical Device Regulations 0
O New GTIN (DI) required? Other US Medical Device Regulations 0
P Is the second factor authentication (2FA) required for external users? Qualification and Validation (including 21 CFR Part 11) 1
validationspec EN 868-5 pdf required. Medical Device and FDA Regulations and Standards News 1
F Uncertainty not Required Measurement Uncertainty (MU) 3
I How to find required testing for a specific device? Other US Medical Device Regulations 3
U Is Initial Importer Status Required if a Medical Device is Manufactured and Sterilized by an OEM in the US Other US Medical Device Regulations 1
S Is it required to complete Internal Audits within one year? ISO 13485:2016 - Medical Device Quality Management Systems 29
D "certified" in ISO 19011, as well as IATF required? IATF 16949 - Automotive Quality Systems Standard 6
M Is validation required when consumables are changed Qualification and Validation (including 21 CFR Part 11) 7
B Is labeling on the device itself required? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 5
J Scrap Material Scale Calibration Required? IATF 16949 - Automotive Quality Systems Standard 21
K Is Calibration Required for Non-Adjustable Commercial Inspection Devices? General Measurement Device and Calibration Topics 11
C ISO 9001:2015 8.3.2. h) Design and Development Planning - What is required? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
S Does a refurbished product required a new UDI? US Food and Drug Administration (FDA) 3
S For Parts Manufacturer Approval (PMA) Is 100% Inspection Required? Federal Aviation Administration (FAA) Standards and Requirements 2
B AS9102 - 3D printing a special tool required for assembly (counterfeit risk?) AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 12
R "Medical devices" required in scope ISO 13485:2016 - Medical Device Quality Management Systems 2

Similar threads

Top Bottom