Back in 2016 Analog Devices announced they were acquiring Linear technology - the result, an enormous power portfolio. Some of these circuits can carry more than 100 amps to servers used in data centers, others include galvanic isolation and others concentrate on working with uA.

Recently I attended a Power Summit in Milpitas California and if I don’t start to dream about boost, buck, buck-boost, SEPIC and flyback converters I will be amazed. As part of this visit I prepared a presentation on the functional safety requirements for power supply circuits and I will now share some of this with you in the below.

I will use this circuit from IEC 61800-5-2:2016 Annex A to illustrate the issues. This is the functional safety standard for variable speed drives.

The input shown is a 24V DC supply as found in industrial. Typically these supplies are limited to less than 60V DC even in the event of a fault. If the voltage monitor is not specified to 60V then a solution as shown is to protect the circuit with a TVS and a fuse. If the voltage rises above the maximum specified operating voltage of the power supply monitor circuit it should be clamped and the fuse should be selected so that it opens at that clamping current. Also shown is the series MOSFET which under the control of the monitor can remove power to the rest of the circuit. Lastly please note that the monitoring covers both the input and all regulated supplies. In this way the power supply monitors do most of the heavy safety lifting with the design of the actual supplies not being as important.

Power supply example from IEC 61800-5-2

Not shown in the above is that this circuit is powering a two channel system. Therefore any failures of the power supply circuit will be common cause failures (CCF) and therefore very high diagnostic coverage is required. Therefore the voltage monitor will need to be windowed. Traditionally power supply monitors monitor only for supply voltages less than expected. However for functional safety you need to ensure all components are operating within their specified operating voltage whether on the high side or low side. Such a monitor is called a windowed power supply monitor. Also not shown above is that you probably need to have diagnostics on your power supply monitor. This might sound like diagnostics on your diagnostics but is not. For instance while a high power supply probably represents a fault a power supply on the low side is not a fault but rather a normal operating mode as the power supply will be low during power on and off. Therefore at least the ability to monitor on the low side needs to be covered by a diagnostic. This could involve a MOSFET connected to pull the UV (under voltage) resistor node low on demand from a uC.

For the power supply monitor block I particularly like the LTC4365. Most important for functional safety it monitors for over and under voltage (i.e. windowed). While it can operate with an input supply of 2.5V to 34V it is tolerant up to 60V and so meets the PELV requirement and is suitable for protection with a fuse/Zener combination as shown in the IEC 61800-5-2 example. It is rated from -40’c to 125’c and so guaranteed to protect over the widest temperature range generally found in industrial. It can also control a series connected MOSFET to remove the power supply voltage (a basic safety principle from ISO 13849) and has an open collector output so that several LTC4365 can be combined to monitor other regulated voltages within the system.

Small Footprint Single MOSFET Application Protects Against 60V

For machinery applications once the power supply monitors trip the system a restart should be prevented without human intervention. For process control applications you probably want to automatically restart as soon as the supply returns to within specification.

Another interesting part I have to mention is the ADP1031. This multi-die solution can run from a 4.5V to 60V input voltage and generates +24V, +5V and -24V power supplies for a 4/20mA DAC the AD5758. However it also includes multiple channels of digital isolation and is specified from -40’c to +125’c and so ticks the boxes mentioned in the introduction above.

Typical application circuit from the ADP1031 datasheet

Such a level of integration maximizes the reliability of the system by minimizing the total number of components and simplifies the design at the module/PCB level. It will certainly simplify the FMEDA for a system such as the above with reliability prediction and analysis required for far less components than in a less integrated system.

This week’s video has nothing to do with power supplies – however it is inspirational and shows the power of the human spirit – see