This blog is number seventy-one in my safety matters series which concentrates on issues related to industrial functional safety. For Christmas I try to do something different with my blog and this year I struggled to find something which is not too technical but is still related to functional safety. Eventually I settled on functional safety and Christmas tree lights given the statistics available at Christmas Tree Fires: Statistics & Prevention Tips.

Before we get to the Christmas trees I would like to discuss a new draft standard IEC 63168. This standard comes in 4 parts across 174 pages and is entitled “Cooperative multiple systems in connected home environments”. The title doesn’t exactly jump off the page and there is no mention of functional safety but given that is the worst thing I am going to say about his standard it was good to get it out of the way early.

This standard is being sponsored by the IEC SyC AAL committee who cover assisted living. The standard has a large number of contributing experts with Japan in particular having a lot of experts on the working group. This is consistent with the fact that Japan with its aging population also leads in things like elderly care robots.

The picture below implies the standard is already available but anything else I can find suggests it is only at the committee draft stage.

Figure 1 - Full title of the assisted living standard

Note – I used to think that EN meant the standard was a harmonized standard of the European Union, but it turns out you can have EN in the title and not be a Harmonized standard. To be a Harmonized standard you must be published in the official journal of the European Union.

I believe you should always start reading a new standard with its scope. In this case the scope makes it clear that it covers “cooperative multiple systems that are operated together in a connected home environment” and emphasises that it “can be operated by “users, who may not be fully trained” and refers to IEC 61508.

The standard claims to be based on IEC 61508 but its SIL determination table looks more like the risk matrix from ISO 26262 and the measures of the safety achieved instead of being SIL 1 through 4 are “QM”, “A”, “B”, “C” and “D” which just screams ISO 26262. In fact, this standard often seems closer to ISO 26262 than IEC 61508.

The stated aim of the standard is to “reduce the occurrence of risk to a socially acceptable level” but it gives no numbers on that socially acceptable level. Instead of SIL or ASIL it uses the term H-SIL with the allowed dangerous failure rate of H-SIL B, C and D the same as those for the corresponding ASIL. I understand medical uses a different definition of risk to industrial (don’t ask as I don’t know the difference) and I wonder which one this standard uses given it has certain medical like applications.

There are lots of good insights in the standard including that walking in a dark place, even for somebody with poor leg control, might be low risk if the floor is flat but can be high risk if there are steps or stairs present. This is obvious once you think about it, but it is often no harm to spell out the obvious. Once again this reminds me of driving scenarios often considered in automotive which is not necessarily a bad thing.

The figure below represents what a safety function according to IEC 63168 would look like. They don’t use the language of sensor, logic, and actuator but I have added such labels below to tie it back to IEC 61508 and IEC 61511 which a lot of the readers are familiar with.  

Figure 4 - an example system according to the standard

Another indication that IEC 613168 follows ISO 26262 is that it states that the functional safety requirements “shall be derived from the safety goals”. Nevertheless, I like its explanations on the hierarchy of safety goals and functional safety requirements. It also uses the “+” and “++” from ISO 26262 rather than the “R” and “HR” from IEC 61508 in the tables of requirements.

An obvious omission for me is that there is nothing on networking requirements but perhaps you just fall back to IEC 61508 for guidance and use a black channel safety concept according to IEC 61784-3. It might be interesting to compare home network requirements to those for an industrial environment as envisaged by IEC 61784-3 or IEC 62280 which is for rail.

I like this new standard. It is well written and more compact than either IEC 61508 or ISO 26262 and some of the topics in it are very nicely explained. If you can get your hands on a copy, then I recommend reading it. It will not be time wasted.

Now onto the safety of Christmas tree lights, I think we should start with a hazard analysis and risk assessment. This certainly isn’t a full one and I invite you to submit further material in the comments.

Basic threats

Consequences

Dog attacks Christmas tree

Unhappy owners - not safety related

Cat climbs Christmas tree to escape dog

Happy dog, unhappy cat – not safety related

Christmas tree dries out and starts to smell

Unhappy owners – not safety related

Christmas tree dries out and becomes a fire hazard

Fire hazard – safety related

Christmas tree lights go on fire

Fire hazard – safety related

Christmas tree lights come loose from tree causing a trip hazard

Trip hazard – safety related

 

We could go the whole way here and propose a Christmas tree functional safety standard. After all there are standards for Irish coffee (Irish standard I.S. 417:1988 – see page 15 of here for more) and how to make a standard cup of tea (ISO 3103:1980 – see page 13 of here). In this new standard we could have a TSIL (tree SIL) to indicate the level of safety achieved.

 Perhaps we could then imagine safety functions compliant to the standard such as

  • Wiring the lights to a smart plug and automatically switching them off when nobody is in the room. Such an automation would also require a PIR sensor.
  • Switch off power to the tree when nobody at home.
  • We could also have used a multipurpose sensor as a tilt sensor to detect the tree had fallen over and disconnect the power and send a warning message to someone’s phone.
  • I don’t have one but a ZigBee based fire detector also looks cool and relevant especially if you have a dried out real tree
  • A humidity sensor to detect if the tree is drying out. Perhaps conductivity might be best with perhaps the AD5933 being useful for this.
  • If using defence in depth you could consider using the ADPD188BI

Some of these “safety functions” are to prevent a risk and others to mitigate the risk. The difference might make a good topic for a future blog.

And of course, you could do something smart with an Arduino to control the lights.

I have also heard of people doing their own assisted living based on the existing home automation systems using just the presence sensors and the smart plugs and I think it has a lot of promise. One person had put a smart plug on the kettle and if the kettle, in an elderly relative’s house, hadn’t come on by 9AM they phoned or called around to check the person was ok given the deviation from their normal pattern of a cup of tea first thing in the morning.

Someone else had put a presence sensor in the bathroom and kitchen and if they didn’t detect a presence an alert was sent to a phone contact. I thought both were genius ideas with a very low risk of an invasion of privacy. The biggest expense might be installing good broadband but I believe some of the Smartthings apps can run locally on the hub without broadband but I haven’t tested it. The blog where I heard this compared it to the older technique from many years ago to looking out in the morning to see that the fire was lighting (smoke out of the chimney) of nearby elderly people. Same principle just using modern technology.

Happy Christmas and expect to see more safety matters blogs in the new year.

Anonymous