SIST EN 62733:2015
(Main)Programmable components in electronic lamp controlgear - General and safety requirements
Programmable components in electronic lamp controlgear - General and safety requirements
This International Standard provides general and safety requirements for programmable
components used in products covered by IEC 61347.
The requirements of this standard are only applicable to the programmable components
(including its embedded software) in the electronic lamp controlgear. For other
electric/electronic circuits and their components in the electronic lamp controlgear, the
requirements of IEC 61347 series apply.
Programmierbare Bauteile von elektronischen Betriebsgeräten für Lampen - Teil 1: Allgemeine und Sicherheitsanforderungen
Composants programmables dans les appareillages électroniques de lampes - Exigences générales et exigences de sécurité
L'IEC 62733:2015 définit les exigences générales et les exigences de sécurité des composants programmables utilisés dans les produits couverts par l'IEC 61347. Les exigences de la présente norme s'appliquent uniquement aux composants programmables (et leurs logiciels intégrés) des appareillages électroniques de lampes. Pour les autres circuits électriques/électroniques et leurs composants dans les appareillages électroniques de lampes, les exigences de la série IEC 61347 s'appliquent.
Programirljive komponente krmilja elektronske sijalke - Splošne in varnostne zahteve
Ta mednarodni standard zagotavlja splošne in varnostne zahteve za programirljive komponente, ki se uporabljajo v izdelkih iz standarda IEC 61347.
Zahteve tega standarda se uporabljajo samo za programirljive komponente (vključno z njihovo vdelano programsko opremo) v krmilju elektronske sijalke. Za druga električna/elektronska vezja in njihove komponente v krmilju elektronske sijalke se uporabljajo zahteve standarda IEC 61347.
General Information
Relations
Standards Content (Sample)
SLOVENSKI STANDARD
SIST EN 62733:2015
01-september-2015
Programirljive komponente krmilja elektronske sijalke - Splošne in varnostne
zahteve
Programmable components in electronic lamp controlgear - General and safety
requirements
Programmierbare Bauteile von elektronischen Betriebsgeräten für Lampen - Teil 1:
Allgemeine und Sicherheitsanforderungen
Composants programmables dans les appareillages électroniques de lampes -
Exigences générales et exigences de sécurité
Ta slovenski standard je istoveten z: EN 62733:2015
ICS:
29.130.01 Stikalne in krmilne naprave Switchgear and controlgear
na splošno in general
29.140.99 Drugi standardi v zvezi z Other standards related to
žarnicami lamps
SIST EN 62733:2015 en
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
---------------------- Page: 1 ----------------------
SIST EN 62733:2015
---------------------- Page: 2 ----------------------
SIST EN 62733:2015
EUROPEAN STANDARD EN 62733
NORME EUROPÉENNE
EUROPÄISCHE NORM
June 2015
ICS 29.140.99
English Version
Programmable components in electronic lamp controlgear -
General and safety requirements
(IEC 62733:2015)
Composants programmables dans les appareillages Programmierbare Bauteile von elektronischen
électroniques de lampes - Exigences générales et Betriebsgeräten für Lampen - Teil 1: Allgemeine und
exigences de sécurité Sicherheitsanforderungen
(IEC 62733:2015) (IEC 62733:2015)
This European Standard was approved by CENELEC on 2015-06-11. CENELEC members are bound to comply with the CEN/CENELEC
Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.
Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC
Management Centre or to any CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the
same status as the official versions.
CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,
Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia,
Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and the United Kingdom.
European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2015 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.
Ref. No. EN 62733:2015 E
---------------------- Page: 3 ----------------------
SIST EN 62733:2015
EN 62733:2015
European foreword
The text of document 34C/1140/FDIS, future edition 1 of IEC 62733, prepared by SC 34C, "Auxiliaries for
lamps", of IEC TC 34, "Lamps and related equipment", was submitted to the IEC-CENELEC parallel vote
and approved by CENELEC as EN 62733:2015.
The following dates are fixed:
(dop) 2016-03-11
• latest date by which the document has
to be implemented at national level by
publication of an identical national
standard or by endorsement
• latest date by which the national (dow) 2018-06-11
standards conflicting with the
document have to be withdrawn
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CENELEC [and/or CEN] shall not be held responsible for identifying any or all such patent
rights.
Endorsement notice
The text of the International Standard IEC 62733:2015 was approved by CENELEC as a European
Standard without any modification.
2
---------------------- Page: 4 ----------------------
SIST EN 62733:2015
EN 62733:2015
Annex ZA
(normative)
Normative references to international publications
with their corresponding European publications
The following documents, in whole or in part, are normatively referenced in this document and are
indispensable for its application. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any amendments) applies.
NOTE 1 When an International Publication has been modified by common modifications, indicated by (mod), the relevant EN/HD
applies.
NOTE 2 Up-to-date information on the latest versions of the European Standards listed in this annex is available here:
www.cenelec.eu.
Publication Year Title EN/HD Year
IEC 61000-4-13 2002 Electromagnetic compatibility (EMC) -- Part EN 61000-4-13 2002
4-13: Testing and measurement techniques
- Harmonics and interharmonics including
mains signalling at a.c. power port, low
frequency immunity tests
+ A1 2009 + A1 2009
IEC 61347-1 - Lamp controlgear - Part 1: General and EN 61347-1 -
safety requirement
IEC 61347-2 series Lamp controlgear EN 61347-2 series
IEC 61508-4 2010 Functional safety of EN 61508-4 2010
electrical/electronic/programmable electronic
safety-related systems -- Part 4: Definitions
and abbreviations
IEC 61508-5 2010 Functional safety of EN 61508-5 2010
electrical/electronic/programmable electronic
safety-related systems -- Part 5: Examples
of methods for the determination of safety
integrity levels
IEC 61508-7 2010 Functional safety of EN 61508-7 2010
electrical/electronic/programmable electronic
safety-related systems -- Part 7: Overview of
techniques and measures
IEC 61547 2009 Equipment for general lighting purposes - EN 61547 2009
EMC immunity requirements
3
---------------------- Page: 5 ----------------------
SIST EN 62733:2015
---------------------- Page: 6 ----------------------
SIST EN 62733:2015
IEC 62733
®
Edition 1.0 2015-05
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
Programmable components in electronic lamp controlgear – General and safety
requirements
Composants programmables dans les appareillages électroniques de lampes –
Exigences générales et exigences de sécurité
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 29.140.99 ISBN 978-2-8322-2668-1
Warning! Make sure that you obtained this publication from an authorized distributor.
Attention! Veuillez vous assurer que vous avez obtenu cette publication via un distributeur agréé.
® Registered trademark of the International Electrotechnical Commission
Marque déposée de la Commission Electrotechnique Internationale
---------------------- Page: 7 ----------------------
SIST EN 62733:2015
– 2 – IEC 62733:2015 © IEC 2015
CONTENTS
FOREWORD . 4
INTRODUCTION . 6
1 Scope . 7
2 Normative references . 7
3 Terms and definitions . 7
4 General requirements . 10
5 Risk assessment . 11
5.1 General . 11
5.2 Specification of tolerable risk . 11
5.3 Documentation . 11
6 Requirements for abnormal operating and fault conditions . 12
6.1 Abnormal operating and fault conditions in the application of the electronic
lamp controlgear . 12
6.2 Fault conditions for the programmable component . 12
7 Requirements for software . 13
8 Requirements for EMC immunity. 13
Annex A (normative) Software evaluation . 15
A.1 General . 15
A.2 Protective programmable components using software . 15
A.3 Terms and definitions . 15
A.4 Requirements for the architecture . 22
A.5 Measures to avoid errors . 30
Annex B (informative) FTA and FMEA analysis . 34
B.1 FTA results . 34
B.2 FMEA results . 35
Annex C (informative) Guidance on the identification of a protective programmable
component . 37
Annex D (normative) Risk classification . 38
D.1 General . 38
D.2 Frequency of occurrence. 38
D.3 Risk severity . 38
D.4 Classification of risks . 39
Bibliography . 40
Figure B.1 – Example of a fault tree diagram . 35
Table A.1 – General fault/error conditions . 24
Table A.2 – Specific fault/error conditions . 26
Table A.3 – Semi-formal methods . 31
Table A.4 – Software architecture specification . 31
Table A.5 – Module design specification . 32
Table A.6 – Design and coding standards . 33
Table A.7 – Software safety validation . 33
Table D.1 – Frequency definition and categorization (from IEC 61508-5:2010 Annex C) . 38
---------------------- Page: 8 ----------------------
SIST EN 62733:2015
IEC 62733:2015 © IEC 2015 – 3 –
Table D.2 – Risk severity definitions (from IEC 61508-5:2010, Annex C) . 38
Table D.3 – Safety risk classification . 39
---------------------- Page: 9 ----------------------
SIST EN 62733:2015
– 4 – IEC 62733:2015 © IEC 2015
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
PROGRAMMABLE COMPONENTS
IN ELECTRONIC LAMP CONTROLGEAR –
GENERAL AND SAFETY REQUIREMENTS
FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
International Standard IEC 62733 has been prepared by subcommittee 34C: Auxiliaries for
lamps, of IEC technical committee 34: Lamps and related equipment.
The text of this standard is based on the following documents:
FDIS Report on voting
34C/1140/FDIS 34C/1156/RVD
Full information on the voting for the approval of this standard can be found in the report on
voting indicated in the above table.
This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.
NOTE In this standard the following print types are used:
– Requirements proper: in Roman type.
---------------------- Page: 10 ----------------------
SIST EN 62733:2015
IEC 62733:2015 © IEC 2015 – 5 –
– Test specifications: in Italic type.
– Explanatory matter: in smaller roman type.
The committee has decided that the contents of this publication will remain unchanged until
the stability date indicated on the IEC web site under "http://webstore.iec.ch" in the data
related to the specific publication. At this date, the publication will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
---------------------- Page: 11 ----------------------
SIST EN 62733:2015
– 6 – IEC 62733:2015 © IEC 2015
INTRODUCTION
This International Standard provides safety requirements and test methods for programmable
components when in electronic lamp controlgear. It provides additional safety requirements
for electronic lamp controlgear containing programmable components to the requirements of
IEC 61347 series.
In general, the two means of protection safety principle is used for protection against hazards
such as electric shock. Consequently one single fault condition or abnormal operation of the
electrical equipment will not lead to a hazardous situation.
Until recent technology, two means of protection have been realized in traditional hardware.
Examples are the provision of basic insulation and supplementary insulation between
hazardous live parts and accessible parts, and provision of basic insulation combined by
disconnection of the mains supply by a fuse.
Nowadays however programmable components (with embedded software) may be used as a
measure to provide safety under normal conditions, single fault conditions and/or abnormal
operation.
Since the traditional lighting standards do not provide requirements for programmable
components, this standard has been drawn up.
This standard recognizes the internationally accepted level of protection against hazards such
as electrical, mechanical, thermal, fire and radiation of appliances when operated as in
normal use taking into account the manufacturer's instructions. It also covers conditions for
electromagnetic phenomena that can be expected in practice with influence on the operation
of the programmable component, for taking into account the way this can affect the safe
operation of the electronic lamp controlgear.
This first edition is based upon IEC 60730-1:2010 and IEC 60335-1:2010 and adapted for
electronic lamp controlgear
NOTE The terms and definitions and Tables A.1 and A.2 respectively of this standard are equivalent to terms and
definitions and Table R.1 and R.2 of IEC 60335-1:2010, and equivalent terms and definitions and Table H.1 (class
B and class C software) of IEC 60730-1:2010.
---------------------- Page: 12 ----------------------
SIST EN 62733:2015
IEC 62733:2015 © IEC 2015 – 7 –
PROGRAMMABLE COMPONENTS
IN ELECTRONIC LAMP CONTROLGEAR –
GENERAL AND SAFETY REQUIREMENTS
1 Scope
This International Standard provides general and safety requirements for programmable
components used in products covered by IEC 61347.
The requirements of this standard are only applicable to the programmable components
(including its embedded software) in the electronic lamp controlgear. For other
electric/electronic circuits and their components in the electronic lamp controlgear, the
requirements of IEC 61347 series apply.
2 Normative references
The following documents, in whole or in part, are normatively referenced in this document and
are indispensable for its application. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any
amendments) applies.
IEC 61000-4-13:2002, Electromagnetic compatibility (EMC) – Part 4-13: Testing and
measurement techniques – Harmonics and interharmonics including mains signalling at a.c.
power port, low frequency immunity tests
IEC 61000-4-13:2002/AMD 1:2009
IEC 61347-1, Lamp controlgear – Part 1: General and safety requirements
1
IEC 61347-2 (all parts) , Lamp controlgear – Part 2: Particular requirements
IEC 61547:2009, Equipment for general lighting purposes – EMC immunity requirements
IEC 61508-4:2010, Functional safety of electrical/electronic/programmable electronic safety-
related systems – Part 4: Definitions and abbreviations
IEC 61508-5:2010, Functional safety of electrical/electronic/programmable electronic safety-
related systems – Part 5: Examples of methods for the determination of safety integrity levels
IEC 61508-7:2010, Functional safety of electrical/electronic/programmable electronic safety-
related systems – Part 7: Overview of techniques and measures
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1
central processing unit
CPU
part of a computing and controlling system that interprets and executes instructions
_____________
1
Relevant parts of the series depend on the context.
---------------------- Page: 13 ----------------------
SIST EN 62733:2015
– 8 – IEC 62733:2015 © IEC 2015
Note 1 to entry: This note applies to the French language only.
3.2
programmable component
based on computer technology which comprised of hardware, software, and of input and/or
output units
EXAMPLE The following are all programmable components:
– microprocessors;
– micro-controllers;
– programmable controllers;
– application specific digital integrated circuits (ASICs with programmable part);
– programmable logic controllers (PLCs);
– other computer-based devices (for example smart sensors, transmitters, actuators).
Note 1 to entry: This term covers microelectronic devices based on one or more central processing units (CPUs)
together with associated memories, etc.
Note 2 to entry: The term programmable component is from ANSI/UL1998:2010, definition 2.39 [2].The definition
in ANSI/UL for programmable component is: “Any microelectronic hardware that can be programmed in the design
centre, the factory, or in the field. Here the term ‘programmable’ is taken to be ‘any manner in which one can alter
the software wherein the behaviour of the component can be altered.” This term covers microelectronic devices
based on one or more central processing units (CPUs) together with associated memories, etc.
[SOURCE: IEC 61508-4:2010, 3.2.12, modified — "Programmable electronic" is replaced by
"programmable component" which better describes that it is only a part of the controlgear.]
3.3
protective programmable component
PPC
programmable component that prevents a hazardous situation under abnormal operating
conditions, or programmable component for which none of the output signals can lead to a
hazardous situation
Note 1 to entry: This note applies to the French language only.
3.4
software
intellectual creation comprising the programs, procedures, data, rules and any associated
documentation pertaining to the operation of a data processing system
[SOURCE: IEC 61508-4:2010, 3.2.5, modified — The notes to entry are deleted.]
3.5
software code
code written by a programmer in a high-level computer language and readable by people but
not computers
3.6
safety software
part of the software that counteracts possible hazardous situations, which are created from
abnormal and/or fault conditions
Note 1 to entry: Software is independent of the medium on which it is recorded.
3.7
fault condition
condition as required by Clause 14 of IEC 61347-1 or its relevant Part 2
---------------------- Page: 14 ----------------------
SIST EN 62733:2015
IEC 62733:2015 © IEC 2015 – 9 –
3.8
single fault condition
fault condition under normal operating condition of a single component or a device
[SOURCE: IEC 62368-1:2010, 3.3.7.10, modified]
3.9
normal operating
mode of operation that represents as closely as possible the most severe conditions of normal
use that can reasonably be expected
[SOURCE: IEC 62368-1:2010, 3.3.7.4, modified]
3.10
abnormal operating
temporary operating condition that is not a normal operating condition and is not a single fault
condition of the equipment itself
Note 1 to entry: An abnormal operating condition may be introduced by the equipment or by a person.
Note 2 to entry: The equipment, installation, instructions, and specifications should be examined to determine
those abnormal operating conditions that might reasonably be expected to occur.
Note 3 to entry: Faults that are the direct consequence of the abnormal operating condition are deemed to be a
single fault condition.
[SOURCE: IEC 62368-1:2010, 3.3.7.1, modified]
3.11
fault tree analysis
FTA
top down, deductive failure analysis method in which a hazardous or serious event is
analyzed using Boolean logic to combine a series of events causing this event
Note 1 to entry: The FTA technique represents a ‘top-down’ analysis technique. Annex B of IEC 61508-7:2010
provides information for the minimum setup for an FTA report.
3.12
failure modes and effects analysis
FMEA
analytical technique in which the failure modes of each hardware and software component are
identified and examined for their effects on the safety-related functions of the control
Note 1 to entry: The FMEA technique represents a ‘bottom-up’ analysis technique. Annex B provides information
for the minimum setup for an FMEA report.
[SOURCE: IEC 60730-1:2010, H.2.20.3, modified]
3.13
rated voltage
value of voltage assigned by the manufacturer to a component, device or equipment and to
which operation and performance characteristics are referred
Note 1 to entry: Equipment may have more than one rated voltage value or may have a rated voltage range.
Note 2 to entry: For three-phase supply, the phase-to-phase voltage applies.
[SOURCE: IEC 62368-1:2010, 3.3.10.4, modified]
---------------------- Page: 15 ----------------------
SIST EN 62733:2015
– 10 – IEC 62733:2015 © IEC 2015
3.14
tolerable risk
risk level as defined in 5.1
3.15
intolerable risk
risk level which cannot be justified, except in extraordinary circumstances
3.16
acceptable risk
risk level that is broadly accepted in the society
3.17
ALARP
as low as is reasonably practicable
level of risk for a risk that falls between acceptable risk and intolerable risk and has to be
reduced to the lowest practicable level, bearing in mind the benefits resulting from its
acceptance and taking into account the practicability of any further reduction
Note 1 to entry: This note applies to the French language only.
Note 2 to entry: The specification of the level ALARP is described in Annex D.
Note 3 to entry: This definition is according to IEC 61508-5:1998, Annex B. In this standard it is used as one
possible variant of the tolerable risk.
3.18
injury
damage to the human body, less than 2 % incapacity, usually reversible and not usually
requiring hospital treatment
EXAMPLE Minor cuts, very minor fractures or minor burns or sprains.
3.19
serious injury
injury that directly or indirectly:
a) threatens life,
b) results in permanent impairment of a body function or permanent damage to a body
structure, or
c) necessitates medical or surgical intervention to prevent permanent impairment of a body
function or permanent damage to a body structure
3.20
hazardous situation
circumstance in which people, property or the environment are exposed to one or more
potential sources of physical injury or damage to the health of people, or damage to property
or the environment
4 General requirements
Software of programmable components within electronic lamp controlgear shall be so
designed and constructed that in normal use it operates without danger to the user or
surroundings.
A risk assessment shall be done to determine which parts of this standard are applicable. If
the risk assessment shows that the software built-in used to prevent the controlgear from
becoming unsafe, has a risk above the tolerable risk, then this standard is mandatory.
---------------------- Page: 16 ----------------------
SIST EN 62733:2015
IEC 62733:2015 © IEC 2015 – 11 –
The focus of the risk assessment shall be the possible risks by the electronic controlgear
including the abnormal operation and fault conditions of the relevant Part 2 of IEC 61347.
5 Risk assessment
5.1 General
Possible risks by the controlgear shall be the focus of the risk assessment. The risk
assessment shall identify and classify known or reasonably foreseeable risks of a possible
malfunction of the software (including the risk originating from potential internal fault
conditions and abnormal operation of the controlgear described in the relevant Part 2 of
IEC 61347) under the assumption of expected use.
If the risk assessment shows that the software built-in to prevent the controlgear from
becoming unsafe, has a risk above the tolerable risk (and is not reduced by additional
hardware measures) then all parts of this standard are applicable.
If the risk assessment shows that the risk is tolerable then the controlgear does comply with
this standard. In this case only the parts relevant for describing the risk assessment of this
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.