Rebreather World - View Single Post - Wow! Meg design

AD_ward9 · 4th May 2007, 07:10

Quote: (Originally Posted by UWSojourner)

Someone tell me what constitutes a "design problem".

Is it that something could go wrong with a feature?

Is it that something is likely to go wrong?

Is it the likely outcome if something goes wrong?

Rick below has summarised things accurately and very nicely, as has Mike. Your question does not seem to have been answered, so I will try and also create in the process a clear briefing document that may assist Ron in his meeting with Leon in presenting the issues. So here we go:

There have been comments that this is a design fault for some time, so it may be time for my rep to take a down-turn by upsetting all the Meg users again by pointing out this once more in a more "bottom line" form. I promise not to bore anyone by doing it again on this particular fault.

Starts with an answer to your question directly.

A Design Flaw is something that causes a piece of equipment to fail to achieve its design intent under plausible conditions. We would use Fault instead of Flaw, incidentally.

A Dangerous Design Flaw is something that causes the equipment to expose someone to a safety hazard due to failing to achieve its design intent under plausible conditions.

"Plausible" is defined in safety terms as function of the consequences of the incident occuring. One can tolerate a shower head failing every 100k hours, but an air frame has got to do a lot better than that.

There are different terms used, but typically the range for "Plausible" goes from "Frequently" at 1000 hours to "Extremely Improbable" at a billion hours.
For a rebreather sold to the mass market, the rating should be the billion hours (SIL 4) IMHO, though SIL 3+ at 100million hours might be a legally defensible level. For a Mira Shower head, they have gone for a million hours (SIL 1).

On that scale, this Meg design fault is either Frequent or Very Likely. It is SIL nothing.

In Europe, this is embodied in EN14143:2003 and PPE, which require it to be safe under all foreseeable conditions, and EN61508 of course which defines things much more precisely. Megs are not made in Europe, but good practice should be sought out, not just ignored.

Use of sensors linking one side of the scrubber to another is a Dangerous Design Flaw, because:

1. The O2 sensors are not rated for any differential pressure and tests on a sensor with differential pressure will show that some sensors can leak electrolyte with 2psi and above (above 100mbar, but less than the 300mbar the system should withstand). The sensor will likely fail early and may act inconsistently. It may predispose the sensor to failing mechanically.

2. Some users will not screw the sensor in properly so it may fall out in use. Users can do anything: Leon is selling to the general public rather than major corporates with their rigorous checklists and procedures. If the sensor falls out then it is plausible that the resulting PPCO2 increase will cause a fatal accident.

3. The sensor may fall apart as the plastic that is screwed in is just glued to the sensor cell in Teledynes, and water on it can change that glue pad's adhesive properties.

4. There may be a small leak which would cause some increase in PPCO2 to the diver.

5. The differential pressure may cause any droplets of KOH lost from the electrolyte to become entrailed into the gas stream to the diver.

6. The frequency at which the above faults may occur does not meet SIL 3, nor even SIL 1. It is SIL nothing, or "there is no safety integrity level in this product" with this Dangerous Design Flaw.

My blunt side comes out when there are safety issues involved. Sorry about that, but please be blunt in pointing out mistakes we do. On safety matters we will appreciate it, honestly. Others might not, but such is life.

What can be done in this case? A rework to add a partition behind the sensors? Potting them in a peelable silicone and obliging users to do an annual factory service to replace them? New head? Tests on the sensors to determine a particular model that is not affected by differential pressure and has suitable mechanics for a seal? A holder for the PPO2 sensors and plugs for the previous ports ...

The last of these is something users can do themselves, but a factory fix is much better.

The PPO2 sensors should be as close to the O2 injector as possible. It is a Dangerous Design Flaw for them to be upstream of the injector, because there is no difference between a very slow sensor and a very fast sensor which is upstream of the injector because there can be a long time lag for the breathing gas to travel from the injector around the loop to the sensors, which inject more gas.

Alex

4th May 2007, 07:10	#150 (permalink)
AD_ward9 RBW Member Current Rebreather/s: Other CCR Other Rebreather/s: Other CCR Join Date: Jun 2005 Location: Scotland Posts: 2,011	Re: Wow! Meg design - dont know if I like this Quote: (Originally Posted by UWSojourner) Someone tell me what constitutes a "design problem". Is it that something could go wrong with a feature? Is it that something is likely to go wrong? Is it the likely outcome if something goes wrong? Rick below has summarised things accurately and very nicely, as has Mike. Your question does not seem to have been answered, so I will try and also create in the process a clear briefing document that may assist Ron in his meeting with Leon in presenting the issues. So here we go: There have been comments that this is a design fault for some time, so it may be time for my rep to take a down-turn by upsetting all the Meg users again by pointing out this once more in a more "bottom line" form. I promise not to bore anyone by doing it again on this particular fault. Starts with an answer to your question directly. A Design Flaw is something that causes a piece of equipment to fail to achieve its design intent under plausible conditions. We would use Fault instead of Flaw, incidentally. A Dangerous Design Flaw is something that causes the equipment to expose someone to a safety hazard due to failing to achieve its design intent under plausible conditions. "Plausible" is defined in safety terms as function of the consequences of the incident occuring. One can tolerate a shower head failing every 100k hours, but an air frame has got to do a lot better than that. There are different terms used, but typically the range for "Plausible" goes from "Frequently" at 1000 hours to "Extremely Improbable" at a billion hours. For a rebreather sold to the mass market, the rating should be the billion hours (SIL 4) IMHO, though SIL 3+ at 100million hours might be a legally defensible level. For a Mira Shower head, they have gone for a million hours (SIL 1). On that scale, this Meg design fault is either Frequent or Very Likely. It is SIL nothing. In Europe, this is embodied in EN14143:2003 and PPE, which require it to be safe under all foreseeable conditions, and EN61508 of course which defines things much more precisely. Megs are not made in Europe, but good practice should be sought out, not just ignored. Use of sensors linking one side of the scrubber to another is a Dangerous Design Flaw, because: 1. The O2 sensors are not rated for any differential pressure and tests on a sensor with differential pressure will show that some sensors can leak electrolyte with 2psi and above (above 100mbar, but less than the 300mbar the system should withstand). The sensor will likely fail early and may act inconsistently. It may predispose the sensor to failing mechanically. 2. Some users will not screw the sensor in properly so it may fall out in use. Users can do anything: Leon is selling to the general public rather than major corporates with their rigorous checklists and procedures. If the sensor falls out then it is plausible that the resulting PPCO2 increase will cause a fatal accident. 3. The sensor may fall apart as the plastic that is screwed in is just glued to the sensor cell in Teledynes, and water on it can change that glue pad's adhesive properties. 4. There may be a small leak which would cause some increase in PPCO2 to the diver. 5. The differential pressure may cause any droplets of KOH lost from the electrolyte to become entrailed into the gas stream to the diver. 6. The frequency at which the above faults may occur does not meet SIL 3, nor even SIL 1. It is SIL nothing, or "there is no safety integrity level in this product" with this Dangerous Design Flaw. My blunt side comes out when there are safety issues involved. Sorry about that, but please be blunt in pointing out mistakes we do. On safety matters we will appreciate it, honestly. Others might not, but such is life. What can be done in this case? A rework to add a partition behind the sensors? Potting them in a peelable silicone and obliging users to do an annual factory service to replace them? New head? Tests on the sensors to determine a particular model that is not affected by differential pressure and has suitable mechanics for a seal? A holder for the PPO2 sensors and plugs for the previous ports ... The last of these is something users can do themselves, but a factory fix is much better. The PPO2 sensors should be as close to the O2 injector as possible. It is a Dangerous Design Flaw for them to be upstream of the injector, because there is no difference between a very slow sensor and a very fast sensor which is upstream of the injector because there can be a long time lag for the breathing gas to travel from the injector around the loop to the sensors, which inject more gas. Alex Last edited by AD_ward9 : 4th May 2007 at 09:21.
(Offline)