The Need For Machine Validation
Previously we have reviewed three key stages in the implementation of EN ISO 13849-1. The final stage is the validation of all of this work to confirm that the appropriate quality assurance measures have been followed to avoid faults in the safety-related parts of the control system (SRP/CS).
An analysis by the Health and Safety Executive (HSE) of incidents connected with safety related parts of control systems revealed that poor design and implementation, together with incorrect specification, accounted for 59 per cent of the causes identified. This represents a significant amount of downtime for those that rely on machinery to do business effectively, and is exactly the type of problem that a full validation process can uncover before the control system goes into service.
End-user businesses are therefore increasingly demanding full validation on a machine before it is fully commissioned. So, machine builders that cannot provide the full validation paperwork are likely to see a negative impact on their sales revenue.
The HSE publication “Out of Control: Why control systems go wrong and how to prevent failure” provides useful support. Available as a free download from the HSE website (www.hse.gov.uk), this booklet is aimed at users of control systems, designers, manufacturers and installers. The booklet’s primary purpose is to raise awareness of the technical causes of control system failure by examining actual case studies of incidents that show that obvious defects could have been prevented.
The Validation Process
The validation process is intended to assure the conformity of the SRP/CS with the Machinery Directive. It is the demonstration that the SRP/CS meets the specified safety requirements, which can be done at different stages throughout the design and development lifecycle or at the end of it. However, we would recommend that this should be done as early as possible in the design stage and become part of the ongoing development process, as it is more cost effective for faults to be identified and rectified before rather than after a final machine has been produced.
Under EN ISO 13849-1, machine designers must meet the requirements of Section 8 of the new standard, which states that “the design of the safety related parts of the control system shall be validated”. Part two of EN ISO 13849 covers the validation elements comprehensively and Section 4.1 in EN ISO 13849-2 spells out the basic requirements very clearly:
“The validation shall demonstrate that each safety-related part meets the requirements of ISO 13849-1, in particular:
- the specified safety characteristics of the safety functions provided by that part, as set out in the design rationale, and
- the requirements of the specified category [see ISO 13849-1, clause 6].
Validation should be carried out by persons who are independent of the design of the safety-related part(s).”
As stated above, “persons who are independent of the design” means that, if possible, the tests should be performed by someone not involved in the design and development. As the validation process is re-examining all of the previous steps associated with developing safety related parts of control systems steps, it is clear why independent validation is so important, as engineers validating their own work could all too easily duplicate any mistakes they had made at the design stage.
However, it is important to remember that the level of independence must reflect the risk, i.e. the required Performance Level (PLr), which we covered in the first article of this four-part series, and which defines the level of risk reduction that is required from a particular safety function on a machine
Validation can be performed by analysis or a combination of analysis and testing, the first stage of which is creating a verification plan. This includes elements such as the identification of the product’s safety functions, test principles and internal company requirements that will be applied, analysis and tests that will be performed, fault lists (the principles for the consideration of faults are listed in the annexes of EN ISO 13849-2), the personnel that are responsible for this process, the specific tools used, and the definition of criteria for the passing or failure of tests.
The plan ensures that all the necessary validation stages are covered, which includes validation of all of the processes we have covered in previous articles – the safety function, the performance level of the SRP/CS, the category, Mean Time to Failure values, diagnostic coverage values, measures against common cause and systematic failures, and the safety-related software.
Throughout the validation process, every activity must be fully documented, together with their results, so that the machine manufacturer can produce evidence that validation has been properly carried out.
Since many safety functions use the same hardware within a machine, the validation process is not as onerous as it may at first seem. Once all safety functions have been considered and the analysis and tests show that the safety functions have been implemented correctly, your validation according to EN ISO 13849 Parts One and Two is complete.
For further information about the machinery safety services we offer, please click here.