This website uses cookies primarily for visitor analytics. Certain pages will ask you to fill in contact details to receive additional information. On these pages you have the option of having the site log your details for future visits. Indicating you want the site to remember your details will place a cookie on your device. To view our full cookie policy, please click here. You can also view it at any time by going to our Contact Us page.

Close

Safety in control: the need for validation

11 May 2011

With EN ISO 13849-1 having been in place for some time as the standard for the safety related parts of machine control systems it is concerning that comparatively little attention has been given to one very important aspect of this standard, namely the requirement for validation. Machine builders need to consider carefully how they will meet this requirement, so this week, I have invited Paul Laidler of Laidler Associates to shed some light on the issue.

Les Hunt
Les Hunt

For many years, the applicable standard for the safety related parts of machine control systems has been EN 954-1. However, in recent times, the shortcomings of this standard – which includes its inability to deal with programmable or software safety systems – have become increasingly significant. For this reason a new standard, EN ISO 13849-1, was developed and it was initially planned that this would replace EN 954-1 at the end of 2009.

In fact, the change of approach introduced with EN ISO 13849-1 was so radical that machine builders and other interested parties successfully petitioned for a stay of execution and, as a result, it was agreed that EN 954-1 could remain in use until the end of 2011. That date is now just months away, and it is very unlikely that there will be a further extension to the life of this venerable standard.

All of which means that machine builders need to be ready to work with EN ISO 13849-1 from 1st January 2012 - if they are not already using this standard - and that includes being ready to meet the requirements of Section 8 of the standard, which states that “the design of the SRP/CS (safety related parts of the control system) shall be validated.” The standard goes on to advise that details of the validation are given in EN ISO 13849-2, which we will return to shortly.

The requirement for validation should not come as a surprise to machine builders as validation is, in fact, already required by EN 954-1. There are very good reasons for this, as a quick perusal of the HSE publication “Out of Control” will reveal.

Available as a free download from the HSE website this document includes, in Section 4, an analysis of incidents connected with safety related parts of control systems. This analysis reveals that poor design and implementation, together with incorrect specification, accounted for 59% of the problems examined in the study. These are exactly the types of problem that validation could have been expected to uncover before the control system went into service.

In spite of this, the requirement for validation contained in EN 954-1 has sometimes been neglected with few apparent consequences. This situation is, however, most unlikely to be allowed to continue when EN 954 is withdrawn.
So what exactly does validation involve? EN ISO 13849-2 spells out the basic requirements very clearly in Section 3.1, Validation Principles. In part, this states:

“The validation shall demonstrate that each safety-related part meets the requirements of ISO 13849-1, in particular:

 the specified safety characteristics of the safety functions provided by that part, as set out in the design rationale, and

 the requirements of the specified category [see ISO 13849-1, clause 6].
Validation should be carried out by persons who are independent of the design of the safety-related part(s).”

The standard goes on to explain that the use of the phrase “independent person” does not necessarily mean that third party testing is needed, but that the degree of independence should reflect the safety performance of the safety related part.

Now let’s look at the validation process. As a preliminary design step, the engineer designing the machine will have carried out a risk analysis to identify the safety performance level (PL) appropriate to the hazards associated with the machine, a procedure that is covered by EN ISO 13849-1. The engineer will then have designed a control system to meet this PL, by considering the category, carefully selecting the components used and, with the introduction of the new standard, carrying out detailed calculations involving the mean time to dangerous failure for these components, along with diagnostic coverage and common cause failures.

The validation process must re-examine all of these steps, and it’s now clear why independent validation is so important – engineers validating their own work could all too easily duplicate any mistakes they had made at the design stage. Validation doesn’t finish with re-examining the design, however; it must also look at the implementation of the SRP/CS and, in some cases, verify its functionality by testing.

In fact, there is even more to be done, as validation must also take into account the environmental conditions in which the machine will operate, including the effects of shock and vibration to which it may be subjected, as well as temperature, humidity and, where applicable, the effects of lubricants and cleaning materials. Electromagnetic compatibility must be considered, as must the effects of wear and other forms of deterioration as the machine ages.

Finally, the validation process must be carefully and fully documented so that the machine maker can produce evidence, if called upon to do so, that validation has been properly carried out.

It will be seen that validation, while mandatory, is a far from trivial exercise. In fact, many machine manufacturers may well find that they lack the in-house resources and expertise needed to properly validate the SRP/CS in their products. In such cases, the services of an expert consultant will prove an excellent investment. It is also worth noting that an additional benefit of using services of this type is that the requirement for validation to be carried out by persons who are independent of the design process will be automatically satisfied.

It is often tempting to think that carrying out work in house is the most cost-effective option but, when the work is as critical and demanding as SRP/CS validation certainly is, this assumption may be very far from true. Buying in expertise and resources to carry out these complex tasks will often deliver big savings in time and money – not to mention stress!

Readers wishing to learn more about Laidler Associates’ services in this particular area of machine safety should click here. [www.laidler.co.uk]

Les Hunt
Editor


Contact Details and Archive...

Print this page | E-mail this page

Minitec