The need for validationAlthough EN ISO 13849-1 has been in place for some time as the standard for the safety related parts of machine control systems (SRP/CS), comparatively little attention seems to have been given to an important aspect - the requirement for validation. Paul Laidler explains.
An analysis by the Health and Safety Executive (HSE) of incidents connected with safety related parts of control systems revealed that poor design and implementation, together with incorrect specification, accounted for 59 per cent of the causes identified. That represents a significant amount of downtime for those that rely on machinery to do business effectively, and are exactly the types of problem that a full validation process could have uncovered before the control system went into service.
End-user businesses are therefore increasingly demanding full validation on a machine before they purchase it. So, machine builders that cannot provide the full validation paperwork should see a negative impact on their sales revenue.
EN 954-1, the traditional standard for safety-related parts of the control system, was withdrawn in December 2011. Since then, its replacement (EN ISO 13849-1) must now be followed. Under EN ISO 13849-1 machine designers must meet the requirements of Section 8 of the new standard, which states that "the design of the safety related parts of the control system shall be validated." The standard goes on to advise that details of the validation are given in EN ISO 13849-2, which we will return to shortly.
The requirement for validation should not come as a surprise, as validation was already required by the old EN 954-1 standard. There are very good reasons for this, as the HSE publication "Out of Control: Why control systems go wrong and how to prevent failure" reveals. Available as a free download from the HSE website (www.hse.gov.uk) this booklet is aimed at users of control systems, designers, manufacturers and installers. As previously mentioned, it includes an analysis of incidents connected with safety-related parts of control systems, as well as guidance reflecting revisions of legislation and relevant standards. The booklet's primary purpose is to raise awareness of the technical causes of control system failure by examining actual case studies of incidents that show that obvious defects could have been prevented.
Following a process
So what exactly does validation involve? This is where we return to EN ISO 13849-2, which spells out the basic requirements very clearly in Section 3.1, Validation Principles. This states that "The validation shall demonstrate that each safety-related part meets the requirements of ISO 13849-1, in particular:
Validation should be carried out by persons who are independent of the design of the safety-related part(s)."
The standard goes on to explain that the use of the phrase "independent person" does not necessarily mean that third-party testing is needed, but that the degree of independence should reflect the safety performance of the safety related part.
Now let's look at the validation process. As a preliminary step, the engineer designing the machine will have carried out a risk analysis to identify safety performance levels (PL) required by safety functions that are providing part of the overall risk reduction appropriate to the hazards associated with the machine, a procedure that is covered by EN ISO 13849-1. The engineer will then have designed a control system that is capable of meeting the PL required by the safety functions. This is done by considering the categories within the Standard, carrying out detailed calculations involving the 'mean time to dangerous failure' for the chosen components, along with diagnostic coverage and common cause failures.
The validation process must re-examine all of these steps, and it's now clear why independent validation is so important, as engineers validating their own work could all too easily duplicate any mistakes they had made at the design stage. However, validation doesn't finish with re-examining the design, as it must also look at the implementation of the SRP/CS and, in some cases, verify its functionality by testing.
In fact, there is even more to be done, as validation must also take into account the environmental conditions in which the machine will operate, including the effects of shock and vibration, as well as temperature, humidity and the effects of any lubricants and cleaning materials that might be used. Electromagnetic compatibility must also be considered, as should the effects of wear and other forms of deterioration as the machine ages. Finally, the validation process must be fully documented so that the machine manufacturer can produce evidence that validation has been properly carried out.
Independent validation is clearly an important part of the process of stopping control systems from going wrong and of preventing the failure of machines in service. Unreliable machines that have not been appropriately validated will affect end-users' bottom line, and will ultimately impact the reputation and sales revenue of any machinery producer that does not up their game when it comes to validation. To avoid this, act now to ensure validation is included as part of the design process.
TUV Product Services
Other News from TUV Product Services
Latest news about Safety products