Safety Verification and Validation Requirements, Processes and Documentation
Upcoming SlideShare
Loading in...5
×
 

Safety Verification and Validation Requirements, Processes and Documentation

on

  • 232 views

The Safety Life Cycle approach as defined in standards IEC 61508 and IEC 62061, requires verification to prove the circuit for the safety functions of the machine are working properly and meet ...

The Safety Life Cycle approach as defined in standards IEC 61508 and IEC 62061, requires verification to prove the circuit for the safety functions of the machine are working properly and meet specified requirements, and validation to test the safety functions of the system. These functions require a plan and proper documentation. This session will cover the verification and validation process, proper documentation and available tools. We recommend attending SF01-Safety System Development Process and Configuration Tools Overview prior to this session.

Statistics

Views

Total Views
232
Views on SlideShare
232
Embed Views
0

Actions

Likes
0
Downloads
10
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Safety Verification and Validation Requirements, Processes and Documentation Safety Verification and Validation Requirements, Processes and Documentation Presentation Transcript

  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION Safety Verification and Validation Requirements, Processes, and Documentation
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. 2 Agenda Best Practices Example V&V Plan / Documentation The verification and validation process What are verification and validation? Why do validation?
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. 3 The Safety Life Cycle STEP 5 MAINTAIN & IMPROVE SAFETY SYSTEM STEP 1 RISK OR HAZARD ASSESSMENT STEP 4 SAFETY SYSTEM INSTALLATION & VALIDATION STEP 3 SAFETY SYSTEM DESIGN & VERIFICATION STEP 2 SAFETY SYSTEM FUNCTIONAL REQUIREMENTS Safety Life Cycle
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. … machine had a plastic guard… to prevent the entry of any fingers… … Employee #1 opened the plastic guard to knock the piece of chicken aside with his fingers… … fingers got caught in the rotating blades… sustained an amputation … cover has an interlock to stop the machine…
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. How is this Possible?  Assume a risk assessment was performed:  Frequent exposure, Serious Injury, Not Likely to Avoid  Proper safeguard selection (interlocking guard)  Proper circuit design (reliability matches level of risk)  What was missed? 6 Didn’t we do the right things? … a later test indicated… it took a little over two seconds for the machine to stop
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Why Do we Do Validation? 7 Does it work the way I designed it to work?
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. 8 Agenda Best Practices Example V&V Plan / Documentation The verification and validation process What are verification and validation? Why do validation?
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. What are Verification and Validation? 9  Verification: confirmation by examination (e.g. tests, analysis) that the SRECS, its subsystems or subsystem elements meet the requirements set by the relevant specification  Validation: confirmation by examination (e.g. tests, analysis) that the SRECS meets the functional safety requirements of the specific application  Verification: confirmation by examination (e.g. tests, analysis) that the SRECS, its subsystems or subsystem elements meet the requirements set by the relevant specification  Validation: confirmation by examination (e.g. tests, analysis) that the SRECS meets the functional safety requirements of the specific application  The system and individual components  Check that each component and output of each step meets the necessary requirements  The overall system  Check that the system will meet the demands of the application
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. 10 How Do We Know it can Meet the Demands of the Application? STEP 5 MAINTAIN & IMPROVE SAFETY SYSTEM STEP 1 RISK OR HAZARD ASSESSMENT STEP 4 SAFETY SYSTEM INSTALLATION & VALIDATION STEP 3 SAFETY SYSTEM DESIGN & VERIFICATION STEP 2 SAFETY SYSTEM FUNCTIONAL REQUIREMENTS Safety Life Cycle?
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. What are Verification and Validation? 11  Verification: confirmation by examination (e.g. tests, analysis) that the SRECS, its subsystems or subsystem elements meet the requirements set by the relevant specification  Is my design CAPABLE of meeting the required performance level (PLr)?  Do each of my software modules perform as expected?  Can the relay and the valve work together?  More theoretical in nature  More about the DESIGN  Confirm the process step  Validation: confirmation by examination (e.g. tests, analysis) that the SRECS meets the functional safety requirements of the specific application  Does my circuit perform as expected?  Did the system software shut off all the hazards in all modes?  What happens when I short E-stop channel A to ground?  More practical in nature  More about the PERFORMANCE  Confirm the entire process
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Standards and V&V: ISO 13849 12  ―Shall demonstrate that each SRP/CS…‖ – performed for ALL safety functions  Use analysis and testing  ―shall include testing under fault conditions‖ for Categories 2-4
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Standards and V&V: IEC 62061 13  ―Each SRCF… shall be validated‖ – performed for all safety functions  ―shall be validated by test and/or analysis‖  ―fault insertion testing shall be performed where the required safe failure fraction > 90 %.‖
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. 14 Agenda Best Practices Example V&V Plan / Documentation The verification and validation process What are verification and validation? Why do validation?
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Who Oversees Validation? 15  "Should" be persons independent of the design.  Assessor ?  Independent person?  Independent department?  Independent organization?
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Gather the right information 16  Documentation – What do I need?  Varies according to technology used, the category or categories and performance level(s) to be demonstrated, the design rationale of the system, and the contribution of the SRP/CS to the reduction of the risk. Documents containing sufficient information from the following list shall be included in the validation process to demonstrate that the safety-related parts perform the specified safety functions to the required performance level or levels and category or categories:  specification of the required characteristics of each safety function, and its required category and performance level;  drawings and specifications, block diagram(s), circuit diagram(s), time sequence diagram(s) for switching components, signals relevant for safety;  description of the relevant characteristics of components previously validated;  for safety-related parts other than those listed in g), component lists with item designations, rated values, tolerances, relevant operating stresses, type designation, failure-rate data and component manufacturer, and any other data relevant to safety;  information for use, e.g. installation and operation manual/instruction handbook.  software specification which is clear and unambiguous and which states the safety performance the software is required to achieve,  — evidence that the software is designed to achieve the required performance level (see 9.5), and  — details of tests (in particular test reports) carried out to prove that the required safety performance is achieved.  VERIFICATION OF CIRCUIT PERFORMANCE  Information is required on how the performance level and average probability of a dangerous failure per hour is determined. The documentation of the quantifiable aspects shall include — the safety-related block diagram (see ISO 13849-1:2006, Annex B) or designated architecture  — the determination of MTTFd, DCavg and CCF, and  — the determination of the category (see Table 2).  Information is required for documentation on systematic aspects of the SRP/CS.  Information is required as to how the combination of several SRP/CS achieves a performance level in accordance with the performance level required.
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Make a Plan - 13849 17  Spelled out in the standards  Step by step plan that needs to include:  What specs do I need to meet?  Test conditions: operational and environmental  What analyses and tests will I use?  What test standards will I use?  Who will perform each step?
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Make a Plan - 62061 18  Verification plan:  When the verification shall take place;  Who shall carry out the verification;  What strategies and techniques;  What is success? - acceptance criteria  Pass fail? evaluation of verification results.  Validation plan:  When the validation shall take place;  Modes of operation of the machine – Don’t forget!  What is the standard? Specs…  HOW? technical strategy / analytical methods / statistical tests  What is success? acceptance criteria  Then what? Actions to be taken in the event of failure to meet the acceptance criteria.
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Documentation – What Do I Need to Produce? 19  Analysis and testing ―shall be recorded‖  Validation of each safety function recorded  Process for each safety function recorded  Cross-reference to previous validation records  If something does NOT meet the acceptance criteria:  Which element failed?  Why did it fail?  What will we do about it?  For any safety-related part which has failed an element of the validation process, the validation record  Documentation of re-validation after modification
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. 20 Agenda Best Practices Example V&V Plan / Documentation The verification and validation process What are verification and validation? Why do validation?
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Step 1 – V&V Introduction and Basic Validation Information Guardmaster Safety Relay Validation - Example Introduction This document defines the verification and validation test procedures to be performed on a Guardmaster Safety Relay (GSR) system. The safety system consists of series wired E-Stop pushbsuttons wire to a 440R-D22R2 safety relay which actuates tow safety contactors. The purpose of this validation plan is to verify the operational and diagnostic features of the Guardmaster Safety Relay application under normal and abnormal operating conditions. This document will also serve as a record of the safety system performance during testing. Basic Validation Data Machine Name/Model Number Machine Serial Number Customer Name Test Date Tester Name(s) Schematic Drawing Number Guardmaster Safety Relay Model
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Step 2 – V&V Methodology and Wiring Verification Methodology This Guardmaster Safety Relay System validation procedure consists of three phases of testing. The phases must be completed in the order listed below. 1. Safety Wiring and Configuration Checkout 2. Normal Functional Operation 3. Abnormal Functional Operation Safety Wiring Verification Safety Wiring Verification tests that the safety relay wiring and rotary switch settings are correct and properly documented.
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Step 3 – V&V Run Verification Establish Machine Run Condition Test Step Verification Pass/Fail Changes/Modifications Purpose Verify the safety relay wiring and rotary switch settings 1 Visually verify the E-Stop pushbutton wiring follows the wiring diagram. 2 Visually verify the contactor wiring follows the wiring diagram. 3 Verify the logic configuration steps were followed per the Installation Manual. 3 Visually verify that the rotary switch is set to Position 2 {(IN1 & IN2) OR L12} Normal Operation Verification Normal Operation Verification tests that the safety system responds properly during normal operation and will verify the following: Initiation of a Start Command from a pushbutton or HMI will cause the safety contactors to close only if: No safety relay faults are present and all E-Stop buttons are released. If an E-Stop button is pressed, the safety relay will de-energize the contactors. Safety relay faults are cleared by the Fault Reset pushbutton. Establish Machine Run Condition Test Step Verification Pass/Fail Changes/Modifications Purpose Verify that the Machine can be placed into a run condition. 1 Machine Stopped Condition - All contactors are opened and all relay LEDs are green 2 Release all E-Stop buttons 3 Press the ―Reset‖ pushbutton. 4 Initiate a Start command (pushbutton or HMI) 5 Verify that all safety contactors close.
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Step 4 – V&V Safe E-stop Condition Verification Establish Machine Safe Condition (E-Stop) Test Step Verification Pass/Fail Changes/Modifications Purpose Verify that the machine will enter a safe condition (all safety contactors opened) after an E-Stop pushbutton is depressed. 1 Machine Run Condition - All contactors are closed. 2 Depress the E-stop pushbutton. 3 Verify that all safety contactors open. 4 Verify that the Safety Relay LEDs indicate which channel is open. 5 Release the E-stop pushbutton from Step #1. 6 Press the "Reset" pushbutton and initiate a Start command. 7 Verify the Machine Run Condition is re-established. 8 Repeat steps 1 through 6 for all E-stop pushbuttons on the machine.
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Step 5 – V&V Abnormal Operation Verification Abnormal Operation Validation Abnormal Operation Validation tests that the safety relay system responds properly to faults and will verify the following: A single wire safety connection fault will initiate a Shutdown and the LEDs will indicate a fault if cascaded relays are used. Detection of Inconsistent inputs on the E-Stop pushbutton will initiate a Shutdown and will indicate a fault on the LEDs. Contactors that fail to pickup or drop out will initiate a shutdown and incidate a fault on the LEDs. Inactive faults are cleared by the Reset pushbutton.
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Step 6 – V&V Single Wire Safety Connect Fault Verification Single Wire Safety Connection Fault Test Step Verification Pass/Fail Changes/Modifications Purpose This test will verify system response when the single wire safety connection is lost or shorted on cascaded relays. (Not applicable for single relays) 1 Machine Run Condition - All contactors are closed. 2 Disconnect the single wire safety connection from L11 3 Verify that all contactors open immediately. 4 Verify that the PWR/FAULT LED flashes Red 5 times. 5 Verify that the fault cannot be reset with the wire disconnected. 6 Reconnect the wire to L11 and cycle the E-Stop pushbutton 7 Press the Reset pushbutton and verify thePWR/FAULT LED is Green 8 Short the single wire safety connection from L11 to +24vdc. 9 Verify that the PWR/FAULT LED flashes Red 5 times. 10 Verify that the fault cannot be reset with the wire disconnected. 11 Reconnect the wire to L11 and cycle the E-Stop pushbutton 12 Press the Reset pushbutton and verify thePWR/FAULT LED is Green 13 Repeat Steps 1-12 for all cascaded Safety Relays.
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Step 7 – V&V Logic Verification GSR Logic Confguration Switch Test Test Step Verification Pass/Fail Changes/Modifications Purpose This test will verify the system response when the Guardmaster Safety RelayLogic Switch is turned while the machine is running. 1 Machine Run Condition - All contactors are closed. 2 Turn the dial switch on Guardmaster Safety Relay 3 Verify all contactors remain closed and PWR/FAULT LED flashes Red-Green two times per cycle. 4 Turn the dial switch on Guardmaster Safety Relay back to 2 5 Verify all contactors remain closed and PWR/FAULT LED is solid green.
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Step 8 – V&V Output Verification Safety Contactor Feedback Open Fault Test Step Verification Pass/Fail Changes/Modifications Purpose This test will verify the system response and diagnostic reporting when a contactor feedback open fault occurs. 1 Machine Run Condition - All contactors are closed. 2 Disconnect the wire from a contactor feedback input. 3 The Safety Relay will not detect this since the auxiliary contacts are both open and removing a wire does not change this. So no action should be taken. 4 Press the ―E-Stop‖ pushbutton. 5 Verify that all contactors open immediately. 6 Verify that the PWR/FAULT LED is Red. 7 Verify that the fault cannot be reset with the feedback wire disconnected. 8 Reconnect the wire from Step 2 and cycle the E-Stop Pushbutton. 9 Press the Reset pushbutton and verify thePWR/FAULT LED is Green Safety Contactor Feedback Shorted Fault Test Step Verification Pass/Fail Changes/Modifications Purpose This test will verify the system response and diagnostic reporting when a contactor feedback shorted fault occurs. 1 Machine Run Condition - All contactors are closed. 2 Place a jumper around the contactor feedback contact. 3 Verify that all contactors open immediately. 4 Verify that the PWR/FAULT LED is Red. 5 Remove the jumper inserted in Step 2. 6 Press the Reset pushbutton and verify thePWR/FAULT LED is Green Contactor Failed to Pickup Fault Test Step Verification Pass/Fail Changes/Modifications Purpose This test will verify system response and diagnostic reporting when a contactor fails to pickup when initially commanded to close. 1 Machine Run Condition - All contactors are closed. 2 Place a jumper around the contactor feedback contact. 3 Verify that all contactors attempt to close but when one fails to close all contactors reopen. 4 Verify that the PWR/FAULT LED is Red. 5 Remove the jumper inserted in Step 2. 6 Press the Reset pushbutton and verify thePWR/FAULT LED is Green
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. 29 Example: Safety Checklists and Validation Safety Checklists Sample checklists to help users develop verification and validation checklists. These checklists guide you thru the evaluation process. • GuardLogix® users manuals • on-line at AB.com
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Example: Pre-engineered Safety Blocks
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. 31 Example: Pre-engineered Safety Blocks Safety V&V Plans help you document that the system operated as intended at installation. This provides a documentation trail and proof of due diligence.
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. 32 Agenda Best Practices Example V&V Plan / Documentation The verification and validation process What are verification and validation? Why do validation?
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. We care what you think!  On the mobile app: 1. Locate session using Schedule or Agenda Builder 2. Click on the thumbs up icon on the lower right corner of the session detail 3. Complete survey 4. Click the Submit Form button 33 Please take a couple minutes to complete a quick session survey to tell us how we’re doing. 2 3 4 1 Thank you!!
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. www.rsteched.com Follow RSTechED on Facebook & Twitter. Connect with us on LinkedIn. PUBLIC INFORMATION Questions?
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION Thank You