How do I validate my Safety System?

The most common step that is not performed or performed incorrectly when implementing a safety system is validation. This step is essential to confirm the specification and conformity of the safety system, however many people are unsure how to validate or don't even consider performing a validation.

Here are some common mistakes made with validation:

No Specification

You can’t validate an unspecified safety system, thus if there is no specification document then what are you validating?

The specification document has two purposes:
  1. It provides a framework for the system to be designed
  2. It provides a specification to validate

The specification should explain the following:
  1. The functional behaviour of the safety system - For example if the system is an E-Stop the specification should explain; how the E-Stop is initiated, what hazardous movements are inhibited by the E-Stop, what Stop Category is performed, how quickly are these movements inhibited, how is the system reset to allow machine operation to continue, etc.
  2. Operational and environmental conditions
  3. Integrity Requirements - What is the level of risk reduction required by the safety system? This can be measured by a required Safety Category (CAT), Performance Level (PL) or Safety Integrity Level (SIL)
Once the Specification exists then the system can be validated according to its functional, environmental and integrity requirements.

Only Normal Operation of Safety System is Tested

It is common for validation to be performed on a safety system with no fault simulation testing.

For example, if validating an E-Stop the machine is started under its maximum expected operational load and the E-Stop hit. The safety function is validated by confirming the hazardous movements have been ceased in the required time according to the specification and the machine can’t be restarted until the E-Stop operator is manually reset.

The above validation may prove the functional behaviour of the E-Stop but many safety systems also require fault simulation to validate their integrity requirement. If the above E-Stop had a requirement of CAT 3, then all single fault modes would need to be simulated to confirm that the system will not lose safety function due to a single fault.

No Documentation

As like any activity performed during the implementation of a safety system, validation does not exist if it is not documented. All relevant analysis, tests reports, calculations, data sheets, etc. must be recorded to prove the process undertaken.

For help with validation plans, register for the NHP Safety Reference Guide, in the 'Safety Function Document' section there are numerous examples of pre-engineered Safety Functions with validation plans at the back of each document.

For more information on the process of validation, activities to be performed and the documentation required reference AS 4024.1502-2006.

Published: 18 May 2017

What makes a contactor a safety contactor?

A common question is; Do I need to use safety contactors in safety-related control systems?

So, what makes a contactor a safety contactor? These devices are purpose built for safety applications with many design principles built into the product. Like most safety devices, third-party certification provides a good reassurance that the product is appropriate for safety applications. NHP safety contactors are independently certified by Suva Accredited Certification Body.

As required in AS/NZS 4024.1501/1502/1503 the use of basic and well-tried safety principles must be considered for any safety control system for Category 1-4. The design and construction of safety contactors incorporate many of these safety principles. Some of these principles include:

Pictured: 37KW 3P 110V AC COIL 4NC
AUXILIARY Safety Contactor

True auxiliary indication

The auxiliary contacts that provide feedback to the safety system should use proven techniques such as positive guided/mechanically linked or mirror contacts to ensure a true indication of the contactor's state. In AS/NZS 4024.1502 the use of these techniques is defined as a well-tried safety principle and is required for Category 1-4.

No manual operation

Unlike standard contactors that can be easily operated from the front of the device, safety contactors do not allow for manual operation from the front of the contactor. This design feature avoids the possibility of personnel creating an unsafe state due to unexpected start-up. In AS/NZS 4024.1502 the prevention of unexpected start-up is defined as a basic safety principle required for Category B-4.

Securely fixed auxiliary contact block

The auxiliary contacts on safety contactors are permanently or securely fixed to the device, this avoids the possibility of the auxiliary contacts becoming separated from the contactor due to environmental causes (eg. Vibration) and makes intentional tampering more difficult. In AS/NZS 4024.1502 the secure fixing of these contacts is defined as a basic safety principle, required for Category B-4.

Reliability data

When designing safety systems to the standards AS/NZS 4024.1503 or AS 62061, reliability data needs to be obtained for the safety devices. Safety contactors have reliability data in the form of a B10d value.

Easily identifiable

To reduce the chances of unintended misuse of the safety system, safety contactors may be easily identifiable compared to standard contactors, i.e.: The safety contactor may be a different colour. This feature reduces the chances of accidental tampering with the safety system.

Other design considerations when selecting contactors in a safety-related control system include:

  • Consider environmental influences of the application such as temperature, vibration, existence of dust or other contaminants, this is a basic safety principle from AS/NZS 4024.1502
  • Consider over-dimensioning the contactor to reduce dangerous failure modes, this is a well-tried safety principle from AS/NZS 4024.1502
  • Where available use contactor coils with built in surge suppression, this is a basic safety principle out of AS/NZS 4024.1502
  • Ensure all circuits have relevant protection devices

Published: 17 January 2017

How to Select the Correct Safe Guard

When should you install a fixed guard as opposed to an interlocked guard?

Is a bolted guard a permanent fixed guard?

When is it acceptable to replace physical guards with light curtains?

These are common questions people have when selecting the appropriate guarding for their machinery. Guidance on selecting the appropriate guard is available in the Work Health and Safety legislation, section 4 of the Code of Practice, "Managing the Risks of Plant in the Workplace" explains this process. This is based on clause 208 of the Work Health and Safety Regulations (Current legislation for all states and territories except for WA and Victoria).

Here's what the code of practice says about selecting your safe guard:

If access to the area of the machine is not needed during operation, maintenance or cleaning then a permanent fixed safe guard is required. What is a permanent fixed safe guard? The code of practice states this guard is welded or incorporated into the body of the machine, thus a bolted guard is not a permanent fixed safe guard.

If access to the area of the machine is require during operation, maintenance or cleaning then an interlocked guard can be used. This guard will have a safety control system that will cease any relevant hazardous energy to the machine when the safe guard is not in a closed position.

If it's not reasonable to use a permanent fixed safe guard or interlocked safe guard then a fixed safe guard can be used. A fixed safe guard can be removed and replaced with the aid of a special tool, such as a coded spanner or Allen key. Thus a bolted guard would be classed as a fixed safe guard.

If none of the above physical guarding options are practicable, then a presence sensing system, such as light curtains or laser scanners can be used. A common example of this would be a conveyor that transports goods into a robotic cell, if a physical guard was used then the goods would be blocked in entering the cell whereas a light curtain will allow the goods to enter the cell in a safe manner.

The most common query people have about the above guidance is: When should I use an Interlocked Guard or a Fixed Guard?

The interlocked guard is the first option when access is required because a safety control system is protecting the operator from the hazards on the machine. When using fixed guarding we are relying on human behavior to ensure three things:

  1. The hazardous energy has been isolated before the safe guard is removed
  2. The hazardous energy will remain isolated while the safe guard is removed
  3. The guard is replaced before the hazardous energy is resupplied to the machine

Thus two considerations should be made when deciding if a fixed guard is appropriate:

  1. Frequency of Access - The more frequently we rely on human behavior, the more likely the process will fail. If access is required multiple times a week or during normal operation it would be recommended to use an interlocked guard
  2. People performing the task - For access through a fixed guard the operator must be trained on the isolation procedure of the machine, this training must be refreshed and documented. If this knowledge can't be relied on then an interlocked guard should be used.

Published: 6 October 2016