How do I validate my Safety System?

The most common step that is not performed or performed incorrectly when implementing a safety system is validation. This step is essential to confirm the specification and conformity of the safety system, however many people are unsure how to validate or don't even consider performing a validation.

Here are some common mistakes made with validation:

No Specification

You can’t validate an unspecified safety system, thus if there is no specification document then what are you validating?

The specification document has two purposes:

1. It provides a framework for the system to be designed
2. It provides a specification to validate

The specification should explain the following:

1. The functional behaviour of the safety system - For example if the system is an E-Stop the specification should explain; how the E-Stop is initiated, what hazardous movements are inhibited by the E-Stop, what Stop Category is performed, how quickly are these movements inhibited, how is the system reset to allow machine operation to continue, etc.
2. Operational and environmental conditions
3. Integrity Requirements - What is the level of risk reduction required by the safety system? This can be measured by a required Safety Category (CAT), Performance Level (PL) or Safety Integrity Level (SIL)

Once the Specification exists then the system can be validated according to its functional, environmental and integrity requirements.

Only Normal Operation of Safety System is Tested

It is common for validation to be performed on a safety system with no fault simulation testing.

For example, if validating an E-Stop the machine is started under its maximum expected operational load and the E-Stop hit. The safety function is validated by confirming the hazardous movements have been ceased in the required time according to the specification and the machine can’t be restarted until the E-Stop operator is manually reset.

The above validation may prove the functional behaviour of the E-Stop but many safety systems also require fault simulation to validate their integrity requirement. If the above E-Stop had a requirement of CAT 3, then all single fault modes would need to be simulated to confirm that the system will not lose safety function due to a single fault.

No Documentation

As like any activity performed during the implementation of a safety system, validation does not exist if it is not documented. All relevant analysis, tests reports, calculations, data sheets, etc. must be recorded to prove the process undertaken.

For help with validation plans, register for the NHP Safety Reference Guide, in the 'Safety Function Document' section there are numerous examples of pre-engineered Safety Functions with validation plans at the back of each document.

For more information on the process of validation, activities to be performed and the documentation required reference AS 4024.1502-2006.

What makes a contactor a safety contactor?

A common question is; Do I need to use safety contactors in safety-related control systems?

So, what makes a contactor a safety contactor? These devices are purpose built for safety applications with many design principles built into the product. Like most safety devices, third-party certification provides a good reassurance that the product is appropriate for safety applications. NHP safety contactors are independently certified by Suva Accredited Certification Body.

As required in AS/NZS 4024.1501/1502/1503 the use of basic and well-tried safety principles must be considered for any safety control system for Category 1-4. The design and construction of safety contactors incorporate many of these safety principles. Some of these principles include:

Pictured: 37KW 3P 110V AC COIL 4NC
AUXILIARY Safety Contactor

True auxiliary indication

The auxiliary contacts that provide feedback to the safety system should use proven techniques such as positive guided/mechanically linked or mirror contacts to ensure a true indication of the contactor's state. In AS/NZS 4024.1502 the use of these techniques is defined as a well-tried safety principle and is required for Category 1-4.

No manual operation

Unlike standard contactors that can be easily operated from the front of the device, safety contactors do not allow for manual operation from the front of the contactor. This design feature avoids the possibility of personnel creating an unsafe state due to unexpected start-up. In AS/NZS 4024.1502 the prevention of unexpected start-up is defined as a basic safety principle required for Category B-4.

Securely fixed auxiliary contact block

The auxiliary contacts on safety contactors are permanently or securely fixed to the device, this avoids the possibility of the auxiliary contacts becoming separated from the contactor due to environmental causes (eg. Vibration) and makes intentional tampering more difficult. In AS/NZS 4024.1502 the secure fixing of these contacts is defined as a basic safety principle, required for Category B-4.

Reliability data

When designing safety systems to the standards AS/NZS 4024.1503 or AS 62061, reliability data needs to be obtained for the safety devices. Safety contactors have reliability data in the form of a B10d value.

Easily identifiable

To reduce the chances of unintended misuse of the safety system, safety contactors may be easily identifiable compared to standard contactors, i.e.: The safety contactor may be a different colour. This feature reduces the chances of accidental tampering with the safety system.

Other design considerations when selecting contactors in a safety-related control system include:

• Consider environmental influences of the application such as temperature, vibration, existence of dust or other contaminants, this is a basic safety principle from AS/NZS 4024.1502
• Consider over-dimensioning the contactor to reduce dangerous failure modes, this is a well-tried safety principle from AS/NZS 4024.1502
• Where available use contactor coils with built in surge suppression, this is a basic safety principle out of AS/NZS 4024.1502
• Ensure all circuits have relevant protection devices