Phase 6 – Validation

How to Verify and Validate a Safety System Design

Using a rigorous Safety LifeCycle approach, manufacturers and machine builders can harness the inherent value of intelligent safety system designs to help drive productivity, reduce labor costs and increase the bottom line. The LifeCycle approach, as defined in standards IEC 61508 and IEC 62061, provides the foundation for this detailed, more systematic design process for machinery applications. Among the most important phases are the final ones – verifying and validating the performance of a safety system design.

At this point in the cycle, the designer has already conducted a risk or hazard assessment, defined the functional requirements of the machine and begun designing the safety system.

First, verification proves the circuit for the safety functions of the machine is working properly and meets the specified requirements. During verification, engineers and electricians test the safety system to make sure it is working while the machine is running. For example, activating an emergency stop (e-stop) to test that the machine will indeed stop running, completes the verification step for an e-stop application.

Next, validation tests the safety functions of the system do what they are designed to do. For example, in a dual-channel e-stop application using redundant control relays, a designer who is conducting the test might inject a human fault between the logic solver and output on channel one, activating the e-stop, to validate the wiring is correct from the input to the logic solver. The designer would then repeat the process on the second channel to make sure it is functioning as planned.

Ultimately, designers must remember that verification is different from validation. Verifying the safety functions of a system requires a plan, must be documented and should include environmental, operational, and maintenance tasks and functions. Validation proves the safety circuit works correctly. It requires fault injection in all identified modes of operation. It also requires circuit evaluation using analytical tools to verify circuit design compliance, component selection verification and systematic analysis.

Today, verification and validation of a safety system must be in accordance with new global functional safety standards. A designer must validate the safety system in accordance with IEC 61508, IEC 62061, EN ISO 13849-1 and 13849-2. Each standard provides a unique definition of validation.

Validation according to IEC 61508 and 62061 means testing the safety related electrical control system, including both hardware and software, to ensure it achieves the functional safety requirements of the specific application. Validation according to EN ISO 13849-1/2 is a planned, documented process that uses both static and dynamic testing, and other methodologies, to show that all safety related parts of control system interact correctly to perform the intended safety function. Requirements of specified performance levels and categories are found in EN 954-1. EN ISO 13849-2 also specifies the conditions under which the validation should be carried out. 

To learn more about this specific topic, please watch the related Webinar SafeDesign: Machine Safety Validation and follow along with the Machine Safety Validation slides.

Additional publications:

Tell us what you think!