Verification and validation plan – Rockwell Automation Safety Function: Hinge Switch User Manual

Safety Function: Hinge Switch

11

Rockwell Automation Publication SAFETY-AT096A-EN-P – November 2013

SISTEMA software calculates the MTTFd by using B10d data provided for the

contactors along with the estimated frequency of use, entered during the creation of

the SISTEMA project.
The DCavg (99%) for the contactors is selected from the Output Device table of

EN ISO 13849-1 Annex E, Direct Monitoring.
The DCavg (99%) for the hinge switch is selected from the Input Device table of

EN ISO 13849-1 Annex E, Cross Monitoring.
The CCF value is generated by using the scoring process outlined in Annex F of

EN ISO 13849-1. The complete CCF scoring process must be performed when

implementing an application. A minimum score of 65 must be achieved. A CCF of 65

was entered for practical purposes in each case. Calculations are based on one

operation of the safety guard door per hour, therefore, 8760 operations of the

contactors per year.
The measures against CCF are quantified using the scoring process outlined in

Annex F of EN ISO 13849-1. For the purposes of PL calculation, the required score

of 65 is needed to fulfill the CCF requirement. The complete CCF scoring process

must be performed when implementing this example.

Verification and Validation Plan

Verification and validation play important roles in the avoidance of faults throughout

the safety system design and development process. EN ISO 13849-2 sets the

requirements for verification and validation. The standard calls for a documented

plan to confirm all of the safety functional requirements have been met.
Verification is an analysis of the resulting safety control system. The Performance

Level (PL) of the safety control system is calculated to confirm that the system meets

the required Performance Level (PLr) specified. The SISTEMA software is typically

used to perform the calculations and assist with satisfying the requirements of

EN ISO 13849-1.
Validation is a functional test of the safety control system to demonstrate that the

system meets the specified requirements of the safety function. The safety control

system is tested to confirm that all of the safety-related outputs respond

appropriately to their corresponding safety-related inputs. The functional test

includes normal operating conditions in addition to potential fault injection of failure

modes. A checklist is typically used to document the validation of the safety control

system.

Prior to validating the Guardmaster safety relay (GSR) system, confirm that the

Guardmaster safety relay has been wired and configured in accordance with the

installation instructions.