Safety signatures

[Cnetwork]

Hello,

If you sign off a safety signature for a machine, can it be used and valid on other processors if the setup is the same?



Thanks

 

[mk42]

Hello,

If you sign off a safety signature for a machine, can it be used and valid on other processors if the setup is the same?



Thanks

At a purely technical level, that probably depends on what brand you're talking about, and what kind of safety signature you're talking about (software, hardware, etc). In general, in the PLCs I've used, the signature covers the compiled PLC code and the HW part numbers and safety relevant parameters, but not the actual serial numbers of the devices. I've never checked to see if something like IP address plays into this or not. In addition, the safety PLCs usually have multiple signatures available (just SW, just HW, everything, etc)



There's more to safety than just "does this technically work" though, it's far more about the regulations and paperwork, to be super duper sure no one gets hurt, or at least to cover all butts to the extent possible.



In my experience, the safety signature isn't something you sign off on so much as something you note down as part of the sign off process. As you sign off the other machines, you would note theirs as well; might be the same if the machines are identical, but it's hardly any extra work to check compared to the rest of the signoff checklist.


If your question is "do I need to do a safety sign off on these other identical machines as well", then I guess that's up to you (at least in the USA), but my thought is definitely yes. It's possible some parameter isn't set correctly, or something is wired wrong. Regardless, my experience is that it's best practice to verify the function of most safety systems periodically, not just as part of sign off, tho the period varies depending on lots of factors.

 

[JesperMP]

Regardless, my experience is that it's best practice to verify the function of most safety systems periodically, not just as part of sign off, tho the period varies depending on lots of factors.

As a minimum, safety checklist including recording the checksum upon the sign-off, and then periodic safety check by the end-user as described in the instructions for use.
I do not think that recording the checksum periodically is required, but it will be investigated in the event of an accident.
One could suggest that the checksum is checked as an additional check that the safety has not been tampered with.

 

[saultgeorge]

Hi most of the places I've worked have the integrators or controls people get the tooling up and running. Then it is "bought off" by the customer. The customer safety department verifies ALL safeties are working as per the risk assessment, PL and a myriad of other hoops to jump through. Only then does the CUSTOMER safety department generate a password that only very few people control, and there is certainly no access at that point for integrators or controls people to edit safety routines. No way to download anything either.
Hope this helps.

 

[mk42]

I do not think that recording the checksum periodically is required, but it will be investigated in the event of an accident.
One could suggest that the checksum is checked as an additional check that the safety has not been tampered with.

It's fairly common in my area for the safety signature to be hard coded somewhere on the standard side. Either the PLC compares the active signature with a fixed constant and creates an alarm on a mismatch, or the HMI has a screen that displays the expected and actual signatures. This of course requires the safety signature to be available in runtime, which may be brand dependent.

Obviously this is abuseable, but it's a nice extra check. I've heard of cases where it detected the safety system having been left disabled for testing (and thus no safety signature, thus no match).

 

[James Mcquade]

No.
a safety signature means that you have the required paperwork, documented all devices, tested all devices, signed by the head controls engineer and another responsible party, and 1 or 2 other items, i cannot remember them. it also means that you and your company assumes all responsibility and liability if something goes wrong. if it does, your paperwork will be required as proof.
we have a safety signature on only one machine and the notebook is about 1 inch thick of required paperwork.
there is a lot of paperwork required. ANY and i mean any change requires you to repeat the safety process for that modification.
regards,
james

 

[Cnetwork]

Thanks for the feedback.

On the specific project IÂ’m referring to Rockwell L81ES. There are multiple machines which are the same, with the same hardware configuration. However when I sign off the signature it is to say I have tested and checked all safety etc. Someone can then circulate that program to other machines I havenÂ’t checked as it has the same configuration? The issue is I have a machine integrated with an older machine an as you guessed the older machine doesnÂ’t meet the same safety standards as the new and each older equipment is slightly different some I deem safe others not however there would be no change to the safety program itÂ’s down purely to guard-switches. Even though IÂ’m using a dual channel ESTOP function, some guard switches used arenÂ’t safe. Which means the same program can be used


Thanks

 

[JesperMP]

No.
a safety signature means that you have the required paperwork, documented all devices, tested all devices, signed by the head controls engineer and another responsible party, and 1 or 2 other items, i cannot remember them. it also means that you and your company assumes all responsibility and liability if something goes wrong. if it does, your paperwork will be required as proof.
we have a safety signature on only one machine and the notebook is about 1 inch thick of required paperwork.
there is a lot of paperwork required. ANY and i mean any change requires you to repeat the safety process for that modification.
regards,
james

Ah, I see that we interpreted the words "safety signature" differently.

In the EU, there is the mandatory EU Declaration of Conformity which is a document that the machine follows all relevant standards incl. safety standards. And behind that is a lot of work which must be stored in the socalled 'technical dossier'.
This basically states that the machine is safe as manufactured.

In addition to that it is common with an 'acceptance certificate' or sometimes called a 'take-over certificate'. This document states amongst other things that the machine is installed according to the instructions and all safeties are in place.

So, to the original question, the EU Declaration of Conformity can be used on multiple identical machines. The acceptance certificate is done for each machine.
I think that the methodology is the same in the US, but I dont know the exact terms.