Validate the Project

To check your application program for adherence to the specification, you must generate a suitable set of test cases that cover the application. The set of test cases must be filed and retained as the test specification. To determine what to validate for your specific application, refer to IEC 61508 or your industry-specific safety standard.
You must include a set of tests to prove the validity of the formula calculations used in your application logic. Equivalent range tests are acceptable. These are tests within the defined value ranges, at the limits, or in invalid value ranges. The necessary number of test cases depends on the formulas that are used and must comprise critical value pairs.
Active simulation with sources, such as field devices, must also be included, as it is the only way to verify that the sensors and actuators in the system are wired correctly. Verify the operation of programmed functions by manipulating sensors and actuators manually.
You must also include tests to verify the reaction to wiring faults and network communication faults.
Project validation includes tests of fault routines, and input and output channels, to be sure that the safety system operates properly.
To perform a project validation test on the controller, you must perform a full test of your application. You must toggle each sensor and actuator that is involved in every safety function. Be sure to test all shutdown functions, because these functions are not typically exercised during normal operation.
Also, know that a project validation test is valid only for the specific application tested. If the safety application is moved to another installation, you must perform startup and project validation on the safety application in the context of the new sensors, actuators, wiring, networks, and control system physical equipment.

Revalidation Considerations

The IEC 61508 functional safety standard requires an impact analysis before you upgrade or modify components in a certified, functional safety system. Reference the standard to make sure that you fulfill all requirements as they relate to your application. Consider the following high-level information for impact analysis of safety controller software, hardware, and firmware modification:
  • All major and minor firmware releases for safety controller systems are certified for use in safety applications. As part of the certification process, Rockwell Automation tests the safety-related firmware functions, such as the
    CIP Safety
     communication subsystems, which are embedded safety instruction execution, and safety-related diagnostic functions. The firmware release notes identify changes to safety-related functions.
  • Perform an impact analysis of the planned modifications.
    • Review the firmware release notes for changes in safety-related functionality.
    • Review the hardware and firmware compatibility in the Product Compatibility and Download Center (PCDC) to identify potential compatibility conflicts.
    • Plan, analyze, and document the impact of any modification, enhancement, or adaptation of your validated safety system.
    • As part of the upgrade process, remove and regenerate the safety signature.
  • Based on the results of the safety impact analysis, choose the appropriate level of hardware and software revalidation. Use the Safety Signature report to determine which safety elements have been modified and require revalidation. If your validation plan does not require revalidation of unchanged elements, your certification effort can be reduced.
Provide Feedback
Have questions or feedback about this documentation? Please submit your feedback here.
Normal