ISO 13849–1 Analysis — Part 8: Fault Exclusion

This entry is part 9 of 9 in the series How to do a 13849–1 analy­sis

Fault Consideration & Fault Exclusion

ISO 13849–1, Chap­ter 7 [1, 7] dis­cuss­es the need for fault con­sid­er­a­tion and fault exclu­sion. Fault con­sid­er­a­tion is the process of exam­in­ing the com­po­nents and sub-sys­tems used in the safe­ty-relat­ed part of the con­trol sys­tem (SRP/CS) and mak­ing a list of all the faults that could occur in each one. This a def­i­nite­ly non-triv­ial exer­cise!

Think­ing back to some of the ear­li­er arti­cles in this series where I men­tioned the dif­fer­ent types of faults, you may recall that there are detectable and unde­tectable faults, and there are safe and dan­ger­ous faults, lead­ing us to four kinds of fault:

  • Safe unde­tectable faults
  • Dan­ger­ous unde­tectable faults
  • Safe detectable faults
  • Dan­ger­ous detectable faults

For sys­tems where no diag­nos­tics are used, Cat­e­go­ry B and 1, faults need to be elim­i­nat­ed using inher­ent­ly safe design tech­niques. Care needs to be tak­en when clas­si­fy­ing com­po­nents as “well-tried” ver­sus using a fault exclu­sion, as com­po­nents that might nor­mal­ly be con­sid­ered “well-tried” might not meet those require­ments in every appli­ca­tion. [2, Annex A], Val­i­da­tion tools for mechan­i­cal sys­tems, dis­cuss­es the con­cepts of “Basic Safe­ty Prin­ci­ples”, “Well-Tried Safe­ty Prin­ci­ples”, and “Well-tried com­po­nents”.  [2, Annex A] also pro­vides exam­ples of faults and rel­e­vant fault exclu­sion cri­te­ria. There are sim­i­lar Annex­es that cov­er pneu­mat­ic sys­tems [2, Annex B], hydraulic sys­tems [2, Annex C], and elec­tri­cal sys­tems [2, Annex D].

For sys­tems where diag­nos­tics are part of the design, i.e., Cat­e­go­ry 2, 3, and 4, the fault lists are used to eval­u­ate the diag­nos­tic cov­er­age (DC) of the test sys­tems. Depend­ing on the archi­tec­ture, cer­tain lev­els of DC are required to meet the rel­e­vant PL, see [1, Fig. 5]. The fault lists are start­ing point for the deter­mi­na­tion of DC, and are an input into the hard­ware and soft­ware designs. All of the dan­ger­ous detectable faults must be cov­ered by the diag­nos­tics, and the DC must be high enough to meet the PLr for the safe­ty func­tion.

The fault lists and fault exclu­sions are used in the Val­i­da­tion por­tion of this process as well. At the start of the Val­i­da­tion process flow­chart [2, Fig. 1], you can see how the fault lists and the cri­te­ria used for fault exclu­sion are used as inputs to the val­i­da­tion plan.

The diagram shows the first few stages in the ISO 13849-2 Validation process. See ISO 13849-2, Figure 1.
Start of ISO 13849–2 Fig. 1

Faults that can be exclud­ed do not need to val­i­dat­ed, sav­ing time and effort dur­ing the sys­tem ver­i­fi­ca­tion and val­i­da­tion (V & V). How is this done?

Fault Consideration

The first step is to devel­op a list of poten­tial faults that could occur, based on the com­po­nents and sub­sys­tems includ­ed in SRP/CS. ISO 13849–2 [2] includes lists of typ­i­cal faults for var­i­ous tech­nolo­gies. For exam­ple, [2, Table A.4] is the fault list for mechan­i­cal com­po­nents.

Mechanical fault list from ISO 13849-2
Table A.4 — Faults and fault exclu­sions — Mechan­i­cal devices, com­po­nents and ele­ments
(e.g. cam, fol­low­er, chain, clutch, brake, shaft, screw, pin, guide, bear­ing)

[2] con­tains tables sim­i­lar to Table A.4 for:

  • Pres­sure-coil springs
  • Direc­tion­al con­trol valves
  • Stop (shut-off) valves/non-return (check) valves/quick-action vent­ing valves/shuttle valves, etc.
  • Flow valves
  • Pres­sure valves
  • Pipework
  • Hose assem­blies
  • Con­nec­tors
  • Pres­sure trans­mit­ters and pres­sure medi­um trans­duc­ers
  • Com­pressed air treat­ment — Fil­ters
  • Com­pressed-air treat­ment — Oil­ers
  • Com­pressed air treat­ment — Silencers
  • Accu­mu­la­tors and pres­sure ves­sels
  • Sen­sors
  • Flu­idic Infor­ma­tion pro­cess­ing — Log­i­cal ele­ments
  • etc.

As you can see, there are many dif­fer­ent types of faults that need to be con­sid­ered. Keep in mind that I did not give you all of the dif­fer­ent fault lists — this post would be a mile long if I did that! The point is that you need to devel­op a fault list for your sys­tem, and then con­sid­er the impact of each fault on the oper­a­tion of the sys­tem. If you have com­po­nents or sub­sys­tems that are not list­ed in the tables, then you need to devel­op your own fault lists for those items. Fail­ure Modes and Effects Analy­sis (FMEA) is usu­al­ly the best approach for devel­op­ing fault lists for these com­po­nents [23], [24].

When con­sid­er­ing the faults to be includ­ed in the list there are a few things that should be con­sid­ered [1, 7.2]:

  • if after the first fault occurs oth­er faults devel­op due to the first fault, then you can group those faults togeth­er as a sin­gle fault
  • two or more sin­gle faults with a com­mon cause can be con­sid­ered as a sin­gle fault
  • mul­ti­ple faults with dif­fer­ent caus­es but occur­ring simul­ta­ne­ous­ly is con­sid­ered improb­a­ble and does not need to be con­sid­ered


#1 — Voltage Regulator

A volt­age reg­u­la­tor fails in a sys­tem pow­er sup­ply so that the 24 Vdc out­put ris­es to an unreg­u­lat­ed 36 Vdc (the inter­nal pow­er sup­ply bus volt­age), and after some time has passed, two sen­sors fail. All three fail­ures can be grouped and con­sid­ered as a sin­gle fault because they orig­i­nate in a sin­gle fail­ure in the volt­age reg­u­la­tor.

#2 — Lightning Strike

If a light­ning strike occurs on the pow­er line and the result­ing surge volt­age on the 400 V mains caus­es an inter­pos­ing con­tac­tor and the motor dri­ve it con­trols to fail to dan­ger, then these fail­ures may be grouped and con­sid­ered as one. Again, a sin­gle event caus­es all of the sub­se­quent fail­ures.

#3 — Pneumatic System Lubrication

3a — A pneu­mat­ic lubri­ca­tor runs out of lubri­cant and is not refilled, depriv­ing down­stream pneu­mat­ic com­po­nents of lubri­ca­tion.

3b — The spool on the sys­tem dump valve sticks open because it is not cycled often enough.

Nei­ther of these fail­ures has the same cause, so there is no need to con­sid­er them as occur­ring simul­ta­ne­ous­ly because the prob­a­bil­i­ty of both hap­pen­ing con­cur­rent­ly is extreme­ly small. One cau­tion: These two faults MAY have a com­mon cause — poor main­te­nance. If this is true and you decide to con­sid­er them to be two faults with a com­mon cause, they could then be grouped as a sin­gle fault.

Fault Exclusion

Once you have your well-con­sid­ered fault lists togeth­er, the next ques­tion is “Can any of the list­ed faults be exclud­ed?” This is a tricky ques­tion! There are a few points to con­sid­er:

  • Does the sys­tem archi­tec­ture allow for fault exclu­sion?
  • Is the fault tech­ni­cal­ly improb­a­ble, even if it is pos­si­ble?
  • Does expe­ri­ence show that the fault is unlike­ly to occur?*
  • Are there tech­ni­cal require­ments relat­ed to the appli­ca­tion and the haz­ard that might sup­port fault exclu­sion?

BE CAREFUL with this one!

When­ev­er faults are exclud­ed, a detailed jus­ti­fi­ca­tion for the exclu­sion needs to be includ­ed in the sys­tem design doc­u­men­ta­tion. Sim­ply decid­ing that the fault can be exclud­ed is NOT ENOUGH! Con­sid­er the risk a per­son will be exposed to in the event the fault occurs. If the sever­i­ty is very high, i.e., severe per­ma­nent injury or death, you may not want to exclude the fault even if you think you could. Care­ful con­sid­er­a­tion of the result­ing injury sce­nario is need­ed.

Bas­ing a fault exclu­sion on per­son­al expe­ri­ence is sel­dom con­sid­ered ade­quate, which is why I added the aster­isk (*) above. Look for good sta­tis­ti­cal data to sup­port any deci­sion to use a fault exclu­sion.

There is much more infor­ma­tion avail­able in IEC 61508–2 on the sub­ject of fault exclu­sion, and there is good infor­ma­tion in some of the books men­tioned below [0.1], [0.2], and [0.3]. If you know of addi­tion­al resources you would like to share, please post the infor­ma­tion in the com­ments!


3.1.3 fault
state of an item char­ac­ter­ized by the inabil­i­ty to per­form a required func­tion, exclud­ing the inabil­i­ty dur­ing pre­ven­tive main­te­nance or oth­er planned actions, or due to lack of exter­nal resources
Note 1 to entry: A fault is often the result of a fail­ure of the item itself, but may exist with­out pri­or fail­ure.
Note 2 to entry: In this part of ISO 13849, “fault” means ran­dom fault. [SOURCE: IEC 60050?191:1990, 05–01.]

Book List

Here are some books that I think you may find help­ful on this jour­ney:

[0]     B. Main, Risk Assess­ment: Basics and Bench­marks, 1st ed. Ann Arbor, MI USA: DSE, 2004.

[0.1]  D. Smith and K. Simp­son, Safe­ty crit­i­cal sys­tems hand­book. Ams­ter­dam: Else­vier/But­ter­worth-Heine­mann, 2011.

[0.2]  Elec­tro­mag­net­ic Com­pat­i­bil­i­ty for Func­tion­al Safe­ty, 1st ed. Steve­nage, UK: The Insti­tu­tion of Engi­neer­ing and Tech­nol­o­gy, 2008.

[0.3]  Overview of tech­niques and mea­sures relat­ed to EMC for Func­tion­al Safe­ty, 1st ed. Steve­nage, UK: Overview of tech­niques and mea­sures relat­ed to EMC for Func­tion­al Safe­ty, 2013.


Note: This ref­er­ence list starts in Part 1 of the series, so “miss­ing” ref­er­ences may show in oth­er parts of the series. Includ­ed in the last post of the series is the com­plete ref­er­ence list.

[1]     Safe­ty of machin­ery — Safe­ty-relat­ed parts of con­trol sys­tems — Part 1: Gen­er­al prin­ci­ples for design. 3rd Edi­tion. ISO Stan­dard 13849–1. 2015.

[2]     Safe­ty of machin­ery — Safe­ty-relat­ed parts of con­trol sys­tems — Part 2: Val­i­da­tion. 2nd Edi­tion. ISO Stan­dard 13849–2. 2012.

[3]      Safe­ty of machin­ery — Gen­er­al prin­ci­ples for design — Risk assess­ment and risk reduc­tion. ISO Stan­dard 12100. 2010.

[4]     Safe­guard­ing of Machin­ery. 2nd Edi­tion. CSA Stan­dard Z432. 2004.

[5]     Risk Assess­ment and Risk Reduc­tion- A Guide­line to Esti­mate, Eval­u­ate and Reduce Risks Asso­ci­at­ed with Machine Tools. ANSI Tech­ni­cal Report B11.TR3. 2000.

[6]    Safe­ty of machin­ery — Emer­gency stop func­tion — Prin­ci­ples for design. ISO Stan­dard 13850. 2015.

[7]     Func­tion­al safe­ty of electrical/electronic/programmable elec­tron­ic safe­ty-relat­ed sys­tems. 7 parts. IEC Stan­dard 61508. Edi­tion 2. 2010.

[8]     S. Joce­lyn, J. Bau­doin, Y. Chin­ni­ah, and P. Char­p­en­tier, “Fea­si­bil­i­ty study and uncer­tain­ties in the val­i­da­tion of an exist­ing safe­ty-relat­ed con­trol cir­cuit with the ISO 13849–1:2006 design stan­dard,” Reliab. Eng. Syst. Saf., vol. 121, pp. 104–112, Jan. 2014.

[9]    Guid­ance on the appli­ca­tion of ISO 13849–1 and IEC 62061 in the design of safe­ty-relat­ed con­trol sys­tems for machin­ery. IEC Tech­ni­cal Report TR 62061–1. 2010.

[10]     Safe­ty of machin­ery — Func­tion­al safe­ty of safe­ty-relat­ed elec­tri­cal, elec­tron­ic and pro­gram­ma­ble elec­tron­ic con­trol sys­tems. IEC Stan­dard 62061. 2005.

[11]    Guid­ance on the appli­ca­tion of ISO 13849–1 and IEC 62061 in the design of safe­ty-relat­ed con­trol sys­tems for machin­ery. IEC Tech­ni­cal Report 62061–1. 2010.

[12]    D. S. G. Nix, Y. Chin­ni­ah, F. Dosio, M. Fessler, F. Eng, and F. Schr­ev­er, “Link­ing Risk and Reliability—Mapping the out­put of risk assess­ment tools to func­tion­al safe­ty require­ments for safe­ty relat­ed con­trol sys­tems,” 2015.

[13]    Safe­ty of machin­ery. Safe­ty relat­ed parts of con­trol sys­tems. Gen­er­al prin­ci­ples for design. CEN Stan­dard EN 954–1. 1996.

[14]   Func­tion­al safe­ty of electrical/electronic/programmable elec­tron­ic safe­ty-relat­ed sys­tems — Part 2: Require­ments for electrical/electronic/programmable elec­tron­ic safe­ty-relat­ed sys­tems. IEC Stan­dard 61508–2. 2010.

[15]     Reli­a­bil­i­ty Pre­dic­tion of Elec­tron­ic Equip­ment. Mil­i­tary Hand­book MIL-HDBK-217F. 1991.

[16]     “IFA — Prac­ti­cal aids: Soft­ware-Assis­tent SISTEMA: Safe­ty Integri­ty — Soft­ware Tool for the Eval­u­a­tion of Machine Appli­ca­tions”,, 2017. [Online]. Avail­able: [Accessed: 30- Jan- 2017].

[17]      “fail­ure mode”, 192–03-17, Inter­na­tion­al Elec­trotech­ni­cal Vocab­u­lary. IEC Inter­na­tion­al Elec­trotech­ni­cal Com­mis­sion, Gene­va, 2015.

[18]      M. Gen­tile and A. E. Sum­mers, “Com­mon Cause Fail­ure: How Do You Man­age Them?,” Process Saf. Prog., vol. 25, no. 4, pp. 331–338, 2006.

[19]     Out of Control—Why con­trol sys­tems go wrong and how to pre­vent fail­ure, 2nd ed. Rich­mond, Sur­rey, UK: HSE Health and Safe­ty Exec­u­tive, 2003.

[20]     Safe­guard­ing of Machin­ery. 3rd Edi­tion. CSA Stan­dard Z432. 2016.

[21]     O. Reg. 851, INDUSTRIAL ESTABLISHMENTS. Ontario, Cana­da, 1990.

[22]     “Field-pro­gram­ma­ble gate array”,, 2017. [Online]. Avail­able: [Accessed: 16-Jun-2017].

[23]     Analy­sis tech­niques for sys­tem reli­a­bil­i­ty – Pro­ce­dure for fail­ure mode and effects analy­sis (FMEA). 2nd Ed. IEC Stan­dard 60812. 2006.

[24]     “Fail­ure mode and effects analy­sis”,, 2017. [Online]. Avail­able: [Accessed: 16-Jun-2017].

CSA Z432 Safeguarding of Machinery — 3rd Edition

If you build machin­ery for the Cana­di­an mar­ket, or if you mod­i­fy equip­ment in Cana­di­an work­places, you will be famil­iar with CSA Z432, Safe­guard­ing of Machin­ery. This stan­dard has been around since 1992, with the last major revi­sion pub­lished in 2004. CSA has recon­vened the Tech­ni­cal Com­mit­tee respon­si­ble for this impor­tant stan­dard to revise the doc­u­ment to reflect the cur­rent prac­tices in the machin­ery mar­ket, and to bring in new ideas that are devel­op­ing inter­na­tion­al­ly that affect what Cana­di­an machine builders are doing.

If you have inter­est in this stan­dard and would like to have your thoughts and con­cerns com­mu­ni­cat­ed to the Tech­ni­cal Com­mit­tee, please feel free to con­tact me with your sug­ges­tions. Work starts on 28-Jan-14. Your input is wel­comed!

Why YOU need a Product Safety Certification Strategy that Works!

How compliance efforts go wrong

Clients call me when they have prob­lems. They sent some prod­uct to a cer­ti­fi­ca­tion body, some tests were done, and the prod­uct failed. Now what? Usu­al­ly, the deliv­ery date for the cer­ti­fied prod­uct is approach­ing quick­ly, and no time is avail­able to react. Deliv­ery is delayed, and the cus­tomer is upset. The busi­ness may even be lost.

This process goes wrong for a num­ber of rea­sons:

  1. The end goal for the cer­ti­fi­ca­tion and the inter­me­di­ate require­ments were not con­sid­ered
  2. The cer­ti­fi­ca­tion body chose the stan­dard, and the man­u­fac­tur­er had no idea what the stan­dard required
  3. The sam­ples were not care­ful­ly pre­pared for the cer­ti­fi­ca­tion body
  4. Infor­ma­tion was miss­ing or par­tial­ly miss­ing

Certification Motivation

What moti­vates a man­u­fac­tur­er to cer­ti­fy a prod­uct? The deci­sion to cer­ti­fy comes about for a vari­ety of rea­sons, includ­ing:

  1. Legal require­ment for the mar­ket
  2. Cus­tomer request
  3. Lia­bil­i­ty lim­i­ta­tion
  4. Mar­ket­ing advan­tage over competitor’s offer­ings

I’ve talked about the dif­fer­ences between CE Mark­ing and tra­di­tion­al Cer­ti­fi­ca­tion process­es in a few arti­cles, includ­ing this one recent­ly, so I won’t repeat myself here. In Cana­da, Fed­er­al [1, 125(m)(iii)] and Provin­cial law [2, 113 (1) ©] require any­one sell­ing an elec­tri­cal prod­uct to ensure that it bears an elec­tri­cal safe­ty mark, and this is sup­port­ed in the Cana­di­an Elec­tri­cal Code [3, 2–024]. This require­ment is often over­looked in the industrial/commercial mar­ket where post-instal­la­tion equip­ment inspec­tion, called “Field Eval­u­a­tion”, is typ­i­cal.

In the US, each State has a slight­ly dif­fer­ent approach, so you will need to check out the require­ments in the states where your prod­uct is sold so that you can ensure com­pli­ance with the local require­ments. From a work­place per­spec­tive, the US OSHA requires that all elec­tri­cal prod­ucts used in the work­place bear a mark from a Nation­al­ly Rec­og­nized Test­ing Lab­o­ra­to­ry (NRTL) [5].

Cer­ti­fy­ing your prod­uct pro­vides some degree of lia­bil­i­ty lim­i­ta­tion, in that it shows that you met the min­i­mum legal require­ments for your mar­ket­place. To lim­it your lia­bil­i­ty effec­tive­ly, you will need to do more than just meet the min­i­mum require­ments, and you will need doc­u­men­ta­tion of every­thing done to meet or exceed those require­ments.

If you offer cer­ti­fied prod­ucts in a mar­ket where this is uncom­mon, you have a mar­ket­ing advan­tage as long as your cus­tomers under­stand the ben­e­fits cer­ti­fied prod­ucts bring. If cer­ti­fi­ca­tion is rare in your mar­kets, you may need to under­take some edu­ca­tion­al mar­ket­ing to help cus­tomers “get it”.

Anoth­er key point needs to be con­sid­ered: Prod­uct vol­ume. Cer­ti­fi­ca­tion costs mon­ey and takes time. If you are sell­ing less than 200 units per year of a giv­en prod­uct in your line, cer­ti­fi­ca­tion for that prod­uct is unlike­ly to be fea­si­ble. For prod­uct vol­umes from one to 200 units per year, Field Eval­u­a­tion pro­vides a much more time and cost-effec­tive way to get your prod­uct marked.

The dia­gram shows the gen­er­al process flow for this activ­i­ty. If you are choos­ing to use Field Eval­u­a­tion instead of Cer­ti­fi­ca­tion, sub­sti­tute “Field Eval­u­a­tion” wher­ev­er you see “Cer­ti­fi­ca­tion” in the dia­gram.

Flow chart showing certification process flow.
Cer­ti­fi­ca­tion Process Flow

Selecting standards

Select­ing the “right” stan­dard for your prod­uct can be a chal­lenge, espe­cial­ly in the indus­tri­al mar­ket where prod­ucts are often high­ly spe­cial­ized, “one-off” prod­ucts. In many of these cas­es, no stan­dard exists that specif­i­cal­ly cov­ers the prod­uct. For rel­a­tive­ly sim­ple prod­ucts, or for prod­ucts that are very com­mon, like TVs, com­put­ers, and audio-video equip­ment, there are “Prod­uct Fam­i­ly” stan­dards that specif­i­cal­ly cov­er these types prod­ucts.

Not every stan­dard is a cer­ti­fi­ca­tion stan­dard. Most of the cer­ti­fi­ca­tion stan­dards are focused on elec­tri­cal and fire safe­ty. The con­cerns are the pre­ven­tion of elec­tri­cal shock, arc flash, and fire. Cer­ti­fi­ca­tion stan­dards will typ­i­cal­ly include spe­cif­ic tests that must be passed to show com­pli­ance with the require­ments. Design stan­dards, on the oth­er hand, will pro­vide gen­er­al per­for­mance require­ments and some­times pre­scrip­tive fea­ture require­ments, but no test require­ments. This is typ­i­cal in the indus­tri­al machin­ery sec­tor where stan­dards like CSA Z432 [6] and the ANSI B11 fam­i­ly [7] of stan­dards apply. In these cas­es, you may be able to have the prod­uct cer­ti­fied for elec­tri­cal safe­ty, but not for machin­ery safe­ty. This does not elim­i­nate cor­po­rate lia­bil­i­ty for the machin­ery haz­ards, requir­ing man­u­fac­tur­ers to be knowl­edge­able and dili­gent in apply­ing design stan­dards.

Developing a Certification Strategy

To devel­op a sound strat­e­gy, I rec­om­mend a “bot­tom-up” approach. To apply this idea, start with the bill of mate­ri­als for the prod­uct. Look first at the pur­chased prod­ucts: How many of these items are either already cer­ti­fied by their man­u­fac­tur­er? All of the cer­ti­fied items can be elim­i­nat­ed from fur­ther con­sid­er­a­tion for the moment. Next, con­sid­er the pur­chased but un-cer­ti­fied prod­ucts. Con­tact all of your sup­pli­ers to deter­mine which of these prod­ucts can be pur­chased cer­ti­fied, and adjust the bill of mate­ri­als to reflect the part num­bers for the cer­ti­fied ver­sions.

Now, the hard­er part. All of the remain­ing items on the bill of mate­ri­als need to be looked at for cer­ti­fi­ca­tion. Any­thing that can­not or need not be cer­ti­fied, e.g., nuts and bolts, oth­er mechan­i­cal parts that are not pres­sure bear­ing, etcetera, can be exclud­ed from con­sid­er­a­tion. You now have a short list of uncer­ti­fied com­po­nents that require cer­ti­fi­ca­tion.

For each item on the short list, research the stan­dards avail­able. The Scope of the stan­dards will help guide you regard­ing their applic­a­bil­i­ty. Once you have a matched list of com­po­nents and stan­dards, you can extend that research to include the top lev­el prod­uct.

Now you have the begin­ning of a com­pli­ance strat­e­gy. The next piece of the puz­zle involves the inter­nal eval­u­a­tion of each com­po­nent against the stan­dards cho­sen. This gives you the abil­i­ty to revise your think­ing, either of the stan­dards you chose or of the design and con­struc­tion of the com­po­nent. Mak­ing good choic­es at this stage to either cor­rect issues found in the design or con­struc­tion of the com­po­nent, or in the selec­tion of the stan­dard, can save you huge amounts of time and effort once the cer­ti­fi­ca­tion body gets involved.

Once the com­po­nents have suc­cess­ful­ly passed the inter­nal “pre-com­pli­ance” eval­u­a­tion, you can get the cer­ti­fi­ca­tion body involved, and start the for­mal com­pli­ance process for each com­po­nent. As this part of the process pro­gress­es, the cer­ti­fi­ca­tion body may have addi­tion­al ques­tions or requests for infor­ma­tion. To reduce these in-process ques­tions, make sure that each com­po­nent is clear­ly iden­ti­fied, that you have unique part num­bers for each part and that you have pro­vid­ed infor­ma­tion on the mate­ri­als used in the con­struc­tion of the com­po­nent, as well as detailed engi­neer­ing draw­ings.

As the com­po­nent cer­ti­fi­ca­tion work pro­gress­es, you can start on the top lev­el prod­uct cer­ti­fi­ca­tion work. The top-lev­el prod­uct needs to go through the same sort of inter­nal pre-com­pli­ance process as the com­po­nents so that you can be as cer­tain as pos­si­ble that the prod­uct will meet the require­ments when it gets to the cer­ti­fi­ca­tion lab.

Prepa­ra­tion of the data pack­age and the sample(s) of the top-lev­el prod­uct that will be sub­mit­ted must be done care­ful­ly. Con­struc­tion of the sam­ples must match the man­u­fac­tur­ing draw­ings and instruc­tions as close­ly as pos­si­ble. Once every­thing is ready, the sam­ples can be sub­mit­ted for eval­u­a­tion.

Working with a Certification Body

Deal­ing with a Cer­ti­fi­ca­tion Body can be very chal­leng­ing. Much of the expe­ri­ence will be based on the project engi­neer that is respon­si­ble for your product’s eval­u­a­tion. It’s impor­tant to set up a good rela­tion­ship with this per­son at the begin­ning because once prob­lems start to crop up in the lab, you will need to be able to talk to this per­son. Mak­ing sure that you have the “right” stan­dards select­ed for your prod­uct is essen­tial, and the project engi­neer must agree with you. They can refuse to cer­ti­fy a prod­uct if they feel that the stan­dard cho­sen is incor­rect, and since they have the final word, there is no argu­ing with them. An open dis­cus­sion at the begin­ning of the project to dis­cuss the stan­dards select­ed is an excel­lent place to start. If your ideas and theirs devi­ate in a big way, you may have to com­pro­mise on their selec­tion, or worse, stop the project and review the prob­lems encoun­tered.

Once the prod­uct is cer­ti­fied, the Cer­ti­fi­ca­tion Body will con­duct reg­u­lar audits on the man­u­fac­tur­ing facility(ies) to make sure that the pro­duc­tion test­ing is being done, pro­duc­tion records are kept, and that the QA pro­grams are ensur­ing that only good prod­uct leaves the plant.

An impor­tant part of the QA process is the Cus­tomer Com­plaints Pro­gram. Man­u­fac­tur­ers must have a pro­gram in place to record cus­tomer com­plaints and to respond to those com­plaints. A deci­sion tree that helps cus­tomer ser­vice rep­re­sen­ta­tives dif­fer­en­ti­ate between safe­ty-relat­ed and non-safe­ty relat­ed com­plaints should be devel­oped. Safe­ty-relat­ed com­plaints should result in engi­neer­ing review of the prob­lems and deter­mi­na­tions about the cause of the prob­lems. If these are relat­ed to man­u­fac­tur­ing or design issues, and espe­cial­ly if these are relat­ed to com­pli­ance with the require­ments of the cer­ti­fi­ca­tion stan­dard, a recall of the prod­uct may be need­ed. If this is the case, get the Cer­ti­fi­er involved as soon as pos­si­ble. Fail­ure to act, and fail­ure to inform the cer­ti­fi­er can result in the cer­ti­fi­ca­tion being revoked.


[1]     Cana­da Labour Code, [online]. Avail­able: Accessed: 2018-01-10.

[2]     Ontario Elec­tric­i­ty Act — Mark­ing require­ments Avail­able: Accessed: 2018-01-10.

[3]     Cana­di­an Elec­tri­cal Code, CSA C22.1. 2012.

[4]     Nation­al Elec­tri­cal Code, NFPA 70. 2014.

[5]     Occu­pa­tion­al Safe­ty and Health Stan­dards, 1910 Sub­part S, Elec­tri­cal, Instal­la­tion and Use. 29 CFR 1910.303(b)(2), [online]. Avail­able: Accessed: 2014-01-27.

[6]     Safe­guard­ing of Machin­ery. CSA Z432. 2016.

[7]     Safe­ty of Machines., [online]. Avail­able: Accessed: 2014-01-27.