How-to Manage Functional Safety Certification Documents
This guide describes how to manage documents related to functional safety certifications. It also includes information on how to manage continuous updates of such documents under Details.
ISA review protocols are not treated in the same way as certification documents. Review protocols shall be handled by the receiver until resolution and stored as an external document in DMS under the Safety Team/TÜV Documents folder.
Intended for
Safety engineers, functional safety management (FSM) managers, product managers, release owners, configuration managers, user documentation responsible, independent safety assessor (ISA), and ISA contact.
Activities
When managing documents related to functional safety certification, a flow of actions needs to be performed that involves several roles within PCP R&D.
Note: The safety team assigns an ISA contact (within or outside the safety team) for each release.
Prepare the annex proposal
-
The safety engineer or assigned ISA contact for the release requests a draft of the annex in Word format from the ISA.
-
The safety team or ISA contact checks it into the document management system (DMS).
- If no previous versions of the annex exist:
- As a new document, stored where the Azure DevOps (ADO) future ISA document shall be stored. It shall have an ABB document ID and the part ID shall be set to "PROPOSAL".
- If previous versions of the annex exist:
- As a new version of the "proposal" document next to the approved ISA document. It shall have the same ABB document ID as the previous version and the part ID shall be set to "PROPOSAL". If there is an approved ISA document, but no "proposal" document, check it in as a new "proposal" document.
- If no previous versions of the annex exist:
-
The safety engineer or ISA contact updates the content with new components and versions/revisions.
-
As a best practice, the safety engineer or ISA contact calls for an internal review with the product manager, safety engineer, release owner, and configuration manager. (For very small changes, a minor review by the product manager could be judged sufficient.)
-
The safety engineer or ISA contact updates the annex proposal according to comments. The document shall then be change-checked and approved by the product manager in DMS.
-
The safety engineer or ISA contact sends the annex proposal to the ISA as input for certification.
ISA update and approval
ISA updates and approves safety certification documents based on the annex proposal received from the safety engineer/ISA contact.
Manage received certification documents
-
The safety engineer or ISA contact receives signed documents (.pdf) from ISA, typically:
- Certificate.
- Report on certificate.
- Annex of the report on the certificate ("The Annex").
- Technical report, a.k.a. "Report on the testing".
- Modification report.
-
The safety engineer/ISA contact checks all received documents into DMS. If it is a new document, the external lifecycle shall be used and the external document ID should be applied.
The document security level shall be set to:
- Public for product certificates such as "Certificate", "Report on Certificate" and, "Annex of the Report on Certificate". This is done to be able to publish to ABB Library.
- Internal for "Technical report" and "Modification report".
-
The safety engineer or ISA contact starts a review workflow for each document with the product manager as the approver. Note that for FSM certificates the FSM manager shall be set as approver.
-
The safety engineer or ISA contact updates the 7PAA006341 List of Active Safety Certificates and informs the release owner and configuration manager by mail.
-
When the product manager or FSM manager has approved and M5 (G5) for the release is passed, the safety engineer informs the user documentation responsible that the new certification documents shall be published to ABB Library.
Note: Only product related documents of type "Certificate", "Report on Certificate", and "Annex of the Report on Certificate" are published in ABB Library. FSM certificates and reports are internal documents and shall not be published to ABB library.
-
The configuration manager adds the new documents (versions) to the relevant baseline for the project release if the update is part of a project.
Details
Incremental check for update needs
All functional safety certificates must be regularly checked for potential update needs according to the following process.
-
In each increment planning, the safety team shall create an ADO feature to check the expiration date of all certification documents listed in 7PAA006341 List of Active Safety Certificates and inform the product owner about the activity.
-
If any certification is set to expire within the next nine months, the safety engineer presents the finding at the SPI meeting and creates a feature with priority 1 to update the certification within the increment. The feature description shall include the following activities:
- Inform the ISA contact to prepare the certificate update, such as what checklists and materials are required from ABB.
- Create a linked DU WI to allocate the update of related certificate.
- Perform an impact analysis for the certificate update according to 3BSE085837 IA Questions for Document Updates.
- After receiving the preparation materials list from the ISA contact, the safety engineer shall discuss with PPM and the product owners to decide:
- Which standard should be kept/renewed?
- How to fill out the delta checklist(s) if one or more new standard revisions are applicable.
-
If a certificate cannot be updated earlier than one month before its expiration date, the safety engineer shall inform the head of Operations to prepare a stop order. See How-to Manage Stop and Start Orders for more information about stop and start orders.
-
The day after the expiration date, the safety engineer shall inform the head of Operations that the stop order shall be officially announced and inform the ISA contact about this. Procurement and Logistics (P&L) is responsible for updating the delivery time in Business Online (BOL) and informing affected customers.
The safety engineer shall inform the ISA contact when the start order is triggered. This requires that the certificate has been renewed.