E LECTRICAL D ESIGN

S PECIFICATION
Version : 1.00

This document aims to identify clearly and precisely what

CooperVision seeks to achieve with this project/system. It
defines the function of the system and how system must behave
when presented with specific inputs and conditions.

Costas Stamopoulos
30-Jun-17
 30-Jun-17

REVISION HISTORY
Completed
Revision Date Comments
by
1.00 20-Mar-17 CS Initial document

2
 30-Jun-17

CONTENTS
1 Introduction ...................................................................................................................... 5
1.1 Scope ......................................................................................................................... 5
1.2 Definitions ................................................................................................................ 5
1.3 Acronyms .................................................................................................................. 5
1.4 Health and Safety .................................................................................................... 6
2 General Requirements ..................................................................................................... 6
3 Hardware Design ............................................................................................................. 8
3.1 Control Panels .......................................................................................................... 8
3.2 Master Switch......................................................................................................... 10
3.3 Terminals and Terminal Rail ................................................................................ 10
3.4 Field Devices and Field Components .................................................................... 11
3.5 Relays ...................................................................................................................... 11
3.6 Power Supply Units ............................................................................................... 11
3.7 Wiring and Cabling General ................................................................................. 11
3.8 Wiring and Cabling Control Panel ........................................................................ 11
3.9 Wiring and Cabling Field Devices......................................................................... 12
3.10 Short Circuit Protection ......................................................................................... 13
3.11 Earthing .................................................................................................................. 13
3.12 Motors ..................................................................................................................... 14
3.13 Indicators, Pushbuttons & Selector Switches ...................................................... 14
3.14 Junction Boxes ....................................................................................................... 15
3.15 Hazardous Area Installation ................................................................................. 15
3.16 Functional Safety General ..................................................................................... 16
3.17 Functional Safety - Programmable Electronic Based System............................. 18
3.18 Functional Safety - Electrical / Electronic Based System ................................... 19
3.19 Programmable Devices .......................................................................................... 19
4 Design Requirements ..................................................................................................... 20
4.1 Standards................................................................................................................ 20
4.2 Machine Electrical Design ..................................................................................... 20
4.3 Build Materials....................................................................................................... 20
4.4 Build Quality .......................................................................................................... 20
5 Documentation Requirements ....................................................................................... 22
5.1 Documentation ....................................................................................................... 22
5.2 Design Specifications ............................................................................................. 23
5.3 Electrical Design Package ..................................................................................... 23

3
 30-Jun-17

5.4 Installation / Integration Report ........................................................................... 23

5.5 Maintenance and Service Manual ......................................................................... 24
5.6 Operation Manual .................................................................................................. 24
5.7 Technical Construction File................................................................................... 24
5.8 Acceptance tests. .................................................................................................... 25
5.8.1 On Design Review Stage. ................................................................................... 25
5.8.2 On Completion of Construction (or at FAT). .................................................... 25
5.8.3 On Delivery (or at SAT). .................................................................................... 26
6 Appendices ...................................................................................................................... 27
6.1 Appendix A – Colour Code for Push Buttons ....................................................... 27
6.2 Appendix B – Colour Code for Indicators ............................................................. 28
6.3 Appendix C – Colour code for Wiring Identification ............................................ 29
6.4 Appendix D – Applicable Standards ..................................................................... 30
6.5 Appendix E – Stack Lights and Indication Beacons Colours .............................. 32
6.6 Appendix F – Form A ............................................................................................. 33
6.7 Appendix H - Instructions for completing Form A and Form B.......................... 39
6.7.1 Completing Form A: ........................................................................................... 39
6.7.2 Completing Form B: ........................................................................................... 40
7 References ....................................................................................................................... 42

4
 30-Jun-17

ELECTRICAL DESIGN SPECIFICATION

Version : 1.00

1 INTRODUCTION
This document describes and defines the requirements and standards to be used for the
design of any electrical control systems required for machines and equipment to be
supplied or modified at CooperVision. Electrical design for modified machines and
equipment will only comply to these requirements as far as is reasonably practicable
except that all safety aspects are mandatory.

1.1 Scope
This standard relates to electrical/electronic control panels and equipment supplied
separately or with production/service machinery and plant.

1.2 Definitions
This standard uses the words MUST and SHOULD and they are defined as:

MUST: This clause has to be adhered to and is non-negotiable.

SHOULD: This clause has to be adhered to unless written confirmation is received from
CooperVision agreeing otherwise.

1.3 Acronyms
AC: Alternating Current
CAD: Computer Aided Design
CE: Conformité Européenne (European Conformity)
CVI: CooperVision Inc.
DC: Direct Current
Ex: Explosion Protection
FAT: Factory Acceptance Test
GAMP: Good Automated Manufacturing Practices
HMI: Human Machine Interface
I/O: Input / Output
IP: Index of Protection
IS: Intrinsically Safe
LED: Light Emitting Diode
MCB: Miniature Circuit Breaker
PL: Performance Level
PLC: Programmable Logic Controller
RCD: Residual Current Device
SAT: Site Acceptance Test
SIL: Safety Integrity Level
URS: User Requirement Specification
UDT: User Defined Data Types
VFD: Variable Frequency Drive

5
 30-Jun-17

1.4 Health and Safety

All relevant electrical regulations and CVI standards must be adhered to, and where
appropriate be approved by the CVI ETS Automation Controls department.

2 GENERAL REQUIREMENTS
Good workmanship and materials, which are suitable to the environment in which the
equipment is to be installed, MUST be used.

All equipment MUST meet the legal requirements and standards for the countries and
regions they are going to be installed in. A list of required directives and standards
applicable for Europe, can be found in

6
 30-Jun-17

Appendix C – Colour code for Wiring Identification

Colour code for wiring identification purposes

Conductor
BS EN 60204-1 Comments
Type
A.C. and D.C Label AC phases with –L1, –L2, –L3
power BLACK (note any other identifier should be in front with
circuits. –L1, –L2, –L3 last)
A.C. control
RED
circuits.
D.C. control
BLUE
circuits.
Excepted
circuits in
accordance ORANGE Must be identified by label and covered to IP2xx.
with
ISO60204 §5.3.
Label all Neutrals with –N, instead of using only
LIGHT BLUE
colour identification.
Neutral (If identified by
(note any other identifier should be in front with
colour only).
–N last).
Protective
GREEN &
conductor
YELLOW
(Earth)

7
 30-Jun-17

Appendix D – Applicable Standards.

3 HARDWARE DESIGN
3.1 Control Panels
1. Panels MUST be provided with vertically hinged doors that open to a minimum of 90
degrees.

2. Opening of the doors MUST require the use of a tool or key.

3. Panel ingress protection MUST be agreed with CVI (nominally IP54 but appropriate
to the environment).

4. Panels MUST be constructed of a material suitable for the environment in which

installation will take place. This SHOULD be Stainless Steel Grade 304L or better.
Where stainless steel is not used, paint finishes SHOULD be to RAL 7035.

5. Panels MUST be sized to ensure adequate space for maintenance. To allow for future
additions, expansion space of 20% SHOULD be provided.

6. Components in panels MUST be installed on DIN rail in such a way that they are
easily accessible and removable, when the doors are open, without the need to
dismantle/remove other parts.

7. Components in panels MUST be mounted with adequate clearances as required by

the manufacturer to allow for adequate access, ventilation and cooling

8. An internal chassis/mounting plate assembly MUST be used in the panel to mount

the components.

9. Panels MUST be provided with a method of cooling if the temperature within the
panel is ever likely to approach the maximum temperature rating of any installed
component. The method of cooling SHOULD be agreed with CVI. If the panel is mounted
in an outdoor location, then anti-condensation and frost protection MUST also be added.

10. A standard mains socket for programming purposes only, with RCD protection,
SHOULD be provided in the controls section if a PLC is installed in that panel. See

8
 30-Jun-17

10. Appendix C – Colour code for Wiring Identification

10. Colour code for wiring identification purposes

10. Conductor 10. BS EN

10. Comments
Type 60204-1
10. Label AC phases with –L1, –L2, –L3
10. A.C. and
10. (note any other identifier should be in front
D.C power 10. BLACK
with
circuits.
10. –L1, –L2, –L3 last)
10. A.C.
control 10. RED 10.
circuits.
10. D.C.
control 10. BLUE 10.
circuits.
10. Excepted
circuits in
10. Must be identified by label and covered to
accordance 10. ORANGE
IP2xx.
with
ISO60204 §5.3.
10. LIGHT
10. Label all Neutrals with –N, instead of using
BLUE
only colour identification.
10. Neutral 10. (If
10. (note any other identifier should be in front
identified by
with –N last).
colour only).
10. Protective
10. GREEN &
conductor 10.
YELLOW
(Earth)

9
 30-Jun-17

10. Appendix D – Applicable Standards for country specific details.

13. A document pocket SHOULD be provided on the inside of panels to house wiring
diagrams.

14. Component labels MUST be fixed to the mounting plate. Self-adhesive labels
SHOULD NOT be used but a clip-on method. Labels MUST be clearly visible.

15. The machine / module main power supply SHOULD incorporate a power monitor
which will provide power usage information to a PLC.

16. Plastic trunking MUST always be mounted against a grounded metal DIN rail or
panel back plate.

17. AC and DC components MUST be physically segregated. This includes but is not
limited to terminals, trunking, field wiring and instrumentation location.

18. High noise components such as VFD or Servo drives MUST be segregated from
sensitive components such as PLC modules and safety components.

19. Multi-core plug and sockets SHOULD be provided for connections between the panel
and the machine.

20. Intrinsically safe barriers MUST be mounted behind a Perspex screen. A warning
label MUST identify these IS circuits.

21. Trunking containing IS circuits MUST be blue in colour.

3.2 Master Switch

1. Every machine MUST be equipped with a master isolation switch that isolates the
electrical supply. It MUST disconnect all unearthed conductors. The switch MUST be
rated to suit the maximum operating current of all equipment connected to it with due
allowance for a minimum 20% scheduled future expansion.

2. The switch MUST be lockable in the OFF position with the use of isolation padlocks
(with 6mm diameter shackles).

3. It MUST NOT be possible to open the panel door while in the ON position unless the
switch has been defeated using a tool. Such defeatable switches MUST be fitted.

4. The switch MUST be mounted in an easily accessible position.

5. The switch handle MUST be black unless it is designed, by the machine

manufacturer, as an ‘Emergency Switching-Off’ device, in which case it MUST be yellow
and red coloured and be properly labelled.

3.3 Terminals and Terminal Rail

1. Every terminal MUST be labelled with a unique terminal designation, which
corresponds to the wiring diagram.

2. No more than one wire MUST be terminated at a given terminal. Use of jumper bars
or links MUST be used if multiple connections are to be made.

10
 30-Jun-17

3. Multiple stack terminals SHOULD be avoided wherever possible.

4. The incoming main supply wires MUST terminate either at a dedicated and
segregated set of terminals or directly into the master switch. These wires MUST be
clearly marked and shielded.

5. Symmetrical 35mm DIN mounting rail MUST be used.

6. Where fused terminals are used, they MUST have a LED indicator for the status of
the fuse, to assist in fault finding.

3.4 Field Devices and Field Components

1. Field devices/components not mounted inside or on the main control panel (e.g.
sensors, solenoid valves, encoders etc.) MUST be of the plug-in type to ensure easy
replacement for maintenance purposes.

2. Sensors and solenoid valves MUST have integral indicators to show their status.

3. Field devices/components MUST be installed in an easily accessible position.

4. Field devices/component mountings MUST be robust and have adjustment scales

(where appropriate).

3.5 Relays
1. Relays MUST be of the plug-in type and have a manual test button, mechanical flag
and LED indication to assist in fault finding.

2. Retainer clips MUST be provided where the relay is subject to vibration.

3.6 Power Supply Units

1. Control circuits MUST be 24V DC. They MUST be supplied from a high quality
switched mode power supply with short circuit/overload protection.

2. Power supply units SHOULD have a minimum spare rated capacity of 25%.

3. Power supply units SHOULD be mounted in the main control panel.

4. Control circuits MUST be segregated and protected appropriately to assist in fault

finding and ensure that a single fault would not trip all the controls circuit.

3.7 Wiring and Cabling General

1. Wires MUST be terminated with crimp tags or bootlace ferrules of the correct size
except where the connection medium deems it inappropriate.

2. Wires MUST be clearly identified at both ends with the use of sleeve type indelible
markers and MUST correspond to the wiring diagrams. Markers MUST be of the correct
size for the wire.

3. Wire numbers SHOULD be identical at both ends of the wire.

3.8 Wiring and Cabling Control Panel

11
 30-Jun-17

1. Where multi-core cables enter control panels each individual core SHOULD be
connected into terminals on a rail.

2. Within the control panel AC and DC wires MUST not be run in the same trunking,
except for power contactor control wiring.

3. Colour coding of wires MUST comply with Appendix C – Colour code for Wiring
Identification.

4. Trunking MUST have a minimum 25% spare capacity throughout.

5. Where AC and DC cabling crosses it SHOULD be at 90° to each other.

6. Multi-strand cable suitably rated for the application MUST be used for panel wiring.
The minimum cross-section MUST be 0.75mm2.

3.9 Wiring and Cabling Field Devices

1. Cables MUST have indelible markers at the device and control panel or termination
end, which correspond to the wiring diagrams.

2. Single core cable SHOULD only be used within the panel and NOT for the connection
of field devices.

3. AC, DC and Intrinsically Safe circuits MUST be run separately with adequate
separation.

4. Cables/wiring not laid in trunking MUST be adequately fixed. Self-adhesive clips

MUST NOT be used.

5. Trunking MUST have a minimum 25% spare capacity throughout.

6. Colour coding of wires MUST comply with

12
 30-Jun-17

6. Appendix C – Colour code for Wiring Identification.

8. All cables MUST be accessible without the need to remove components or any
mounting plates.

9. Field cables carrying analogue control signals MUST contain a screen and be of
twisted pair type.

10. Spare cores of control and power field cabling SHOULD be terminated to spare
terminals when terminated at the control panel.

11. Spare cores SHOULD be terminated to spare terminals when terminating in junction
boxes.

12. Spare cores SHOULD be tied back an isolated when terminating in instrumentation
or other field devices without capacity for spare terminals.

13. Spare cores MUST NOT be cut back.

14. AC and DC field wiring SHOULD not be run in the same cable support. Where this is
not possible either a minimum separation distance of 50 mm or an earthed metallic
barrier MUST be used for segregation.

15. Joints or splices MUST NOT be used, where extension is required it SHOULD be
realised with junction boxes and/or terminals.

16. Cables MUST be laid parallel on cable supports in a neat and orderly fashion.

17. Changes in direction of cable supports SHOULD allow for minimum bending radius of
12D, where D is the overall diameter in mm of the cable.

18. Cables entering enclosures MUST be suitably mechanically protected to avoid rough
edges and burrs, via trunking, cable glands or plug and socket arrangements.

3.10 Short Circuit Protection

1. CVI will protect the main incoming supply at its source. The equipment supplier
MUST state the required fuse protection level.

2. Main incoming supply SHOULD be also appropriately protected.

3. Sub circuits MUST be protected against short circuits either by an appropriate fuse,
MCB, or motor protection unit.

3.11 Earthing
1. All extraneous metalwork MUST be earthed.

2. All components with an external earth point MUST be connected to earth potential.

3. Earth straps on doors MUST NOT be used as a door restraint.

4. Earth continuity monitoring MUST be provided for equipment handling dusts.

5. All pipe work carrying flammable liquids MUST be earthed across the flanges or any
point of electrical insulation.

13
 30-Jun-17

6. Motor cable screens MUST be terminated using a collar clamp (pigtails MUST NOT
be created).

7. Cable screens for instrument and control cables MUST have continuity maintained
using terminals within junction boxes.

8. Cable screens MUST be earthed at the control panel end only, and isolated from earth
potential at all other points.

9. All metal sheaths and armouring of cables MUST be effectively bonded at both ends.

10. Earth faults in control circuits MUST NOT lead to the unintentional starting of
machines or the prevention of it being stopped. A statement MUST be provided to
describe how earth faults are handled.

11. Electrical continuity for metallic cable supports SHOULD be achieved by means of
visible bonding by cable or wire straps.

12. Provision MUST be made to bond the frame of the machine to the control panel.

3.12 Motors
1. Note: Servo and stepper motors are excluded from this section.

2. Motor types MUST be agreed with CVI. Main-drive motors SHOULD be of the
squirrel cage induction type.

3. Motor construction MUST be suitable for the environment in which they are to be
installed. A statement of duty and environment suitability MUST be provided.

4. Motor circuits MUST incorporate protection against overheating, overloading and

single phasing by a device that requires hand resetting by maintenance personnel.

5. The motor rotation MUST be clearly and permanently indicated on the machine.

6. VFDs SHOULD be used wherever possible. When VFDs are used, they MUST be of
the preferred type per the latest version of the Controls Hardware Design
Specification document.

7. Motors MUST be installed in such a way so that there is safe, easy access for
maintenance and disconnection/removal.

8. Motors above 7.5kw SHOULD have current limiting starting devices, e.g. soft start
units or star delta control, if they are not to be controlled by a VFD.

9. Motors located close to contaminants SHOULD be rated IP65 and in hazardous

environments MUST be appropriately protected and certified.

10. Motors mounted remotely from the machine MUST have local isolation with auxiliary
contacts. The auxiliary contacts SHOULD be used in the stop circuit of the motor starter.
The closing of an isolator MUST NOT automatically restart a motor.

3.13 Indicators, Pushbuttons & Selector Switches

1. Indicators SHOULD be 24 Volt DC high intensity LED types.

14
 30-Jun-17

2. Indicators, pushbuttons and selector switches SHOULD have 22.5mm diameter

mounting holes.

3. Indicators, pushbuttons and selector switches MUST have permanent legends.

4. A lamp test facility SHOULD be provided.

5. Pushbuttons and selector switches MUST be positioned to prevent unintentional

operation.

6. Indicator colours MUST comply with Appendix B – Colour Code for Indicators.

7. Pushbutton colours MUST comply with Appendix A – Colour Code for Push Buttons.

8. All indicators SHOULD be mounted to be readable by an operator of average stature.

3.14 Junction Boxes

1. Junction boxes MUST be fitted for the environment they will operate in, with due
consideration giving to cleaning practices.

2. Components in panels MUST be mounted with adequate clearances as required by

the manufacturer to allow for adequate access, ventilation and cooling

3. All junction boxes SHOULD be labelled to indicate description or service and junction
box reference number as shown on electrical drawings.

4. Cable entry SHOULD be from the bottom only.

5. All junction boxes SHOULD contain either an earth bar or single earth point
connected to the control panel or the machine frame, for testing purposes.

6. Junction boxes should be ample size, with minimum of 20% spare terminals and cable
entries.

7. Junction boxes SHOULD include terminals for cable screening, when screened cable
is used.

8. Junction boxes containing IS circuit SHOULD have a warning label fixed to the lid
stating “Intrinsically Safe Circuits – Take Care”, the label MUST NOT be self-adhesive.

9. Junction boxes containing IS circuits MUST be certified Ex e.

10. Junction boxes containing IS circuits MUST NOT contain any other type of circuit.

11. Junction boxes containing IS circuit MUST use blue terminals.

12. Junctions boxes located in a hazardous area and constructed of non-metallic (plastic)
material MUST be anti-static in nature.

13. Junctions boxes located in a hazardous area MUST use certified cable glands.

3.15 Hazardous Area Installation

1. The method of protection for instrumentation and control equipment SHOULD be
Ex i.

15
 30-Jun-17

2. The method of protection for power and motors SHOULD be Ex d.

3. Cables terminating at Ex certified enclosures MUST be via Ex e or Ex d certified

cable glands.

4. At spare entries, certified Ex d type blanking plugs MUST be fitted.

5. Potential equalization MUST be completed for installations in hazardous areas. All

exposed and extraneous conductive parts MUST be connected to the equipotential
bonding system. The bonding system may include protective conductors, metal conduits,
metal cable sheaths, steel wire armouring and metallic parts of structures, but MUST
NOT include neutral conductors.

6. Intrinsically safe multi-core cabling MUST have a light blue outer sheath. Heat
shrink or identification by other means MUST NOT be used.

7. Spare cores of IS multi-cores terminating in control panels MUST be connected to

earth.

8. For both digital and analogue signal types, multi-core cables for IS circuits SHOULD
have individual screens around each separate IS circuit, as per “Type A” cable in BS EN
60079-14:2008. Where this is completed an overall screen is not required.

9. For all circuits, other than intrinsically safe and energy-limited circuits, the
hazardous area end of each unused core in multi-core cables MUST either be connected to
earth or be adequately insulated by means of terminations suitable for the type of
protection. Insulation by tape alone MUST NOT be used.

10. Circuits which are not intrinsically safe shall not be carried in the same multi-core as
intrinsically safe circuits.

3.16 Functional Safety General

1. An electronic copy of the risk assessment document, performed per BS EN ISO 12100,
MUST be provided, it SHOULD as a minimum identify the limits of the machinery,
identify the hazards, identify who and when could be harmed, and prioritize the risk per
seriousness.

2. A functional safety requirements document MUST be provided. It SHOULD detail as

a minimum the following information of each safety functions; required performance
level, performance level achieved, required architecture/category, architecture/category
achieved, diagnostic coverage achieved, Mean Time To Dangerous Failure, and Common
Cause Failures.

3. For functional safety design and verification, the ISO 13849 standard MUST be
followed.

4. Verification of the safety functions MUST be provided, the Software-Assistant

SISTEMAi software SHOULD be used. An electronic copy in native format of the
verification report MUST be provided.

5. Safety functions SHOULD be designed to a minimum Category 3 and PLd, or higher

as indicated by the risk assessment. This is to ensure that all safety circuits are designed
to be a dual channel circuitsii.

16
 30-Jun-17

6. Standard contactors or control relays MUST NOT be used within a safety circuit.
Those approved for use in safety circuits with mirror contact performance and no override
function MUST be used.

7. Every machine MUST be equipped with one or more Emergency Stop devices that
immediately stop the machine and dissipate stored energy when operated. The device/s
MUST be easily and safely accessible from the work place of each operator.

8. Emergency stops devices MUST have twist to release operation. Each emergency stop
MUST have indication or feedback of the exact device that has been operated.

9. Emergency stop circuits SHOULD be designed as a minimum to be a dual channel

circuit. Meeting the requirements of Category 3 and PLd circuit or a SIL 2 capable safety
function with a Hardware Fault Tolerance (HFT) of 1.

10. Dual channel safety output MUST be maintained as dual channel, even within a
control panel. A single output channel driving a relay to create a dual channel MUST
NOT be used. Two safety outputs from the PLC SHOULD be used.

11. Any use of fault exclusions per ISO 13849-2iii, Annex D MUST have prior written
approval from CVI.

12. The safety circuit MUST be reset via a hard-wired reset push button. It MUST NOT
be achievable from the HMI or other standard circuit.

13. After operation of the safety circuit it MUST NOT be possible to energise the safety
circuit without first re-setting the circuit. Then the machine operation MUST be
manually restarted.

14. Guard doors circuits MUST NOT have more than four doors in series, Guard doors
SHOULD NOT be wired in series.

15. Individual indication of each guard status SHOULD be shown on the machine HMI
panel.

16. Safety circuits SHOULD use a safety PLC, where a PLC is used for machine control.
Where no PLC is fitted then safety relays SHOULD be used to realize the safety circuit.

17. Guards that require regular opening SHOULD be hinged or sliding.

18. All guards that can be opened without the use of a tool or key MUST be fitted with
Dual Channel safety switches as a minimum.

19. Wherever practical, guards SHOULD be designed to allow the safe, efficient setting
and adjustment of machines without resorting to the use of a guard override key switch.

20. Where guard override key switches are fitted they MUST meet the same category and
performance level of the guard circuit they are overriding.

21. Where guard override key switches are fitted consideration to location MUST be
given to ensure inadvertent operation.

22. Where air dump valves are fitted to isolate and remove the residual compressed air
pressure within the machine, they MUST be dual residue release type with feedback.

17
 30-Jun-17

23. Guard door switches that make use of a mechanical actuator key SHOULD NOT be
used, contactless uniquely coded RFID types are preferred

24. For process safety design and verification, the IEC 61511iv standard MUST be
followed.

25. For process safety systems, specification should take consideration of the highest
possible Safety Integrity Level (SIL) required. The safety system MUST be capable of
achieving a minimum of SIL 1 or higher.

26. For process safety systems, all Safety Instrumented Functions (SIF) MUST be
designed to be capable of achieving SIL 2 with a HFT of 1 or above. Lower SIL can be
used, but CVI’s approval MUST be given at the design stage.

27. For process safety systems, a Safety Requirements Specification in accordance with
IEC 61511 Part 1 section 10.3 MUST be provided by the supplier.

3.17 Functional Safety - Programmable Electronic Based

System
1. The HMI MUST not interface directly with the safety program.

2. Safety logic SHOULD not be reset from standard logic.

3. Standard tags used in the safety routines MUST be subject to bounds checking.

4. Safety task MUST be locked.

5. Safety signature MUST be documented.

6. For Process safety systems with dual channel systems they MUST have channel A
and channel B input data separate always within the PLC application.

7. Requirements of the appropriate Rockwell Automation Safety Reference Manual

MUST be followed.

8. All checklists at the end of the appropriate Rockwell Automation Safety Reference
Manual MUST be completed and included in the documentation provided.

9. Confirmation of the Project MUST be carried out by viewing the project, and compare
the uploaded safety I/O and controller configurations, safety data, and safety task
program logic to make sure that the correct safety components were downloaded, tested,
and retained in the safety application program.

10. Non-certified programmable devices in safety circuits MUST NOT be used.

11. Devices within a safety function MUST be kept to a minimum; a master safety
contactor SHOULD NOT be used to cut power or signals to multiple devices. Instead each
device SHOULD be fed from safety PLC outputs.

12. All physical I/O within the safety program MUST be safety I/O.

13. Where standard tags are used within the safety program bounds checking MUST be
provided.

18
 30-Jun-17

3.18 Functional Safety - Electrical / Electronic Based System

1. Emergency stop and guard circuits MUST be independent from each other.

3.19 Programmable Devices

1. Programmable Controllers used SHOULD be as detailed in latest version of the
Controls Hardware Design Specification.

2. The use of any other type of PLC not detailed within Controls Hardware Design
Specification MUST be approved in writing by CVI. This includes PLCs contained within
third party, bought in components and other proprietary systems, such as saline dosing
units or motion control.

3. The latest versions of software SHOULD be used for application development, and in
accordance with the requirements described in the Controls Software Design
Specification, unless otherwise stated in project specific documentation.

4. Where remote inputs and outputs are used, they MUST be realized via Ethernet
communication.

5. Remote I/O communication networks MUST be fault tolerant, with alarming and
diagnostics. Device level ring architecture SHOULD be created as per the requirements
described in the latest version of the Controls And Network Architecture.

6. Remote I/O using DeviceNet, Profibus, or AS-Interface SHOULD NOT be used.

7. PLC to PLC communications SHOULD be realized using Ethernet communication

and where possible produced and consumed tags.

8. The type of programmable device MUST be agreed at the time of the quotation.

9. There SHOULD be a minimum of 10% installed spare capacity at completion of

commissioning in the amount of internal control elements, inputs/ outputs (of each type
used) and 25% spare program memory. This spare capacity SHOULD include at least one
spare slot when a rack type PLC is supplied.

10. All digital inputs and outputs SHOULD be optically or galvanically isolated.

11. The identification numbers for all PLC input and output wiring SHOULD be derived
from the wiring diagram cross reference identification and they MUST be unique.

12. The "on" state of all digital inputs and outputs MUST be indicated on the
programmable device by integral LED's.

13. Test documentation SHOULD be provided to provide assurance that the correct
polarity and checking of I/O connection has been made.

14. All spare I/Os MUST be wired to terminals for future use.

15. All I/Os MUST be labelled and easily identifiable on the wiring schematics and in the
PLC code from the label

16. When PID control is required for process control this SHOULD be done in the PLC,
with Control via HMI Faceplates.

19
 30-Jun-17

17. Ethernet networks MUST be designed in accordance with the requirements described
in the CONTROLS AND NETWORK ARCHITECTURE

4 DESIGN REQUIREMENTS
4.1 Standards
The vendor must comply with current European standards and legislation in force at the
commencement of the contract (or current equivalents, where applicable). Applicable
standards that must be followed are listed in Appendix D – Applicable Standards.

4.2 Machine Electrical Design

Generally, the machine’s electrical controls systems MUST be designed

• in accordance with good practice for clean-room equipment

• to allow easy cleaning
• to eliminate dirt traps and areas where microorganisms can develop

The following areas are considered important:

• Reliability
• Simplicity of design
• Ease of access
• Safety of operators and maintainers
• Ease of cleaning
• Ease of part replacement (to minimise production downtime)
• Machine energy consumption costs – (E.g. Minimisation of compressed air usage)

Dedicated equipment is to be:

• Free standing on adjustable feet, with jack down wheels where appropriate.
• Secured to mating machinery (interface to be adjustable)
• Electrical cable runs to be run in conduit with plug and socket connections on all
leads
• Power feed from single overhead drop (building cable runs are in the ceiling)

4.3 Build Materials

Proprietary equipment is supplied in their manufacturers finish (for example pneumatic
cylinders and valves, motors, resolvers and gearboxes).

4.4 Build Quality

The indicators below are not exhaustive and build quality will be assured by CVI during
manufacture. The general build quality of the equipment is to be as normally expected in
a pharmaceutical or medical environment.

All components will meet the following requirements:

• Be burr free
• Made within drawing tolerances to ensure efficient operation

20
 30-Jun-17

All electrical control cabinets to be supplied in stainless steel labelled with the system
reference or a material and finish being suitable for environment and agreed with CVI.

Only 1 (one) vendor name plate, of not more than A4 size, may be fitted to the machine.

21
 30-Jun-17

5 DOCUMENTATION REQUIREMENTS
This section outlines the documents to be supplied to CVI during the project. Most of the
documents are deemed to be live documents through the life cycle of the project and will
be reviewed and modified at various stages of the project. All documentation will be
verified as representing the ‘as build’ state during the Factory Acceptance Test (FAT).

All documentation MUST reference the project reference, have an issue number and issue
date.

All documentation and drawings MUST be supplied in electronic format (for example a
Microsoft Office document) and hard copy format. For all drawings, the electronic format
MUST include an electronic printout of the drawing in PDF format and the native format
of the CAD package used to draft the drawing (e.g. dwg for AutoCAD, zw1 for EPLAN).

All manuals should be constructed to allow update of separate sections to prevent the re-
issue of entire manuals.

• On Design Review.
➢ Electrical design package with (as a minimum):
o General arrangement drawing and panel layout drawing. (1 copy)
o Schematic and full electrical wiring diagrams. (1 copy)
o Parts list. (1 copy)
➢ FDS, HDS, SDS including full I/O listing. (1 copy)
➢ Risk Assessment detailing the required of safety functions their required
performance levels and category. (1 copy)
➢ Functional Safety Specification. (1 copy)
• On Completion of Construction (or at FAT).
➢ Inverters/Controllers configuration/settings. (1 copy)
➢ Fully annotated PLC software listing and ladder logic (with cross-references
and symbolic table). (1 copy)
➢ As-built general arrangement drawing and panel layout drawing. (1 copy)
➢ As-built schematic and full electrical wiring diagrams. (1 copy)
➢ As-built parts list. (1 copy)
➢ Draft Operating Instructions and Maintenance Manual. (1 copy)
• With Delivery (or at SAT).
➢ Operating Instructions and Maintenance Manual. (2 copies)
➢ Electrical test and calibration certificates. (2 copies)
➢ Back up of the PLC, drives, servo, vision systems and HMI (both apa and mer
file types) programs. (Electronic copies)
➢ Functional safety verification report, preferably in the form of a SISTEMA
report. (Electronic file)

5.1 Documentation
All documentation MUST be supplied in ENGLISH ONLY and comply with GAMP
guidelinesv.

Design documentation and drawings MUST be issued to CVI before construction

commences. The construction SHOULD NOT start until formal agreement with CVI is
reached. If the supplier commences manufacture prior to this, then the supplier is

22
 30-Jun-17

proceeding at his own risk. Incorporation of CVI comments will be deemed as the
suppliers’ own decision and contractually binding.

If any modifications occur after the latest documentation has been submitted
CVI should be informed and a new updated copy should be sent.

Documentation and drawings MUST be legible with good uniform print quality
throughout.

For electrical drawings, they MUST be designed in EPLAN P8 and EPLAN’s project
MUST be supplied using the native backup feature (zw1 file format). The EN 61082-1
and EN 81346 SHOULD be followed. Wiring diagrams MUST use a cross-reference
system for lay-down and usage. Device identifiers MUST be derived from their wiring
diagram lay-down location. The electrical drawings SHOULD include summary reports
for terminal strips, multicore cables and other summary reports that are deemed
necessary.

5.2 Design Specifications

• Functional Design Specification (FDS)
• Hardware Design Specification (HDS)
• Software Design Specification (SDS)
• Risk assessment detailing the required safety functions their required
performance level for each safety function and their category.
• Functional Safety Specification

5.3 Electrical Design Package

The following drawings MUST be supplied in an ‘as built’ state; this list is by no means
exhaustive, additional documents may be requested to assist in such areas as
maintenance.

• General Arrangement (Layout of the machine with locations of panels, remote IO

nodes and other devices that appear in the schematic and their location need to
be defined).
• Enclosure layout and cut-outs
• Terminal and multicore detail
• Control Panel General Arrangement
• Bus structures with detailed addresses and nodes
• Network architecture topology
• Robot and/or other machines interfaces
• Installation Schematics (showing machine footprint, all service points, and any
lifting, slinging and skate points)
• Sub-Assemblies (to contain parts list, including suppliers name and part numbers
for bought out items and set up dimensions where required)
• Process Flow Diagrams
• Control hardware overview (PLC, PointIO etc.)
• Multi-line wiring schematics

5.4 Installation / Integration Report

This can be part of the maintenance manual and must include:

23
 30-Jun-17

• Contents page
• Lifting instructions and correct lifting points.
• Safety instructions and precautions
• Installation instructions and diagrams
• Required power supplies and services list
• Pre-use cleaning procedure

5.5 Maintenance and Service Manual

Including:

• Contents page
• Safety instructions and precautions
• General description of the apparatus
• Relevant reference drawings
• Spare parts list
• Lubrication schedule
• Consumables listing – filters, etc.
• Routine testing and calibration schedule
• Calibration procedures
• Set Up procedures
• Service schedule (weekly, monthly, yearly, etc.)
• Maintenance instructions (including strip-down details)
• Recommended spares list (with long lead items identified)
• List of and details of proprietary items (specification sheets)
• After-sales service contact names and phone numbers, etc.

The Maintenance & Service Manual should contain digital images and may have
associated video files to assist in service / operational procedures.

5.6 Operation Manual

Including:

• Contents page
• Safety instructions and precautions
• Cleaning procedures
• Pre-start-up checks
• Start-up and shut-down procedures
• Operating instructions
• Fault finding & remedy list
• Operator access points - diagram and procedure

The Operator Manual should contain digital images and may have associated video files
to assist in operational procedures.

5.7 Technical Construction File

Including:

• Contents page
• Top level document with references to all relevant documents

24
 30-Jun-17

• The machinery release or acceptance notes signed by client

• Manufacturers declaration of conformity (CE)
• Manufacturers Certificates of Conformity for their supply equipment
• All test results
• Risk assessment report (for CE marking)
• Equipment test certificates from supplier
• Parts lists
• Product contact materials and components list, along with Material Conformance
Certificates.
• Certificates of test and conformity to standards as applicable
• Test certificates for critical items and materials
• Non-product contact materials and components list
• Certificates of conformity to standards as applicable
• Test certificates as applicable
• As-built drawings if relevant
• A drawing and location list
• Non-compliance list and forms
• OEM Equipment Documents & Manuals, Licences and Original CD’s
• Calibration Certificates

Where a machine or project specific URS is provided, it will detail a definitive list of
required documentation for the project. In addition to this requirement the following
documents will also be required and provided as part of the overall documentation pack.

• A block diagram MUST be provided to describe the functionality and structure of

the code.
• Any additional definitions that increase the scope of this document should be
provided to CVI as an ‘SDS addendum’.
• Reference to all external documentation should be documented internally within
the PLC software.
• A glossary of used terms should be provided.

5.8 Acceptance tests.

To ensure that a new machine’s electrical design and installation complies with CVI’s
requirements as specified in this document, the following review procedure, at the
different stages of each project, must be followed.

5.8.1 On Design Review Stage.

Once the machine has been designed and before it is started to be built, a controls
engineer must review all documents using Form A (Appendix F – Form A), assuring all
points are reviewed and the machine electrical design and drawings comply with CVI’s
requirements.

Instructions for the correct completion of Form A can be found on Appendix H -

Instructions for completing Form A and Form B.

5.8.2 On Completion of Construction (or at FAT).

25
 30-Jun-17

A controls engineer must review that all documentation required at this stage is received,
updated to “as built” state and the machine electrical installation is built as designed.
Form B (Appendix G – Form B) must be used for this.

Instructions for the correct completion of Form B can be found on Appendix H -

Instructions for completing Form A and Form B.

A completed Form A must be signed by both parties, CVI and the manufacturer, at this
stage.

5.8.3 On Delivery (or at SAT).

All non-conformances from the FAT stage must be reviewed and approved before the SAT
is completed.

A completed Form B must be signed by both parties, CVI and the manufacturer, at this
stage.

26
 30-Jun-17

6 APPENDICES
6.1 Appendix A – Colour Code for Push Buttons
COLOUR MEANING Explanation/Examples of application
Actuate in the event of a hazardous condition
or emergency.
RED Emergency
Emergency stop.
Initiation of emergency function.
Actuate in the event of an abnormal condition.
Intervention to suppress abnormal condition.
YELLOW Abnormal
Intervention to restart an interrupted
automatic cycle.
Actuate to initiate normal conditions.
GREEN Normal
See EN 60204-1:1998 section 10.2.1
Actuate for a condition requiring mandatory
BLUE Mandatory action.
Reset function.
For general initiation of functions except for
No specific
emergency stop.
WHITE meaning
Start/On (preferred)
assigned
Stop/Off
For general initiation of functions except for
No specific emergency stop.
GREY meaning Start/On
assigned Stop/Off

For general initiation of functions except for

No specific
emergency stop.
BLACK meaning
Start/On
assigned
Stop/Off (preferred)

27
 30-Jun-17

6.2 Appendix B – Colour Code for Indicators

COLOUR MEANING Explanation Action by operator
Hazardous condition Immediate action to deal
RED Emergency with hazardous condition (e.g. by operating
emergency stop)
Abnormal condition Impending critical action
YELLOW Abnormal Monitoring and/or intervention (e.g. by re-
establishing the intended function)
GREEN Normal Normal condition Optional
Indication of a condition that requires action by
BLUE Mandatory
the operator Mandatory action
Other conditions; may be used whenever doubt
WHITE Neutral exists about the application of RED, YELLOW,
GREEN, BLUE Monitoring

28
 30-Jun-17

6.3 Appendix C – Colour code for Wiring Identification

Colour code for wiring identification purposes

Conductor
BS EN 60204-1 Comments
Type
A.C. and D.C Label AC phases with –L1, –L2, –L3
power BLACK (note any other identifier should be in front with
circuits. –L1, –L2, –L3 last)
A.C. control
RED
circuits.
D.C. control
BLUE
circuits.
Excepted
circuits in
accordance ORANGE Must be identified by label and covered to IP2xx.
with
ISO60204 §5.3.
Label all Neutrals with –N, instead of using only
LIGHT BLUE
colour identification.
Neutral (If identified by
(note any other identifier should be in front with
colour only).
–N last).
Protective
GREEN &
conductor
YELLOW
(Earth)

29
 30-Jun-17

6.4 Appendix D – Applicable Standards

Description Standard
Supplier Guide for Validation of
Automated Systems in Pharmaceutical GAMP – IPSE’s guide Current Version
Manufacture
For CE Marking:
• Machinery Directive 2006/42/EC
Legal Requirements • Low Voltage Directive 2014/35/EU
• EMC Directive 2014/30/EU
• ATEX Directive 2014/34/EU
Safety of machinery. General
principles for design. Risk assessment BS EN ISO 12100:2010
and risk reduction
Safety of machinery. Electrical
equipment of machines. General BS EN 60204-1:2006+A1:2009
requirements
Safety of machinery. Safety-related
parts of control systems. General BS EN ISO 13849-1:2015
principles for design

Safety of machinery. Safety-related

BS EN ISO 13849-2:2012
parts of control systems. Validation

Safety of machinery. Emergency stop

BS EN ISO 13850:2015
function. Principles for design
Safety of machinery. Positioning of
safeguards with respect to the
BS EN ISO 13855:2010
approach speeds of parts of the human
body
Safety of machinery. Interlocking
devices associated with guards. BS EN 1088:1995+A2:2008
Principles for design and selection
Specification for low-voltage
switchgear and controlgear. Switches,
BS EN 60947-3:1992
disconnectors, switch-disconnectors
and fuse-combination units
Control circuit devices and switching
elements - Electrical emergency stop
BS EN 60947-5-5:1998+A2:2017
device with mechanical latching
function
Low-voltage switchgear and
controlgear. Contactors and motor-
BS EN 60947-4-1:2010+A1:2012
starters. Electromechanical
contactors and motor-starters
Requirements for Electrical
BS 7671:2008+A3:2015
Installations. IET Wiring Regulations
Code of practice for protective
BS 7430:2011+A1:2015
earthing of electrical installations

30
 30-Jun-17

Section 3.1.19
UK Style 13 Amp Socket.
Mains supply for programming units
Electromagnetic compatibility (EMC).
Generic standards. Emission standard
BS EN 61000-6-3:2007+A1:2011
for residential, commercial and light-
industrial environments
Explosive Atmospheres BS EN 60079
Preparation of documents used in
BS EN 61082-1:2015
electrotechnology. Rules
Graphical symbols for diagrams IEC 60617

31
 30-Jun-17

6.5 Appendix E – Stack Lights and Indication Beacons Colours

Colour Description

Red Machine stopped due to a safety related alarm

Flashing Red Machine stopped due to a non-safety related alarm

Amber Manual, referencing, inching or other non-production mode

Flashing Amber Machine running but a warning is present

Green Machine running in automatic mode

Flashing Green Machine stopped, but available to start

32
 30-Jun-17

6.6 Appendix F – Form A

33
30-Jun-17

34
30-Jun-17

35
 30-Jun-17

Appendix G – Form B

36
30-Jun-17

37
30-Jun-17

38
 30-Jun-17

6.7 Appendix H - Instructions for completing Form A and Form

B
6.7.1 Completing Form A:
This form is available as a separate word file to be completed.

This form should be a live document and updated as many times as a new set of
documents is received from the supplier. The document must be finalised by FAT and all
issues identified during the reviews must have been resolved. The final revision must be
accepted and signed from both parts, CVI and the manufacturer representatives, at the
FAT.

Supplier: machine manufacturer name.

Machine: Machine type.

Revision: Revision number of the form. (Every time new review is performed, it will be
necessary to update the form and this revision will be incremented by 1: Revision 1…99.

Date: Date that the review is performed.

Reviewer: The controls engineer who is filling out the form.

Documents received:

• The reviewer will tick “Yes” for each document that has been received. If a new
version of any existing document is received, the version/date will need to be
updated.
• If any of those documents are not received, tick “NO” in the form.
• When a new document is received, in a subsequent review, the reviewer should
change the mark to ‘YES’.
• If for any reason, a document is not necessary or applicable for a machine, tick
“N/A”
• At the FAT, for the form to be successfully complete and signed, all points should
have been marked with either ‘YES’ or ‘N/A’.

Drawing and Electrical Design Checklist:

• The reviewer must reply to all questions on this section. If the question point is
not applicable for a machine tick ‘N/A’.
• If any answer is ‘NO’, a new table must be created and filled, in the “Issues to be
reviewed” section bellow.
• When an issue is amended, in a subsequent review, the equivalent table should
be updated and the answer changed to ‘YES’.
• Add at the end of the checklist any additional design points that could improve
the machine or the maintenance of it in the future.
• At the FAT, for the form to be successfully complete and signed, all questions
should have been answered with either ‘YES’ or ‘N/A’.

Comments: Add any relevant comment that explains your ticks. N/A checks can be
justified here.

39
 30-Jun-17

Attached documentation: Include any relevant document. E.g. documents justifying

design decisions not conforming to the specifications.

Issues to be reviewed: Add a table for each non-conforming point of the Drawing and
Electrical Design Checklist. If more than one points share the same issue, they could be
written down using the same table.

• Point: Question number, in ‘Drawing and Electrical Design Checklist’.

• Issue: Title of the issue.
• Summary of the issue: Describe the issue.
• Requirement: Describe the actions that should be taken for sorting out this
issue.
• Reviewed and accepted by: Once the issue has been amended, fill the reviewer
name that has reviewed and accepted the amendment. At this point the answer
on the equivalent question should be changed to ‘YES’ or ‘N/A’ appropriately.
• Date: Date the issue has been amended.
• Comments: Any observations once the amendment has been completed.

6.7.2 Completing Form B:

This form is available as a separate file to be completed.

This form should be a live document and updated as many times as a new review is
performed. The document must be finalised by SAT and all issues identified must have
been resolved. The final revision must be accepted and signed from both parts, CVI and
the manufacturer representatives, at the FAT.

Supplier: machine manufacturer name.

Machine: Machine type.

Revision: Revision number of the form. (Every time new review is performed, it will be
necessary to update the form and this revision will be incremented by 1: Revision 1…99.

Date: Date that the review is performed.

Reviewer: The controls engineer who is filling out the form.

Documents received:

• The reviewer will tick “Yes” for each document/file that has been received. If a
new version of any existing document/file is received, the version/date will need to
be updated.
• If any of those documents/files are not received, tick “NO” in the form.
• When a new document is received, in a subsequent review, the reviewer should
change the mark to ‘YES’.
• If for any reason, a document/file is not necessary or applicable for a machine,
tick “N/A”
• At the SAT, for the form to be successfully complete and signed, all points should
have been marked with either ‘YES’ or ‘N/A’.

Electrical Build Checklist:

40
 30-Jun-17

• The reviewer must reply to all questions on this section. If the question point is
not applicable for a machine tick ‘N/A’.
• If any answer is ‘NO’, a new table must be created and filled, in the “Issues to be
reviewed” section bellow.
• When an issue is amended, in a subsequent review, the equivalent table should
be updated and the answer changed to ‘YES’.
• Add at the end of the checklist any additional design points that could improve
the machine or the maintenance of it in the future.
• At the FAT, for the form to be successfully complete and signed, all questions
should have been answered with either ‘YES’ or ‘N/A’.

Comments: Add any relevant comment that explains your ticks. N/A checks can be
justified here.

Attached documentation: Include any relevant document. E.g. documents justifying

change decisions not conforming to the specifications.

Issues to be reviewed: Add a table for each non-conforming point in the Electrical
Build Checklist. If more than one points share the same issue, they could be written
down using the same table.

• Point: Question number, in ‘Electrical Build Checklist.

• Issue: Title of the issue.
• Summary of the issue: Describe the issue.
• Requirement: Describe the actions that should be taken for sorting out this
issue.
• Reviewed and accepted by: Once the issue has been amended, fill the reviewer
name that has reviewed and accepted the amendment. At this point the answer
on the equivalent question should be changed to ‘YES’ or ‘N/A’ appropriately.
• Date: When the issue has been amended.
• Comments: Any observations once amendment has been completed.

41
 30-Jun-17

7 REFERENCES

i SISTEMA Software Tool – http://www.dguv.de/ifa/praxishilfen/practical-solutions-

machine-safety/software-sistema/index.jsp
ii Safety Related Control System Structure –

http://www.ab.com/en/epub/catalogs/3377539/5866177/3378076/10334651/Categories-of-
Control-Systems.html
iii ISO 13849-2 – https://www.iso.org/standard/53640.html
iv IEC 61511-1 – https://webstore.iec.ch/publication/24241
v GAMP 5 Guidelines - 2008 – http://www.ispe.org/gamp-5

42