ES4PS
tr

System Responsibility

Product-Safety mindset — risk identification, analysis, mitigation, verification, monitoring through the system lifecycle. ISO 12100, ISO 13849, IEC 61508, EU 2023/1230.

Safety is in every stage of the workflow, not the last one. Risk identification → analysis → mitigation → verification → monitoring — over the whole lifecycle.

A typical engineering contract splits “engineering” and “safety” into separate workstreams. The engineers design, then a safety reviewer signs off. The problem with this model is that safety issues are often baked into early decisions — by the time the safety reviewer sees the design, the cost of changing it is prohibitive.

ES4PS treats System Responsibility as a Product-Safety mindset applied at every stage, not a separate post-design audit. This is how OE manufacturers run safety for their own products — and it is what we bring to engineering services.

The five-step Product-Safety process

Our process is built on the EU Machinery Regulation 2023/1230 + ISO 12100 framework, applied iteratively at every workflow stage (not just at the end).

1. Hazard identification

Question: what can go wrong, where, and to whom?

Methods used: HAZOP, FMEA, what-if analysis, design review against the ISO 12100 hazard list.

Output: hazard register (every identified hazard logged with location, mechanism, possible consequence).

2. Risk analysis

Question: for each hazard, how likely is it and how severe?

Methods: risk-graph (ISO 13849-1), risk matrix (severity × probability × exposure), LOPA (Layer of Protection Analysis) for SIL applications.

Output: risk classification + required risk reduction.

3. Risk mitigation

Question: how do we reduce the risk to acceptable?

Hierarchy: design-out → safeguarding → instructions / warnings (the “3-step method” per ISO 12100). We always exhaust design-out before relying on safeguards.

Output: mitigation register linked to design decisions + standards (ISO 13849 PL, IEC 61508 SIL, IEC 61511 SIL for process).

4. Verification

Question: does the mitigation actually work?

Methods: design review, FAT-stage verification, SAT verification, dedicated safety integrity testing for SIL functions.

Output: verification record + sign-off.

5. Lifecycle monitoring

Question: does it still work? What changed?

Methods: post-modification re-HAZOP, periodic safety audit, incident learning loop.

Output: lifecycle safety case (the system stays safe through its operational life).

Where this applies

Every engineering stage in the workflow has a Product-Safety question:

  • Sizing — is the rating class right for the duty? (Wrong class can cause overheat → fire.)
  • Calculations — are the worst-case conditions covered? (Skipping = latent failure.)
  • Equipment design — does the layout allow safe operation + maintenance? (Door force, working clearance, hot surfaces, arc-flash boundary.)
  • Production — are the welding + NDT records complete? (No record = no traceability for a future failure investigation.)
  • Test & commissioning — does the system actually behave as the safety case assumes?
  • Operations — is the O&M manual aligned with the verified safe operating envelope?

Standards we apply

  • ISO 12100 — machinery safety, general principles for design — risk assessment methodology
  • ISO 13849-1 / -2 — safety-related parts of control systems — performance level (PL) determination
  • IEC 61508 (parts 1–7) — functional safety of electrical / electronic / programmable systems
  • IEC 61511 — functional safety for process industries (LOPA / SIL)
  • EU Machinery Regulation 2023/1230 — replaces 2006/42/EC; CE marking + Technical File requirements
  • EU Low Voltage Directive 2014/35/EU
  • EU EMC Directive 2014/30/EU
  • EU ATEX 2014/34/EU — equipment for explosive atmospheres
  • API RP 75 — offshore SEMS (Safety + Environmental Management Systems)
  • API RP 1173 — pipeline Safety Management System
  • HAZOP — IEC 61882 methodology

Why this matters

Engineering firms that treat safety as a post-design check produce designs that pass the safety review on paper but fail in operation. We have seen this pattern many times — and it is why we built System Responsibility into the workflow, not as a separate deliverable.

The cost of designing safe is approximately zero (it’s the same engineering hours, applied with the safety question in mind). The cost of patching unsafe is large — and the cost of an incident is unbounded.

Engagement types

  • HAZOP / FMEA facilitation for a specific project — 1–2 weeks
  • Full Product-Safety dossier for a new project — concurrent with engineering, 1–6 months
  • CE Technical File preparation (Machinery Regulation 2023/1230) — 4–8 weeks depending on complexity
  • Functional safety analysis for SIL-rated systems — 4–12 weeks
  • Post-incident root-cause investigation — 2–6 weeks
  • Lifecycle safety audit for existing installations — 2–6 weeks

Send a project brief

Send a project brief → ← Back to all services