Laboratory manual for the evaluation of non-automatic weighing devices

Part 2, section 2—Sealing

Table of contents


Reference

2.0 Sealing – Generalities

Electronic weighing devices must have provisions to the effect that a security seal must be broken, or an audit trail provided, before any adjustment affecting the performance of the device can be made. Only the metrological parameters: that can affect the measurement features, that have a significant potential for fraud, whose range extends beyond that appropriate for device compliance or the suitability of the equipment, shall be sealed.

2.1 Philosophy for sealing

The judgment as to whether or not a method of access represents a "significant potential for fraud" and thus requires sealing, will be based upon the following philosophies.

2.1.1 The need to seal specific features depends upon:

  1. The ease with which the feature or the selection of the feature can be used to facilitate fraud; and
  2. The likelihood that the use of the feature will result in fraud not being detected.

2.1.2 Features or functions that are routinely used by the operator as part of device operation, such as the setting and maintaining of unit prices in price look-up codes, are not sealable parameters.

2.1.3 If the selection of a parameter (or a set of parameters) would result in performance that would obviously be in error, such as the selection of parameters for different countries, then it is not necessary to seal the selection of these features.

2.1.4 If individual device characteristics are selectable from a "menu" or a series of programming steps, then access to the "programming mode" must be sealable.

2.1.5 If a device must undergo a physical act, such as the cutting of a wire and physically repairing the cut to reactivate the parameter, it would be considered an acceptable way to select parameters without requiring a physical seal or an audit trail.

2.2 Sealable parameters on non automatic weighing devices

The following examples of adjustments, parameters and features to be sealed are to be considered "typical" or "normal". The list is not intended to be all inclusive and any other parameters that may affect the metrological functions of a device must be sealed.

If listed parameters or other parameters which may affect the metrological function of a device are not to be sealed, the manufacturer must demonstrate that the parameter will not affect the metrological performance of the device.

Typical sealable parameters
Typical features or parameters that are not required to be sealed

2.3 Other mechanisms requiring sealing

2.3.1 Junction boxes that have adjustment parameters (potentiometers, rheostats, resistors or software configuration, etc.) must have provisions for applying security seals.

2.3.2 In the case of a complete scale consisting of an electronic indicator and a load receiving element incorporating a junction box or load cells that have built-in calibration/configuration capabilities, and for which the parameters can be changed "remotely" through the indicator keyboard, there must be provisions to seal load cell cables to the indicator and junction box.

2.3.3 If the device is equipped with an automatic or semi-automatic calibration mechanism, the mechanism must be inside the device and there must be provisions to apply security seals so that neither the mechanism nor the calibration process can be altered.

Note: Automatic and semi-automatic calibration mechanism

An automatic or semi-automatic calibration mechanisms are allowed provided it is within the device and the method or process can not be tampered with. Using the calibration mechanism, try to calibrate the device: when off level, when there is a load on the platform, and when the display device is in motion. Also try to put a small load on the set when the internal mechanism calibrates. These interventions should give rise to any erroneous calibration.

2.4 Physical seals

Physical seals comprise "lead"and wire seals, pressure sensitive seals, etc. They may be used to seal certain device categories, features and mechanisms (see sections 2.3 and 2.5).

2.4.1 Seals must be readily accessible and observable. Devices must be sealable in a manner that does not require disassembly or moving of the device to gain access to the adjustments. However, removing a protective cover plate to access a junction box is acceptable. The removal of a cover plate must be simple and not require excessive effort or the use of special tools.

2.4.2 On small devices (portable) the means of sealing may be under the platter, if the platter can be lifted easily, under the scale or at the back of the scale if the scale is designed so that it can be turned upside down without damage to remove or apply security seals. When a "lead"and wire seal is located under the platform, there must be ample clearance to eliminate the possibility of interference between the seal and the platform.

2.4.3 When two bolts are used for a Alead and wire seal@, it must be impossible to remove either bolt without breaking the wire seal. A free standing bolt (a bolt which passes through a panel and is fixed in place with a nut on the opposite side of the panel) is not acceptable.

2.4.4 Pressure sensitive seals are acceptable under certain conditions. If they cover a hole (e.g., through which a "calibration enable" switch would be activated) the hole must be covered with a suitable rigid plug. The seal must not bridge so as to leave cavities or air pockets under the seal. Cavities and air pockets are weak points that could cause the seal to be easily damaged (see the illustration below).

Figure 1

Diagram of a keylock sealed using a pressure sensitive seal. As the keylock protrudes from the casing, air pockets are left below the seal leaving the seal vulnerable to damage.
  1. Pressure sensitive (paper) seal
  2. Keylock
  3. Air pocket (void space)
  4. Casing
Description of Figure 1

Diagram of a keylock sealed using a pressure sensitive seal. As the keylock protrudes from the casing, air pockets are left below the seal leaving the seal vulnerable to damage.

2.4.5 A pressure sensitive security seal is not suitable in an adverse environment (rain, cold, wash-down, etc.).

2.5 Sealing electronic devices

Electronic devices must be "sealed" in accordance with the minimum requirements contained in the Specifications Relating to the Design, Composition, Performance and Use of Metrological Audit Trails.

Note : A Category 1 or Category 2 device may be sealed using an event logger instead of a physical seal. An event logger exceeds the minimum requirements for Category 1 and Category 2 devices.

The terms used in the Notice of Approval are defined in the Terms and Conditions for the Approval of Metrological Audit Trails; these Terms and Conditions can be found on the Measurement Canada's website.

Note : Numbers in parentheses refer to section numbers in the Terms and Conditions.

2.5.1 Category 1 device

A device that does not have remote configuration capability. Usually a device of this category has internal, physical means of adjustment such as dip switches, or configuration and adjustments can only be made through the device keypad when it is in a "calibration" mode. Such device may be sealed by means of a physical seal or two event counters: one for calibration parameters and one for configuration parameters.

2.5.1.1 (3.1) Access to sealable parameters is protected by:

  1. a physical seal; or
  2. an audit trail with two event counters (one for calibration, the second for configuration).
2.5.2 Category 2 device

A device offering remote configuration capability for its sealable parameters and providing sealable enabling/disabling hardware to control remote configuration use. Usually, a device of this category can be adjusted through the device keypad, remotely through the ports using an external apparatus such as a computer or using an external device such as an infrared handheld transmitter.

2.5.2.1 (3.2) Enabling/Disabling hardware access for remote communication is located at the device.

2.5.2.2 (4.1) Access to sealable parameters is protected by:

  1. a physical seal; or
  2. an audit trail with two event counters (one for calibration and one for configuration).

2.5.2.3 When the device is in the remote configuration mode,

2.5.3 Category 3 device

A device that provides unrestricted access to its sealable parameters. These are complex devices that are often part of sophisticated systems.

2.5.3.1 (3.3) Access to sealable parameters is protected by an event logger.

2.5.4 Event counters

If the device is "sealed" by means of event counters, the following requirements must be met:

2.5.5 Event loggers

If the device is "sealed" by means of an event logger, the following requirements must be met:

2.6 Notices of approval

Provisions for sealing some devices or features may be complex and extensive. Certain devices may incorporate audit trails and, in addition, some of their features or mechanisms may be secured using two or more physical seals. Audit trails are also configured differently for different devices.

In order to ensure adequate sealing and proper use of audit trail information, Notices of Approval should provide sealing plans and detailed audit trail operating instructions, including how to enter and exit the audit trail, for each approved model of device.

Revision

Original document

Date modified: