Safety Strategy

OMRON Automation and Safety Posted 03/07/2003

From a functional point of view the more efficiently a machine performs its task of processing material the better it is. Life, however, is not that simple and in order for a machine to be viable it must also be safe. Safety must be regarded as a prime consideration.

To achieve a proper safety strategy there must be:

1 - RISK ASSESSMENT based on a clear understanding of the machine limits and functions which must be analyzed to identify which ones pose a potential hazard. The degree of risk due to the hazard is then estimated in order to provide a basis for judgement at later stages. A risk evaluation is then required to determine if existing safety measures are satisfactory or whether additional measures are required to reduce the risk.

2 - RISK REDUCTION is then performed if necessary and safety  measures are selected based on the information derived from the risk assessment stage.

After the implementation of these measures the risk assessment is repeated to determine whether safety has in fact been achieved.

The manner in which this is done is the basis of the SAFETY STRATEGY for the machine.

A checklist should be followed to ensure that all aspects are considered and that the overriding principle does not become lost in the detail.

The first step is to ensure that the whole process is documented. This ensures a more thorough job and makes the results available for review by other parties. It can also be included in  the  technical file which supports the Declaration of Conformity for the Machinery Directive. Because the process is likely to be repeated, documenting the results means that needless repetition can be avoided.

If a machine is designed in conformity with a 'C' type standard specific to that machine it should already incorporate all the measures necessary for its safety. It is strongly recommended however that this process is still performed to ensure that everything is considered.

Although this section may only seem to apply to machine manufacturers it is also relevant to machine users as machines are often used in circumstances unforeseen by the manufacturer. The user (or employer) has a legal requirement to provide a safe working environment. Regulations make it clear that the safety of work equipment is addressed from three aspects:
(a) its initial integrity 
(b) the place where it is used 
(c) the purpose for which it is used.

For example, a milling machine used in a school workshop will need additional considerations compared to one that is used in an industrial tool room.

Remember that if a user acquires two or more independent machines and integrates them into one process they are, technically speaking, the manufacturer of the resulting combined machine.

Now let’s consider the essential steps to a proper safety strategy. The following can be applied to an existing factory installation or a single new machine.

Risk Assessment

Why is a risk assessment necessary?

One reason is obvious - in the EC it is a legal requirement. Most of the directives and regulations regarding machinery safety state that a formal risk assessment should be performed. Most of the harmonized European A and B type standards refer to it and the subject itself has a standard — EN 1050 'Principles for Risk Assessment.' Additionally, in North America ANSI has developed a technical report B11.TR3:2000. While not a 'standard,' this technical report provides guidance on how to estimate, evaluate and reduce risks associated with machine tools. People concerned with the safety of machinery know that risk assessment is an integral part of a complete safety strategy.

Risk assessment is a helpful process that provides vital information and allows the user or designer to make logical decisions about safeguarding methods.

Machine Limit Determination and Hazard Identification
A complete list of all machines should be made. Where separate machines are linked together, either mechanically or by control systems, they should be considered as a single machine. Each machine is then considered to see if it presents any sort of hazard and the list marked accordingly.

It is important to consider all stages in the life of a machine including installation, commissioning, maintenance, de-commissioning, correct use and operation. Also consider the consequences of reasonably foreseeable misuse or malfunction.

All hazards must be considered including crushing, shearing, entanglement, part ejection, fumes, radiation, toxic substances, heat, noise etc.

NOTE: If a machine relies on anything other than its intrinsic nature for its safety it should be indicated as a hazard source. A machine with exposed gears has an obvious and direct hazard. But if the gears are protected by an interlocked access panel they are a potential hazard which may become an actual hazard in the event of failure of the interlocking system.

Each machine with a hazard should be identified and marked on the list together with the types of hazard present. At this stage it is only the identity and type of hazard that is of concern. It is tempting to start estimating the degree of risk posed by the hazard but this is a separate process of risk estimation.

Risk Estimation
This is a fundamental aspect of machine safety. There are many ways of tackling this subject and the following pages provide a simple, effective approach. The method should be amended as necessary to suit individual requirements. An understanding of its importance is absolutely essential.

All machines that contain hazards present risk. It is important to be able to describe at which point the risk lies on a relative scale from minimum to maximum. The following pages provide a practical method for achieving this. First, let us look at some of the fundamental points.

1- The risk estimation must always be documented.
It is tempting to make a purely intuitive judgement. While often based on experience, it almost certainly will not take into account all the necessary considerations and cannot be easily checked or passed on to others.

You must follow a logical work pattern, write down the results and get other parties to review it. Remember, it is your evidence that you have shown due diligence in the task.

2 - What is risk?
The term risk is often confused with the severity of an accident. Both the severity of potential harm AND the probability of its occurrence must be considered in order to estimate the amount of risk present.

3 - It must take into account all foreseeable factors.
As with the Hazard Identification stage it is important to consider all stages of the machine's life including installation, commissioning, maintenance, de-commissioning, correct use and operation as well as the consequences of reasonably foreseeable misuse or malfunction.

4 - It is an iterative process but work need not be repeated needlessly.
For example: A machine has an interlock guard door which, during an earlier risk evaluation, has been shown to be satisfactory. Provided that there are no changes that affect it, during subsequent risk assessments, no further measures will be required as the risk has been satisfactorily reduced (or eliminated).

RISK ASSESSMENT - STEP 1
1 - THE SEVERITY OF POTENTIAL INJURY
For this consideration we are presuming that the accident or incident has happened. Careful study of the hazard will reveal the most severe injury that can be reasonably conceived.
Click here to continue 

But if the machine has never been subjected to a formal risk assessment or its usage circumstances have changed then it cannot be automatically assumed that the interlocking system is satisfactory and the risk estimation should be repeated to verify its suitability.

The suggestion for risk estimation given on the following pages is not advocated as the definitive method. Individual circumstances may dictate a different approach. It is intended only as a general guideline to encourage a methodical and documented structure.

It is intended to explain and complement the risk estimation section in standard EN 1050 'Principles for Risk Assessment.' It uses the same well established principles as the standard but has a few minor variations in its approach.

Risk Reduction and Evaluation
Consider each machine and its risks separately and then address all of its hazards.  There are three basic methods to be considered and used in the following order:

• Eliminate or reduce risks as far as possible by inherently safe machine design.
• Take the necessary protection measures in relation to risks that cannot be eliminated.
• Inform users of the residual risks due to the shortcomings of the protection measures adopted, indicate whether any particular training is required and specify the need to provide personal protection equipment.
• If the machine is still at the design stage it may be possible to eliminate the hazard by a change of approach.

If design methods cannot provide the answer other action needs to be taken.

The hierarchy of measures to be considered include:

• Fixed enclosing guards.
• Movable (interlocked) guards or protection devices e.g. light curtains, presence sensing mats, etc.
• Protection appliances (jigs, holders, push sticks etc). - Used to feed a workpiece while keeping the operators body clear of the danger zone. These are often used in conjunction with guards.
• Provision of information, instruction, training and supervision.  It is important that operators have the necessary training in the safe working methods for a machine. This does not mean that measures (a), (b) or (c) can be omitted. It is not acceptable merely to tell an operator that he must not go near dangerous parts (as an alternative to guarding them).

Personal Protection Equipment
In addition to the above measures it may also be necessary for the operator to use equipment such as special gloves, goggles, respirators etc. The machinery designer should specify what sort of equipment is required. The use of personal protective equipment is usually not the primary safeguarding method but complements the measures shown above.

Each measure from the hierarchy should be considered in turn starting from the top and used where practical. This may result in a combination of measures being used.

If access is not required to dangerous parts the solution is to protect them by some type of fixed enclosing guarding.

If access is required then life becomes a little more difficult. It is necessary to ensure that access can only be gained while the machine is safe. Protective measures such as interlocked guard doors and/or trip systems will be required. The choice of protective device or system should be heavily influenced by the operating characteristics of the machine. This is extremely important as a system which impairs machine efficiency is likely to be removed or bypassed.

The safety of the machine in this case will depend on the proper application and correct operation of the protective system even under fault conditions. Once the proper application has been dealt with by the appropriate choice of general type of protective system the correct operation of the system must now be considered.

In an ideal world every protective system would be perfect with absolutely no possibility of failing to a dangerous condition. In the real world however we are constrained by the limits of knowledge and materials. Another constraint is, of course, cost. Because of these factors, a sense of proportion is required. Common sense says that it is ridiculous to insist that the integrity of a safety system on a  machine that may cause mild bruising to be the same as that required to keep a jumbo jet in the air. The consequences of failure are drastically different and therefore we need to have some way of relating the extent of the protective measures to the level of risk obtained at the risk estimation stage.

Whichever type of protective device is chosen, it must be remembered that a 'safety related system' may comprise many elements including the  protective device, wiring, power switching device and sometimes parts of the machine’s operational control system. All these system elements should have suitable performance characteristics relevant to their design principle and technology. Standard EN 954-1 outlines various categories for safety related parts of control systems.

One of the most common errors is the belief that a high risk level always equates directly to a high category level. This is not necessarily always the case.

The table shown above is suggested as part of a documented process to account for all safety aspects of the machine being used. It acts as a guide for machine users but the same principle can be used by machine manufacturers or suppliers. It can be used to confirm that all equipment has been considered and it will act as an index to more detailed reports on risk assessment etc.

It shows that where a machine carries the CE mark it simplifies the process as the machine hazards have already been considered by the manufacturer and the necessary measures have been taken. Even with CE marked equipment there may still be hazards due to the nature of its application or material being processed which the manufacturer did not foresee.