Key Ingredients for an Effective Functional Safety Program

April 9, 2010
New standards continue to drive performance.
Keeping up with changing safety standards is nothing new for machine builders, but the recent changes to the European Commission’s Machinery Directive, which took effect on December 29, 2009, will reshape how designers approach machine safety projects. As a result of these changing functional safety standards, designers will need to assess the reliability of the safety components by adding a quantitative calculation to the design. While this means more steps and procedures, it also offers benefits: the new standards result in a more methodical approach that can lead to machinery with more predictable performance, greater reliability and availability, and improved return on investment.

The machinery directive requires machine builders and integrators to conform to the requirements of either EN ISO 13849-1 or EN/IEC 62061.

-  EN ISO 13849-1 (“Safety of Machinery, Safety-Related Parts of Control Systems”) specifies system reliability in one of five performance levels. These levels are used primarily for low complexity devices and circuits.

-  EN/IEC 62061 (“Safety of Machinery—Functional Safety of Safety-Related Electrical, Electronic and Programmable Electronic Control Systems”) defines the integrity of the safety function in terms of safety integrity levels (SIL). These are used primarily on more complex devices and circuits.

Both methodologies use quantitative calculations to define the performance and integrity of the safety functions, based on safety data typically supplied by the component manufacturers.

This performance-based approach makes it easier for designers to quantify and justify the value of safety. With the ability to quantify circuit reliability through specific performance and system integrity calculations, the designer can show the value in terms of actual risk reduction and thereby more easily justify safety expenditures.

In addition, both standards are based on the determination of the risk levels with the identified hazards of the machine and its functions. A documented risk assessment of the machine must be the basis of any safety circuit or safety functions to clearly define the level of performance or integrity of that safety function.
    
{MOSIMAGE}Getting Started
Widely regarded as the best place to start, a thorough risk assessment will identify the areas of risk within a plant and help chart the course for an effective machine-guarding strategy. Risk assessments also help companies establish acceptable levels of risk for their operations, which in turn helps determine what safety products they need to protect their investment in both personnel and machinery.

Follow-up assessments are important to conduct to verify that the risk level has been reduced to an acceptable level. Likewise, periodic follow-up assessments of safety methods and practices—safety audits—are critical to confirm that specific programs are being followed and remain effective. Essentially, a safety audit is a comparison of an existing condition to a desired condition. Health and safety standards set the minimal requirements for the desired condition. Numerous standards exist, but not all are applicable to every machine. This makes the auditing process challenging.

The objectives of the audit program and the amount of information available determines the depth of the audit. Typically, safety system audits verify that it is designed and installed to perform to some level of reliability and to meet functional performance requirements, as defined by consensus standards and the hazard control concepts selected from the results of the risk assessment.

Conducting Safety Audits
A comprehensive audit evaluation of the safety system includes the evaluation of the safeguarding devices and the safety control logic. The audit process starts with gathering information. During the walkthrough, the auditor needs a reference for comparison, such as:
-  Does a documented procedure exist for the machine?
-  Does the procedure identify the following:
-  The warning symbols and signs
-  The operating tasks
-  The procedure for clearing jams
-  The cleaning tasks
-  The maintenance tasks
-  The tasks requiring lockout/tagout
-  The lockout/tagout process
-  Does a risk assessment document exist and does it identify the following:
-  The modes of operation
-  The Task/Hazard Field Log
-  Selected safeguarding techniques for each hazard
-  Circuit performance requirements for each safeguard

If procedures exist, then the auditor can become familiar with the steps and attempt to follow them during the machine walkthrough. The documented risk assessment provides valuable information. It identifies the hazards of the machine as well as the applied safeguards and safety circuit architecture.
       
For many older machines, the operating procedures may be missing or out of date, or risk assessments may not have been performed at all. In these cases, the operating procedures are verbally communicated. This leaves operators with a lot of room for improvising; they will tend to streamline the process, but not necessarily follow the requirements for safer machine operation.
       
Wearing the appropriate personal protective equipment, the safety auditor begins a machine walk-through. By asking open-ended questions, the auditor encourages the machine operator to explain how the tasks are performed, not necessarily how they should be performed. During the walk-through, the auditor must do two things: 1) observe the ways in which the operator is protected during the tasks, and 2) ask questions regarding what could go wrong during the machine cycle.
       
One of the most challenging aspects of a machine safety audit is to understand the intricacies of the control system. This is where the risk assessment (conducted prior to the audit) serves as a vital tool by helping identify potential hazards and defining specific safety functional requirements.
       
To effectively audit the control system, the auditor must be able to look at the risk assessment and answer core questions, such as:
-    Are the safety functions clearly defined and understood?
-    What energy sources are associated with the hazard?
-    What mode of operation is the machine in when the employee is exposed to the hazard?
-    What risk reduction techniques were implemented to control the hazard?
-    What safety circuit architecture was used for the safeguard?

Follow-up assessments are important to verify that the risk level has been reduced to an acceptable level. Likewise, periodic follow-up assessments of safety methods and practices are critical to confirm that specific programs are being followed and remain effective. (A knowledgeable and experienced auditor can provide a unique and valuable service by helping end users and machine designers stay abreast of the latest changes in standards.)
   
When embarking on a safety program design or review, teaming up with an experienced partner is highly valuable. Make sure your provider has the ability to supply products, as well as assist in device selection and new machine safeguarding specifications development to meet certification and compliance demands.
       
A well-prepared and well-executed safety audit program can make a substantial difference in helping companies prevent accidents and injuries. In fact, most organizations with successful safety records have a well-organized safety audit program.
 

Sponsored Recommendations

C2-08DR-4VC

CLICK PLUS discrete/analog combo module, Analog Input: 2-channel, current/voltage, Analog Output: 2-channel, current/voltage, Discrete Input: 4-point, sinking/sourcing, Discrete...

MSD-SLC16G

CLICK industrial memory card, 16GB microSD. For use with all products with microSD memory card slot.

C0-12DRE-D

CLICK Ethernet Analog PLC, 24 VDC required, Ethernet and serial ports, Discrete Input: 4-point, DC, Analog Input: 2-channel, current/voltage, Discrete Output: 4-point, relay, ...

C2-FILL

CLICK PLUS option slot cover.