Adapting to the New Machine Safety Standard

Following the adoption of a new machine safety standard last year, OEMs and end users have had to adapt to a changing machine safety landscape. Are your people and processes up to date with the new requirements?

Standards can sometimes create as much confusion as bring clarity. After all, industry circumstances are constantly changing and new technologies are always being introduced. As a result, the current form of standard is never quite the last word on the topic.

When it comes to critical operations factors such as safety, the issue of standards gets even more complex because peoples lives and health are at stake. In essence, safety standards are the most important kind of standard.

Beyond the general OSHA safety rules that all businesses must adhere to, it is machine safety that is of paramount concern to the manufacturing industries. To help better address the issue of machine safety, ISO 13849-1 was implemented last year—and that’s meant a lot changes for both machine manufacturers and end users.

>> OSHA Basics for End Users: Click here for an overview of the Occupational Safety and Health Administration.

A big reason for the introduction of this new standard is that safety experts have argued that earlier standards did not allow “for a consistent approach to applying machine safety and, in many cases, judgment calls were made to determine what was an allowable risk level,” says Tony Rigoni, Northern California sales manager and safety expert for Beckhoff Automation. “The intent of ISO 13849-1 is to make the process of risk reduction more qualitative by using scientific calculations to determine acceptable machine safety performance levels.”

For U.S.-based OEMs, the primary safety concern centers on product liability. As a result, machine builders only need to state that their machine’s safety functions operate the way they claim to operate, says Jeff Winter, product marketing manager, safety, for Omron Automation and Safety. “They can’t guarantee someone won’t get hurt, but they do guarantee that the equipment is constructed to be compliant with industry standards.”

Winter explains that ensuring machine safety usually happens with either the machine builder or their customer specifying the functional details of the safety system in their terms and conditions. “Once both parties agree, it’s up to the machine builder to ensure their machine does in fact meet those requirements,” he says. “The requirements could reference industry standards, such as ISO 13849-1 or ANSI B11.19, but they also could reference a customer’s proprietary internal safety standard.”

If this process doesn’t occur, however, and someone gets hurt on a machine, the end user will have to explain to OSHA how the machine was guarded and why it was considered safe. Meanwhile, the machine builder will likely be the defendant in a lawsuit.

Though machine safety in the U.S. is ultimately the end user’s responsibility (thus the reason for all the OSHA rules), the analytic nature of the new standard is leading OEMs and end users to work more closely together.  The build up to the introduction of this new standard, as well as general shifts in industry on a global basis, are major reasons why it is becoming more common for end users to request that the machines they order be delivered as turnkey solutions.

“End users are increasingly asking OEMs to help with risk reductions and performance calculations,” says Rigoni. “Because of this evolving demand, we are starting to see a slow shift in the industry where the U.S. is becoming more like Europe in that OEMs are increasingly responsible for machine safety.” 

Making It Safe
Since end users are ultimately responsible for machine safety, the obvious question is: What do manufacturers have to do to ensure the machines they use are safe to operate?

“Since it’s not possible to implement a ‘zero-risk guarantee’ where nothing can happen under any circumstance,” says Ming Ng with the Factory Automation group of Siemens Industry Automation, “the residual risk is defined as: Risk that remains after the protective measures have been implemented.”

In a white paper entitled “Concepts in Networked Machine Safety”, Ng writes: In order to achieve the functional safety of a machine or plant, the safety-relevant parts of the protective and control systems must function correctly and must respond in the event of a fault in such a way that the system remains in a safe state or is brought into a safe state. To achieve this, specifically qualified technology is required, which fulfills the requirements described in the relevant standards (see standards sidebar). The requirements to achieve functional safety are based on the following basic goals:

• Avoiding systematic faults;
• Controlling systematic faults; and
• Controlling random faults or failures.

For a machine to be considered safe, Ng notes that machine safety standards require a risk assessment to be performed on the machine. “Risk assessment is a sequence of steps that allow hazards, which are caused by machines, to be systematically investigated,” he says. “Where necessary, the risk assessment phase is followed by risk reduction. Using this process, hazards, as far as possible, can be eliminated and the appropriate protective measures applied.”

Once all the risks have been estimated, Ng says that risk evaluations then become “part of an iterative process to achieve safety. In this process, a decision has to be made whether it is necessary to reduce a risk. If a risk is to be further reduced, suitable protective measures must be selected and applied. The risk assessment should then be repeated.”

The new ISO 13849-1 standard defines how machine risk reduction can be achieved using safety-relevant control functions.

Qualifying a Risk Assessment
When it comes to establishing safety via controls, however, the U.K.-based Machinery Safety Alliance (MSA) cautions that many people mistakenly take the view that the risk graph depicted in ISO 13849-1 for safety-related parts of control systems, qualifies as a risk assessment. MSA contends that this graph does not constitute risk assessment. Rather, it is a device to help determine the level to which risk will be reduced by a control function, where a control function is deemed necessary.  

>> OEMS and the Export Model: Click here for information about the structure of European machine safety standards.

Before you even get to point of determining control function risk, however, MSA says there are other more fundamental steps to take.

Those steps involve starting with the standard “ISO 12100:2010 - Safety of Machinery — General Principles for Design. Risk Assessment and Risk Reduction.” 

According to MSA, this process includes:

• Statement of machine limits including technical specifications such as range of energy supply, speed of movement, operational frequency, and other limits related to environmental conditions. It is increasingly important to know these limits because a safety control system designed to meet these specifications may have its performance degraded due to wear directly related to operational frequency.
• Hazard identification — who could be hurt, how and when throughout all the relevant machinery lifecycle phases.
• Estimation of risk (quantification) and evaluation (if risk reduction is required).
• Hierarchical approach for risk reduction. The preference is to eliminate hazards so that there is no risk, for example removing trap/nip/crush/drawing-in points. Following this, for risks that remain intolerable, the next step is to introduce safeguards. It is only at this stage you would consider guarding; if this guarding requires interlocking, then the safety-related control system standards become relevant. It is at this stage that the required level of performance  (PLr) or SIL of a safety function must be determined through the use of either ISO 13849-1 or EN 62061. The PLr or SIL literally indicates the degree to which the safety function reduces the risk to an acceptable level. After safeguarding measures, the standard ISO 12100:2010 refers to complementary measures to further reduce the residual risks to an acceptable level through such measures as training, signage and warning equipment (such as beacons). It is arguable that E-stops fall into this area since they should not be used as substitutes for proper safeguarding.

Safe for now
Though the ink on this new safety standard is barely dry, the realities of manufacturing continue to change. With that in mind, what changes, if any, are on the horizon?

According to Omron’s Winter, even with the adoption of ISO 13849-1, nothing has really changed for end users in the United States in terms of regulations. “OSHA is still the enforcement agency regulating machine safeguarding. They have a set of finable offenses that have remained basically the same since OSHA was enacted into law in 1970. The main thing that has changed over the years is national and international consensus standards (such as ANSI, RIA, NFPA, ISO) which end users reference as ways to demonstrate compliance to OSHA.”

These consensus standards are always adapting to manufacturing realities, but are “not the law,” notes Winter, who adds that other factors continually influencing end user actions around safety come from litigation as well as insurance companies.

Given that scenario, the biggest change Winter sees happening in safety over the next few years is the addition of safe motion to international standards.

“The traditional way of safeguarding a machine is to create a ‘protective stop’ where the machine rests in a safe state. ISO 61800-1 outlines a list of capabilities that component manufacturers can create to allow for ‘safe movement’ of machinery,” he says. “Since this is a new view of how a safety system can function, it will change the way we approach safety of machinery.”

Read about Rockwell Automation's Safety Automation Builder software tool designed to help guide manufacturers through the safety system design process.

More in Control