I had an opportunity recently to attend a day-long session focused on various aspects of machine safety at the BMW manufacturing location in Greer, S.C. (the manufacturing site for BMW’s X3 and X6 models). The session was hosted by Cimtec (a supplier of automation products and engineering services) and Sick (a supplier of sensors, safety systems, vision systems, auto ID systems, and encoders).
The presenter, Joe Gelzhiser of Sick, pointed out that because OSHA does not mandate specific machine safety requirements, accepted industry standards, such as ANSI B11.2010 and ISO 13849-1, can be the best line of offense to ensure safe machine operation, as well as defense in legal cases where accidents have occurred. These standards provide critical levels of details, considering that OSHA’s General Duty Clause states only that: Each employer shall furnish ... a place of employment which are free from recognized hazards that are causing or are likely to cause death or serious physical harm to his employees. And that each employer shall comply with occupational safety and health standards promulgated under this act.
Gelzhiser stressed that the points presented during the session were by no means a complete, step-by-step guide to machine safety implementation, but did address the six main areas of machine safety. Those six areas are:
1. Risk Assessment. “Documentation is the key,” said Gelzhiser, “for both OEMs and end users.” The risk assessment process involves defining the limits of the machine, identifying all tasks associated with the machine, identifying all hazards associated with those tasks and the machine, and estimating and evaluating the risks.
In Europe, the Machinery Directive requires suppliers to provide a risk-assessed safe machine, Gelzhiser said. But this is not the case in U.S., where the user is responsible for the safe use of machine. That’s why Gelzhiser notes that OEMs and end users should collaborate on the risk assessment process as noted in ANSI B11.2010 to “attain the goal of acceptable risk through the risk assessment process.”
But the risk assessment process does not end here. The next step is risk mitigation based on the findings from the risk assessment process (see risk assessment graphic). Like most machine safety guidelines, the risk mitigation process is not exactly crystal clear. After all, there can be a lot of gray area determining the difference between “serious” and “slight”, “frequent” and “infrequent”, and “likely” and “not likely”. Gelzhiser noted that it is imperative to “document how you make these determinations, and always strive to eliminate the hazard first and foremost.”
The goal of the risk assessment is to come out of the process “with an understanding of the potential severity of harm and the probability of the occurrence of harm,” said Gelzhiser. “Your choice of a specific method or tool is less important than the process itself. The benefit of the risk assessment comes from the discipline of the process more than the precision of the results. And all of it underscores the importance of documentation.”
2. Safe Design. It can be easier to ensure the safety of a machine or work cell’s design than it is to safeguard a machine through its control system, said Gelzhiser. To illustrate his point, Gelzhiser noted numerous safe design approaches that are quite simple to apply, such as limiting access points to entanglement areas to no more than 6 mm to eliminate pinch points; protecting against electromagnetic currents through use of proper grounding; and using Lock-Out/Tag-Outs and e-stops. Gelzhiser stressed that it is important to realize that devices such as e-stops are not safety devices, but rather a last line of defense against injury.
3. Engineering Controls — Implementation of the Safety Function. The most important thing to realize, Gelzhiser noted, is that there is no such thing as “zero risk.” Therefore it is up to the OEM and end user to determine the “acceptable level of risk”, which serves as a critical step in the seven-step process safety function implementation in engineering controls. Those seven steps involve:
• Defining the safety function (e.g., preventing access permanently or temporarily, preventing starts, differentiating between people and materials);
• Determining the necessary safety performance level (described in ISO 13849-1);
• Designing the safety function (i.e., determining if selection of input, logic and output technologies provide enough safety and if the technologies selected could pose additional risks);
• Selection and dimensioning of the protective devices — this ranges from device selection based on safeguarding to be accomplished to calculation of safety distances;
• Integration in the control system — here the term “control system” comprises the input, logic unit, power control and actuator;
• Verifying the safety function — this includes verifying both mechanical and functional safety through analysis and testing; and
• Validating all safety functions — this is the final evaluation as to whether the solutions implemented can achieve the necessary risk reduction.
Key to determining the safety performance levels noted above, and which underlies all the definitions and designs created for the process safety function implementation, are five steps outlined in ISO 13849-1. These steps are: category of the safety system; reliability of the components used; ability to detect failures; resistance to multiple common cause failures in multiple channel control systems; and additional measure to avoid design faults.
4. Administrative Measures. Though this is considered the least effective way to minimize risks, the posting of signs and/or warnings are good supplements to safe design and engineering controls. However, signs and warnings should never be viewed as adequate replacements for safe design and engineering controls. Beyond signs and warning lights or horns, other administrative measures include safe work procedures, Lock-Out/Tag-Out procedures, and personal protective equipment.
5. Overall Validation. Essentially, this process is a verification that you “did what you said you were going to do with regard to mitigating risk,” Gelzhiser said. This step includes reviewing things like: have all operating conditions in all phases of the life of the machine been take into consideration? Have the hazards been eliminated or the risks associated with the hazards reduced as far as practically feasible? Have the consequences that could result from the use of the machine been adequately taken into account?
6. Operating the machine. Since, in the U.S., end users are ultimately responsible for machine safety, it is critical during the procurement process to: clarify in advance the scope of the supplier safeguarding implementation provided; define contractually which additional documentation is to be supplied (e.g., a risk assessment); and define which consensus standards apply and how they will be documented. Thorough and repeated training is also key here as it is not uncommon for protective devices to be tampered with to enable workers to do a job without the hindrance of a safety device. It also not uncommon for protective devices to be positioned improperly or improperly integrated into the control system. To avoid liability, it is critical that all users operate and maintain the machine within the established operating limits.
Sick offers a thorough guide that delineates in far greater detail the six steps to machine safety outlined here. Access the guidebook here.
