Posted on

Understanding Machine Safety: The Power of Risk Assessments

My last blog post was about machine safety with a focus on the different categories and performance levels of machine safety circuits. But I just briefly touched on how to determine these levels. By default, we could design all equipment with the highest-level category and performance levels of safety with an abundance of caution, but this approach could be extremely expensive and not the most efficient.

Enter the important concept of risk assessments which enable us to identify, evaluate, and prioritize potential hazards and risks associated with specific activities, processes, or systems. Whether it’s in the domain of occupational health and safety, environmental health, or product safety, risk assessments can guide us toward ensuring the safety of those who may interact with these hazards. This process involves the following well-defined series of steps, including hazard identification, risk analysis, risk evaluation, and risk control.

Hazard identification

Hazard identification involves identifying potential hazards and risks associated with the activity, process, or system you’re assessing. This can be done using a variety of methods, such as observing the process, reviewing relevant documentation, or consulting with experts.

Looking at Figure 1, what are the hazards? They are pinch points from the robot, crush points from the robot, and shock or burn from the end effector. Another potential hazard that cannot be determined by the picture is the speed at which the pallet is traveling. Identifying the hazards is an important step because you cannot mitigate a risk without properly identifying it first.

Risk analysis

Analyzing the likelihood and severity of the identified hazards and risks is key to risk analysis. Various methods, including the use of historical data, simulations, or mathematical models can facilitate this.

Risk evaluation

Risk evaluation involves assessing the significance of the identified hazards and risks by considering their exposure, severity of injury, and the likelihood of avoiding that hazard. In this example, the robot could potentially crush you, making it a high severity. When the robot operates at full speed, the likelihood of avoiding it is low. In the case of an automated cell, exposure may be infrequent, but maintenance on the robots will still be necessary.

Risk control

Risk control encompasses the identification and implementation of measures to prevent or mitigate the identified hazards and risks. This can include redesigning the process, implementing safety controls, or providing training to employees.

Again, the category and performance levels of safety controls required are based on the defined risks.

In our robot example above, the first control we would implement is an enclosure around the robot to prevent people from getting close to the hazard. We cannot have an enclosure without some method for entering the enclosure, so we will add a door to the enclosure. It’s the door’s interaction with the cell that must have the appropriate category and performance level based on our evaluation. When the door is open, we will limit the operation and speed of the robot. We can use a teach pendant with a “dead man” switch that requires the person inside the cell to hold it while operating the robot at a slower speed. This will decrease the likelihood of a hazard. Additionally, we would need to have a method for the pallet to enter in and out of the enclosure.

Risk assessments should be conducted with a group of qualified people which may include safety personnel, engineers, managers, and potentially end users familiar with the automation process. The risk assessment process is iterative in that it may need repeating if new hazards or risks are identified, or if changes are made to the activity, process, or system being assessed.

Have a safe day!

Click to read my previous blog post Focusing on Machine Safety.

Posted on

Focusing on Machine Safety

Machine safety refers to the measures taken to ensure the safety of operators, workers, and other individuals who may come into contact with or work in the vicinity of machinery. Safety categories and performance levels are two important concepts to evaluate and design safety systems for machines. A risk assessment is a process to identify, evaluate, and prioritize potential hazards and risks associated with a particular activity, process, or system. The goal of a risk assessment is to identify potential hazards and risks and to take steps to prevent or mitigate those risks. The hierarchy of controls can determine the best way to mitigate or eliminate risk. We can use this hierarchy, including elimination, substitution, engineering, and administrative controls, and personal protective equipment (PPE), to properly mitigate risk. Our focus here is on engineering controls and how they relate to categories and performance levels.

Performance level

The performance level (PL) of machine safety components is a measure of the reliability and effectiveness of safety systems. Defined as EN ISO 13849-1 standard by the International Organization for Standardization (ISO), it is based on the probability of a safety system failing to perform its intended function. Performance levels are designated by the letters “a” through “e” with PLa being the lowest level of safety and PLe being the highest. Assessing the safety function of the machinery and evaluating the likelihood of a dangerous failure occurring determines the performance level.

Four levels of protection

The categories of machine safety components refer to the four levels of protection required to ensure the safe operation of machinery, as defined by the ISO. Figure 1 below shows how the measured risk determines the performance level and category of circuit performance.

    • Category 1: The occurrence of a fault can lead to loss of the safety function. Single channel safety circuit.
    • Category 2: The occurrence of a fault can lead to loss of the safety function between checks. Single channel safety circuit with monitoring.
    • Category 3: When a single fault occurs, the safety function is always performed. Some faults, but not all, can be detected, but the accumulation of those undetected faults can lead to the loss of the safety function. This category can be implemented using control reliable devices in a dual channel redundant safety circuit that includes monitoring.
    • Category 4: When a fault occurs, the safety function is always performed. Faults will be detected in time to prevent a loss of the safety function and is implemented using control reliable devices in a dual channel redundant safety circuit that includes monitoring.

Using control reliable devices is crucial in Category 3 and 4 safety circuits. One example of a control reliable device is a safety relay that mechanically interlocks the control contacts to the auxiliary contacts. Being mechanically interlocked means when the relay changes states the auxiliary contact will also changes states. Another example of a control reliable device is a safety PLC. A standard PLC is not rated to control safety functions because it is not control reliable and a malfunction could lead to the loss of a safety function.

 

The selection of the appropriate category and performance level for devices used to mitigate a risk in a machine is crucial for ensuring the safety of operators and other individuals. While it is important to note that the purpose of this blog is to provide information, it is not enough to qualify individuals to design or test safety systems. In summary, the category of machine safety defines the level of protection required for safe operation, while the performance level measures the reliability and effectiveness of safety systems.

Now let us go automate with a focus on safety!