With the increased demand on our industrial workforce, many facilities are expanding the “do more with less” approach when it comes to machine safety. Today, Engineering, Health and Safety (EHS) and similar professionals are more likely to have their responsibilities expanded beyond programs such as Lockout/Tagout (LOTO) and Confined Space. They now include knowledge of, design and testing of functional safety devices such as light curtains, area scanners and guard gates that historically were the responsibility of the plant engineer or equipment manufacturer. Although these alternative protective measures (APM) can complement LOTO when removal of hazardous energy is required for interaction with the machine, there is still a great amount of confusion on the application of each. When we use LOTO and when do we use APM’s?
The regulation allows for alternative methodologies to be used so long as they are “as effective as lockout/tagout” for the particular task. And that’s where many companies run into problems. Quite often we see cases of companies using the exception clause to allow the employee to “create their own” path to safety if lockout/tagout is impractical. The exception was not written to allow for any increased risk to employees, so when it’s being used, there should be the same chance for injury as if lockout/tagout was used for that particular task. Following the five steps of the Machine Safety Lifecycle outlined below will help you mitigate risk associated with that task and document the process.
The risk assessment process serves as an effective tool for properly identifying and assessing the real hazards that are involved in operating a particular machine. It provides a method for determining equivalent levels of protection when designing safeguards and stating OSHA’s minor service exception. The process takes away the guesswork when estimating risk and prescribing safety system performance. The risk assessment is an active, documented process that can be filed and maintained for the entire life of the machine and serves as documented proof of “due diligence”. The risk assessment establishes the foundation and early framework for the design and implementation of an effective machine safety program.
Safety Functional Requirements Specification (SFRS)
The purpose for developing the safety functional requirements specification (SFRS) is to review the initial risk reduction recommendations from the risk assessment and confirm the ability to implement them as recommended. The specification contains existing and proposed safety functions and will serve as a basis for both the safety system design and the validation plan.
Design & Verification
Safety system design includes all aspects of the safety system, including guarding (fixed, perimeter, interlocked, etc.) and safety controls (emergency stops, light curtains, etc.) as defined in the SFRS. Documentation should include safety controls Bill-of-Materials, drawings for safety control panel layout, wiring diagrams, hardware interface diagrams, and any safety or HMI software (application code) development. Once the initial design is complete, the safety system should be verified and documented to demonstrate compliance to the safety circuit architecture and circuit performance requirements specified in the risk assessment.
Installation & Validation
After the safety system is designed and verified, installation of the approved safety control hardware and guarding will occur, however, the project is still not complete. Validation will demonstrate the designed system is correctly installed and functioning in accordance with the SFRS. The validation plan is a step-by-step documented process testing normal and abnormal operation of the safety system.
Maintain & Improve
Utilizing the machine safety lifecycle’s iterative approach, changes to the equipment, process, and interaction with the machine are identified and any new risk to the employee is mitigated appropriately.
Complimentary Paths to Safety
Effective safety programs can reduce risk to employees performing a variety of tasks. For tasks requiring complete de-energization of a machine, companies benefit from having a robust lockout/tagout program. Risk reduction to an acceptable level may still be achieved for routine, repetitive, and integral tasks when the machine remains energized by following a set of good engineering principles as outlined in the machine safety lifecycle.
About the Authors
Troy Hoffman is a Business Development Lead for Safety Services at Rockwell Automation. He has over 20 years engineering experience covering both automotive and FDA regulated industries. He is currently fluent in ANSI, OSHA, EN, IEC, ISO and NFPA. His experience in machine safety includes the entire machine safety lifecycle. Troy is a certified TÜV Rheinland FSEng and holds a BSEET from Purdue University.
Nuala Mullan is a Business Development Lead for Safety Services at Rockwell Automation. She has over 10 years of experience helping customers deploy safety programs at their facilities across several industries. She has a BSAE from the University of Illinois at Urbana-Champaign.