SF05 - Introduction to Machine Risk Assessment and Functional Specification Development

Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.

PUBLIC INFORMATION

Rockwell Automation TechED 2015 @ROKTechED #ROKTechED

Introduction to Machine Risk Assessment and Functional Specification Development

Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.Rockwell Automation TechED 2015 @ROKTechED #ROKTechED

Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.Rockwell Automation TechED 2015 @ROKTechED #ROKTechED 3

The Machine Safety Lifecycle

STEP 5MAINTAIN & IMPROVE SAFETY SYSTEM

STEP 1RISK OR HAZARD ASSESSMENT

STEP 4SAFETY SYSTEM INSTALLATION &VALIDATION STEP 3

SAFETY SYSTEM DESIGN & VERIFICATION

STEP 2SAFETY SYSTEMFUNCTIONALREQUIREMENTS

Safety Life

Cycle


ISO 12100

What is a Risk Assessment?

ANSI B11.0


Scalable Assessment Approach

Conformity & Use of Work Audits Hazard / Guarding Assessments Safety Assessments Team-Based Risk Assessments

Multiple Machines / Plant Wide

Assessment

Simple Machines Semi-complex Machines Complex Machines

Start with checklist –type analysis for large

numbers of machines

Identifies guarding/ hazards for immediate

plant actions

Most common – provides report & remediation

recommendations

In-depth analysis required for critical or special

machines

• Categorize & prioritize machines

• Conformity audits that analyze guarding,

LOTO, e-stops and circuit review and

provides a list of complying & non-

complying machines to be assessed

Provides a rapid approach to identifying

point-of-operation and power transmission

hazards and identifying appropriate and

effective safeguarding measures for

reducing risk and exposure

Report Identifying

Hazard exposure

Estimated risk parameters and risk

reduction

Category / Performance level per

standards

Potential safeguard or risk mitigation

solution

• Assessment led by RA Consultant, limited customer

involvement. Typically operations / maintenance

• Report per standard

Identification of primary hazards/tasks

List non-compliance issues

Risk In / Risk Out Rating

Mitigation Guarding and Controls

recommendations

Prioritized recommendations for safety

improvements

Photograph of critical identified hazards (based on

customer approval)

• Team-based assessment led by RA, team typically

consists of operations, maintenance, engineering,

technicians, set up personnel, etc. Report per

standards

Identification of primary hazards/tasks

List non-compliance issues

Risk In / Risk Out Rating

Mitigation Guarding and Controls

recommendations

Prioritized recommendations for safety

improvements

Photograph of critical identified hazards (based

on customer approval)

• Mitigation Drawing

• Consult for all machine life phases – start up,

normal / abnormal operation, set up, maintenance,

product changeover, ergonomic review, etc.


Why perform risk assessments?

6

A. I have to?

B. Decide where I should spend my time and money

C. Understand when I am “Done”

D. Prove I did my best if something ever happens

E. Helps me through the rest of the lifecycle

F. ALL OF THE ABOVE!


Definitions

Safety is…. Freedom from unacceptable Risk

Risk is… a combination of Severity and Probability

Acceptable Risk is… Up to you!


Measuring Risk

Risk is the combination of the Severity of harm, and the probability of occurrence of that

harm (Frequency of exposure + Avoidability).

How severe would the injury be if the alligator bit the handler?

+What is the probability that alligator will bite and

the handler will sustain this injury?

Probability factors might be:How frequently does the handler perform this

trick?+

If the alligator decides to bite, is the handler able to avoid or limit the harm from the bite?


Defined Risk Scale

If we can then define risk in terms of parameters that can be easily selected and summed together, then we will have a simple method for estimating risk relative to machine hazards.

Risk assessment methodologies provided in machine standards provide this method through risk graphs and matrices, as we will see later.

Risk = Severity of Harm + Probability of Occurrence of Harm

Negligible

Low

Medium

High

Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.Rockwell Automation TechED 2015 @ROKTechED #ROKTechEDCopyright © 2010 Rockwell Automation, Inc. All rights reserved. 10

Acceptable risk may differ from organization to organization, and therefore this value is not purely defined in any standard or methodology. The important thing is that your organization (and the risk assessment team) determine this threshold prior to starting the risk assessment.

Since safety is freedom from unacceptable risk, we will need to establish a value on our range that determines a threshold between acceptable, and unacceptable. Various standards will provide guidance on how to determine when acceptable risk has been achieved.

Negligible

Low

Medium

High

Acceptable

Risk

Acceptable Risk


EXAMPLES:

RISK RATING

CRITERIA

Risk Assessment - How Standards Help


Risk Evaluation

Risk Reduction

Risk

Reduction

Complete for

particular hazard

OK

Unacceptable

Risk Estimation

Next hazardHazard Identification

Define all known machine characteristics and limits

Fundamental Process


Why Characterize?


Fundamental Process

Risk Evaluation

Risk Reduction

Risk

Reduction

Complete for

particular hazard

OK

Unacceptable

Risk Estimation




Hazard Identification

Should I consider current safeguards that may be in place?

NO! All risks must be identified and estimated

Helps us understand if the existing safeguard is good enough

How do I find hazards on a machine? What should I look for?

Follow the PEOPLE as they work on the machine

Allows each step to be assessed more thoroughly for exposure to

hazards.

Provides a flow and outline for the risk assessment process


Example

16


Example

17

Tasks – What did you see?

What was the operator doing?

What were the steps the operator had to go through to accomplish the task?

Unseen tasks… What if everything didn’t go perfectly?

Break tasks into manageable chunks

Did you observe normal operation? Maintenance tasks? Other?

Let’s look at normal operation, loading raw materials


Example - Hazard Identification

What hazard(s) does the operator encounter while loading raw materials?

What is the potential hazard?

Event or failure that leads to exposure?

Hazardous energy sources?

What if…



Unexpected start of press while loading raw materials…

What is the potential hazard?

Event or failure that leads to exposure?

Hazardous energy sources?



Task: Normal Operation

Step: Load raw materials into fixture

Affected personnel: Operators

Hazard: Cut / sever due to unexpected start

Hazardous energy source: “Fixture Motor”, 2HP, 480VAC


Fundamental Process

Risk Evaluation

Risk Reduction

Risk

Reduction

Complete for

particular hazard

OK

Unacceptable

Risk Estimation




Risk Graphs/Matrix/Chart

Depending on our objectives, we can use various other methods. We should consider that one objective is to define our safety performance, and that our process must provide a method for doing so…..


Risk Estimation - RIA TR R15.306-2014

Two fundamental questions:

If something happens, how bad will it be?

(Severity)

What are the chances it will happen?

(Probability)

What is the Injury Severity?

What is the Frequency of Exposure?

What is the Likelihood of Avoidance?


Example – Risk Estimation

Three simple questions, right?

Minor, Moderate, or Serious?

Low or High?

Likely, Unlikely, or Not Possible to avoid?

What is low?

What is high?

What is minor?

What is moderate?

What is serious?

What does “possible

to avoid” mean?














Pallet Nailing – Risk Estimation












Fundamental Process

Risk Evaluation

Risk Reduction

Risk

Reduction

Complete for

particular hazard

OK

Unacceptable

Risk Estimation




Example – Risk Evaluation





Is “Very High”

Acceptable?


Fundamental Process

Risk Evaluation

Risk Reduction

Risk

Reduction

Complete for

particular hazard

OK

Unacceptable

Risk Estimation




Example– Risk Reduction

Our risk measurement correlates with a Performance Level e circuit, so our

next step is to implement a PLe circuit, right????

Adapted from ANSI B11.0 Table D-4

WRONG!(but this is a good thing!)


What will we do?

Design it out

Fixed enclosing guard

Monitoring Access /

Interlocked Gates

Awareness Means,

Training and Procedures

(Administrative)

Personal protective

equipment

Most Effective

Least Effective

Hierarchy of Protective Measures


What will we do?

Design it out

Automate?

What Else?


What will we do?


Monitoring Access /

Interlocked Gates

Fixed Guard?

Interlocking Guard?


What will we do?


Monitoring Access /

Interlocked Gates

Light Curtain?

Scanner / Mat?


What will we do?

Awareness Means,

Training and Procedures

(Administrative)

Personal protective

equipment


Fundamental Process

Risk Evaluation

Risk Reduction

Risk

Reduction

Complete for

particular hazard

OK

Unacceptable

Risk Estimation

The process of risk reduction may have to be implemented several times before the risk is mitigated to an acceptable value


Risk Assessment Documentation

Risk assessment documentation should contain the following information:

Information relevant for the machinery being assessed (machine limits, specs)

Any relevant operational or design assumptions (loads, strengths, safety factors)

Identified hazard scenarios

The information on which the risk assessment was based;

• The data used and the sources (accident histories, experience through safeguarding similar machinery, etc.)

• The uncertainty associated with the data used and its impact on the risk assessment.

• Photos, video, and other supporting data.

Risk reduction measures assessed and applied in the determination of risk reduction

Residual risks associated with the machinery


STEP 5MAINTAIN & IMPROVE SAFETY SYSTEM

STEP 1RISK OR HAZARD ASSESSMENT

STEP 4SAFETY SYSTEM INSTALLATION &VALIDATION STEP 3

SAFETY SYSTEM DESIGN & VERIFICATION

STEP 2SAFETY SYSTEMFUNCTIONALREQUIREMENTS

Safety Life

Cycle

Next – Functional Specification


Safeguarding Concept

41

Application requirements:

Single zone with simple control scheme

Allow free operator access

Category 4 / PLe required

Leave existing motor / drive combo in place

Our conceptual design is an optical device that stops the press cycle – a

Safety Function


Next Step – Safety Function

42

A safety function is a control function that affects safety

Behaves like any other control function, but with higher integrity

Like any control function, has Input, Logic, Output subsystems

“High integrity” implies certain things aside from “safety rated”

Source of hazardous energy directly controlled (not just enable signal)

Circuit performance maintained through I, L, O subsystems

I L O

42


Specifying Safety Functions

43

What is the triggering event?

What is the reaction?

What is the safe state?

What is the behaviour of the system in the presence of faults?

How does normal operation resume?

Standards to meet? Required circuit performance? Other considerations?

Interruption of the sensing field

Contactors (name? size?) opened, energy to motor (name?) removed

Electrical energy removed, motor at rest

Faults (which ones?) detected before / on demand, energy removed

On reset, contactors close / energy restored, motion does not resume

Shall meet requirements of ISO 13849-1 PLe, ISO 13855 Safe distance, etc…



In all modes of operation, interruption of the configured sensing zone of the Press Light Curtain (LC_01) is sensed by the Press Safety Relay (MSR_01) and stops and prevents hazardous motion by opening Motor Contactors 1 and 2 (K1, K2) removing power to the Fixture Motor. The motor coasts to a stop (Stop Category 0). When the light curtain is reset, hazardous motion and power to the motor do not resume until a secondary action occurs—the Start button depressed. A fault at the light curtain is detected before the next safety demand.. The safe distance from the location of the light curtain to the hazard must be established, per EN ISO 13855, such that hazardous motion must be stopped before the user can reach the hazard. The safety function shall be designed and installed to meet the requirements of PLe, Cat. 4 per EN ISO 13849-1.




Specifying Safety Function

46

Safety Functions can be generalized for reuse

Two different interlocking guards on two different machines operate in

a similar fashion

Basis for many corporate standards

Some Common Safety Functions include:

E-stop

Light Curtains – muting

Light Curtains – non muting

Two hand control

Enabling Switch

Safety Camera

Area Scanner (Single & Multi)

Pull-cord

Hinge switch interlock

Non contact interlock

Guard-locking

Tongue switch interlock

Safe Speed Control

Safe Stop


Rockwell Safety Functions Library

47

http://machinesafetysolutions.com


Specifying Safety Function

48

Generalized Functional Specification


Summary: Risk Assessment

A good Risk Assessment

Takes a comprehensive view of the machine, including The machine operating parameters and limits

Task / Hazard identification

Risk Estimation

Risk evaluation / risk reduction measures

Establishes the required safety performance for machine safeguards

Generates OPTIONS for safeguarding

Provides documentation of your due diligence

…Is the foundation for ALL Machine Safety Decisions


Summary: Specifying Safety Functions

Safety Functions

Are similar to other control functions, performed with higher integrity

Are developed with the results of the assessment in mind

Human interaction with machine

Ensure person is able to do their job

Careful not to give incentive to defeat safeguards

Can be generalized and applied to many machines

Safety Functions are ALWAYS specified, just not always in writing!

www.rockwellautomationteched.com

Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.

PUBLIC INFORMATION

Rockwell Automation TechED 2015 @ROKTechED #ROKTechED

Technology

SF05 - Introduction to Machine Risk Assessment and Functional Specification Development