Seb Strutt and Iain Smith of SICK (UK), offer advice on how to take the right initial steps to ensure compliance with the range of today’s machine safety standards – The machine safety industry is currently undergoing a feeding frenzy of articles, training opportunities, consulting and new product introductions as a result of the 2010 introduction of the latest Machinery Directive and the 2011 withdrawal of EN 954-1 – once the cornerstone of safety related control systems in Europe.

A host of compliance and liability queries have been thrown up by delegates attending SICK Machinery Safety courses, and the minds of engineers who are trying to adopt the new regulations and technical standards are occupied by a remarkable range of technicalities.

Seeing the whole picture

However, there is a simple and practical answer to this myriad of questions. It is best to avoid an accident altogether in order to avoid liability. This means we need to revisit the basics rather than start covering liability issues and the deep technical details of the new standards.

Before asking how to make a machine comply with regulations, the engineer needs to establish all the ways the machine might harm someone. We often see a perfectly executed safety measure which meets all legal standards and technical requirements, yet misses other hazards which could have been picked up by standing back and looking at the whole picture.

Of course, this is risk assessment, the first step to meeting the Provision and Use of Work Equipment Regulations (PUWER) or the Supply of Machinery Safety Regulations.

A team approach

By positively applying the risk assessment processes and looking for all sources of harm, you can be more certain of identifying your liabilities. You should also be aware that the same key question may generate different answers from people with different view points. How can this machine possibly harm someone? This can only be answered by people who operate, maintain or service the machines and, for new equipment, those who design, build and install it.

Good risk assessment comes from a team of people moderated or coached by someone who knows the process. Risk assessments carried out by individuals are usually flawed, as few people can see the whole picture unaided.

Reducing risk

Once all the hazards are identified, we can apply measures to reduce the risk of harm, such as inherently safe design measures, safeguarding and/or complementary protective measures and information for machinery use.

For safe design measures that require a control function, standards such as BS EN 13849-1 or IEC 62061 apply. While much has been discussed about these standards and their requirements, both follow a process based on the principle of Functional Safety.

Although both standards take a more quantitative approach to specifying the performance of a Functional Safety System, there is little within the standards that actually guide the engineer on defining the Safety Functions in the first place. Confusion is very often caused by the task of allocating safety functions in order to reduce the specific risks identified by the risk assessment.

For example, opening a gate fitted with a safety switch results in the safe stop of two robots and the safe stop of a turntable mechanism.

Is this one safety function associated with the opening of the gate or three individual functions associated with the three hazards? Or, is it a more complicated issue of how many individual hazards a person can be exposed to at the same time?

It can be difficult to decide, especially if each hazard can cause different levels of harm. Where safety functions are poorly defined, components may be over or underspecified when trying to achieve appropriately robust Performance Levels or Safety Integrity Levels.

Levels of safety function

Even when the safety functions are correctly identified for each hazard, there is probably a further level of safety function related to the controls themselves. For example, the action of resetting a primary safety function can be considered a safety function in its own right.

In a typical machine set-up, the operator may be required to enter a hazardous loading area by walking through a guarding system that trips the safety function after every cycle of the machine. This means that the manual reset function is the only measure that ensures the operator is outside the hazardous area when the machine starts. As a result, the reset function actually needs a similar performance level to the guarding system. Whereas a safety function that continuously detects the operator inside the hazardous area will automatically ensure they have left the area before a restart – a continuous detection measure would make the reset function less critical and, in some instances unnecessary, thus speeding up production.

Some other safety functions that result from the control system design also include muting systems and their associated sensors, bypass, hold to run and override functions. However, even when all the safety functions are identified, further work is required to identify exactly the safety related parts of the control system or its sub-systems.

Delivering safe design

The challenge of applying the standards to real safety related control functions is often the more difficult aspect of the standards. By using thorough Risk Assessment as the foundation, SICK can deliver Functional Safety design specification, Performance Level calculation, software specification design and validation as part of its daily work and, through this support, endeavour to transfer knowledge into a customer’s organisation.