Safety and risk minimization in the operator control of plant machinery
Machine and operator safety must be considered at all stages of its service life and never become an afterthought
Modern machines are being produced with faster lead times—and designed to operate at considerably higher speeds than in the past. In the great race to meet production deadlines and budgets, safety must never be an afterthought. The least effective and most costly safety fixes are made after a machine has been commissioned and problems arise. Machine and operator safety must be considered at all stages of its service life from design to commissioning to operation and maintenance.
Machine functional safety standards still a work in progress
Operating safely at higher performance dynamics calls for uniform safety concepts at the component, machine and system design levels. Mechanical engineers developing safe machines are bound by standards and need to know how these aggregate standards may affect their designs. Not only is it important to understand the application ranges, but also how standards differ and overlap.
Effective in 2010, the comprehensive Machinery Directive (MD) 2006/42/EC defines requirements to be met for machines intended for the European Economic Area (EEA). MD is universally applicable for machinery, replaceable equipment, safety components, load handling devices, chains, ropes and lifting straps, detachable cardan shafts, partial machines and service elevators.
When a machine is built, mechanical engineers must confirm that MD requirements are met, indicated by affixing the CE mark to the machine, indicating that it can be put to market in the EEA. While CSA Standard Z432-04-Safeguarding of Machinery includes basic concepts and general safety considerations for design, the new European MD is designed to ensure consistent global standards of safety—commonly referred to as harmonization.
All machine safety standards are intended to ensure that safety doesn’t get shortchanged. Until recently, a safe torque off (STO) and safe stop 1 (SS1) function was sufficient for most applications. However, the trend towards increased functional safety in electrical drive and automation technology has gained traction. EN ISO 13849-1 and EN IEC 62061 both address issues of functional safety of machinery.
In the field of machine and systems engineering, the EN IEC 62061 standard addresses the functional safety of safety-related electrical, electronic and programmable electronic control systems. As such, the standard does not apply to hydraulic, pneumatic or electromechanical safety-related control elements, for example. In December 2011, EN ISO 13849-1 completely replaced EN 954-1. For machine builders and plants this meant changes affecting product certification, specifically requiring that probability calculations be taken into account when defining safety. EN ISO 13849-1 can be applied to the safety-related parts of control systems and all types of machines, regardless of the technology and energy used (electrical, hydraulic, pneumatic, mechanical, etc.).
Implementing safety at the product level can provide the best possible support to those responsible for machine safety and overall plant performance levels. Regardless of whether an engineer chooses to work in compliance with EN ISO 13849-1 or EN IEC 62061, probability calculations are now required to verify the reliability of the safety-related parts of machine controls. So, the relevant safety-related parameters of individual components come into play.
Understanding specification functions of safety-related parts
What risks does the machine pose? That should be among the first questions asked during the design phase. It can be fundamentally assumed that any hazard prevailing on a machine will sooner or later cause damage if protective measures are not taken. Therefore all potential hazards must be identified very early in development.
A comprehensive risk and hazard analysis can identify and assess risks posed by each potential hazard. Findings of the analysis can then be used to make decisions about the need to reduce risks. If these initial steps identify a need for risk minimization, each of the standards set out a hierarchy of measures to mitigate and minimize hazards to acceptable levels via design measures, protective devices and user information.
Like its predecessor standard, EN ISO 13849-1 uses a risk graph. The graph indicates PLr (performance level required). This is the new gauge used to measure actual performance level (PL) achieved following implementation of defined safety components. The PL refers to the ability of safety-related parts of a control system (SRP/CS) to perform a safety function designed to achieve the expected reduction in risk. Both quantitative and qualitative aspects are taken into account. In short, the PL must be greater than or equal to the PLr.
Risk parameters, including frequency, severity of injury, and avoidance tactics, must now be evaluated for each hazard identified in the risk and hazard analysis. If design measures can be taken to minimize the risk, the risk graph process (iterative method) is repeated, with the aim of achieving a lower PLr for previously more serious hazards. If this can be achieved, the risk will have been successfully minimized by design.
However, in many cases, design measures are insufficient, so protective devices are needed to achieve adequate risk minimization. It is within this context that safety functions executed by SRP/CS are defined. SRP/CS measures include the entire safety chain comprised of sensors (detect), logic (process) and actuators (switches). Safety functions are defined on the basis of both the application and the hazard. They are often specified as a Type C (product standard), which sets out precise specifications for special machines. In the absence of a C standard, safety functions are defined by the machine designer. Typical safety functions are described in more detail in EN ISO 13849-1 Section 5.1 Specification of safety functions. The safety functions for adjustable speed electrical power drive systems are not described in EN ISO 13849-1, but in the separate standard IEC 61800-5-2.
The EN ISO 13849-1 standard requires that a specification of functional safety requirements be drafted containing details about each safety function to be executed. To this end, the Plr must be defined as described above and documented in writing. Additionally, one must define the necessary interfaces with other control functions and required error responses specified. The PL must be estimated for each selected SRP/CS executing a safety function. Parameters include identifying each structure by category, mean time to failure danger of individual components, diagnostic coverage, common cause failure, the behavior of safety function under error conditions, safety related software, systematic errors, and the ability to execute a safety function under foreseeable ambient conditions in the plant operation. Standard EN ISO 13849-1 uses a graph to describe a simple way of estimating the PL. The graph illustrates the relationship between the familiar category from EN 954-1 and new relevant safety-related parameters.
|Search the online Automation Integrator Guide|
Case Study Database
Get more exposure for your case study by uploading it to the Control Engineering case study database, where end-users can identify relevant solutions and explore what the experts are doing to effectively implement a variety of technology and productivity related projects.
These case studies provide examples of how knowledgeable solution providers have used technology, processes and people to create effective and successful implementations in real-world situations. Case studies can be completed by filling out a simple online form where you can outline the project title, abstract, and full story in 1500 words or less; upload photos, videos and a logo.
Click here to visit the Case Study Database and upload your case study.