Preventing safety interlock operator bypass
There are several ways on how machine builders can prevent operator bypass, which can create dangerous incidents.
Machine safety insights
- Machine builders must consider ISO 14119:2013, addressing potential operator motivations to bypass safety interlocks, such as efficiency and piecework incentives, to enhance safety and compliance.
- Implementing Unicode interlocks and startup tests can effectively minimize the risk of tampering, ensuring operator safety by preventing unauthorized manipulation of safety interlocks.
Safety guard interlocks are designed to protect operators when working with high-risk machinery. However, they can be vulnerable to manipulation, putting operators in danger from unsafe machinery.
There are many reasons operators may want to bypass guard interlocks, and often it comes down to efficiency. They may want to keep a robot cell door open to enable them to perform maintenance without having to shut down a machine.
When designing equipment that includes safety interlocks, machine builders must comply with ISO 14119:2013, which requires the likelihood of overriding to be considered.
If the motivation is foreseeable, for example, if an operator is paid based on piece work, machine builders must take further measures, and it’s important for both safety and compliance to know what these are.
Typically, safety interlocks consist of a safety switch and an actuator. If the actuator is accessible, there may be a greater motivation to remove and use it to bypass the interlock. One option is hiding the actuator in the door frame, so operators don’t know it’s there. However, often when they see non-contact switches, operators may remove the actuator and tape it to the switch so the door can open and close without breaking the safety circuit.
Because of this, it is important to secure the actuator to prevent its removal. A common approach is to use non-reversible screws to bolt the actuator in place so that operators can’t unscrew it. Alternatively, embedding the safety devices in the machine’s frame out of sight could help prevent manipulation.
Consider coding type
Even if the actuator is hidden from view, this may not stop maintenance staff and other operators from using a spare actuator as an override key. If they do, the guard system may not know that the safety signal was being manipulated, which could leave the robot cell and operators vulnerable.
Some interlocks with RFID technology have unique coding, whereby the actuator is paired to a specific switch. This prevents spare actuators from being used to override guard interlocks.
There are two types of coding — Multicode, typically found in applications where manipulation is of a lower concern — and Unicode for more high-risk environments. Though highly secure, any compatible actuator would work with a Multicode switch, meaning operators could buy a replacement and the switch would recognize it. This is not the case with Unicode.
If there is a high risk of manipulation, machine builders should use a Unicode interlock. These minimize the risk of tampering by replication because each actuator must be assigned to a specific safety switch.
There are safe ways for overriding interlocks when required, for maintenance or commissioning, for example. RFID systems have benefits over traditional key switches because they avoid duplication.
Startup tests
Incorporating a startup test into the control system can help discourage operators from tampering with switches or actuators. For example, a startup test could require each guard to open and close at the start of every shift, so, if an operator did remove an actuator and tape it to the switch, it would be easier to spot. First, they would need to un-tape the actuator and put it in its original place ready for the test, before removing it again and re-taping it after the test to continue bypassing.
Startup tests are especially beneficial in machine tool, packaging and automotive plants where machines run for several hours. Longer shifts mean wide windows for override attempts, but startup tests can be surprisingly effective at discouraging operators from manipulating safety devices.
To protect operators, machine builders must consider the motivation for bypass – ISO 14119:2013 compliance requires it. If override motivation is “foreseeable,” options include incorporating startup tests, strategically placing actuators and using Unicode interlocks.
– This originally appeared on Control Engineering Europe. Edited by Chris Vavra, senior editor, Control Engineering, WTWH Media, cvavra@wtwhmedia.com.
ONLINE
See additional machine safety stories.
Original content can be found at Control Engineering Europe.
Do you have experience and expertise with the topics mentioned in this content? You should consider contributing to our WTWH Media editorial team and getting the recognition you and your company deserve. Click here to start this process.