Protect Plant Personnel

Spurred by European directives, companies provide enhanced safety devices and risk assessment education to enable control engineers to design better safety into machinery and processes.

By Gary A. Mintchell, CONTROL ENGINEERING March 23, 2001

Manufacturing has been a dangerous place to work since the beginning. Even as engineers have tried to design safeguards and unions try to educate members about the importance of safety, as late as 10 years ago it was not unusual to walk around a factory and see guards taken off machines and safety switches ‘defeated.’ Safety is an extremely urgent concern. Of course, care and concern for plant personnel is primary. No one who comes to work in manufacturing should be put in avoidable risk. All should be well trained for those situations where some risk is involved. Further than that, injuries also cause lost production, impact quality, bring unwanted attention from regulatory agencies, and more. European EU-Machinery Directive 98/37/EG-recognized as law in European Union (EU) countries-impacts not only European manufacturers but also any OEM desiring to sell there. End-user companies in other countries can easily integrate these methods into safety standards of their own. While this article points out risk-assessment methods under the Directive, applicable U.S. standards include those from UL, ANSI, and OSHA. Roland Puerner, machine safety devices product manager at Siemens Energy & Automation (Alpharetta, Ga.), advises, ‘Safety concerns must be addressed up front, when engineers are planning a product, system, or plant. Using integrated intelligence from sensors and drives, safety becomes part of the process’ function, rather than a net for leaping into when disaster hits. Design in safety ‘Right now,’ Mr. Puerner says, ‘conventional safeguarding for machines is separated from technical evolution of standard automation. Patching together safety after-the-fact is slow and burdensome, requiring parallel wiring, special engineering tools, and redundant efforts. Addressing safety during planning and development saves time and money, and works better, too. Safety technology has to be integrated into standard controls-we call that `Safety Integrated.” What Mr. Puerner points out applies today and in the future. Current safety control systems require hard wiring components rather than putting safety sensors and control on an existing industrial automation network. This Dedicated safety systems make sense from more than just a legal view. Safety control must be as failsafe as possible. Safety relays contain redundancy to assure proper operation even under abnormal circumstances-like a cut wire. Industrial control networks will need some further development and refinement along with extensive testing to become accepted for safety requirements. Joe Lazzara, Scientific Technology Inc. (STI, Fremont, Calif.) president and ceo, agrees with the trends. He states, ‘The days of `we’re almost finished, let’s throw the safety guards on’ are over. Safety becomes an integral part of machine control with the added benefit of improved accessibility and machine esthetics yielding cleaner designs with better maintainability.’ Control engineers should consider safety from the beginning of control design. Fortunately, the elements of safety systems mirror those of control systems-sensing and control. Reno Suffi, safety product marketing manager of Omron Electronics (Schaumburg, Ill.), notes, ‘With any safety system there are two crucial aspects, detection and control. The detection aspect can be achieved with safety light curtains, while safety relays can provide control.’ Other detection devices include gate switches, safety floor mats, pull activated switches, two-hand operation switches, and laser area sensors. Assess risks The following overview of the European Directive-from Banner Engineering (Minneapolis, Minn.) and Rockwell Automation (Milwaukee, Wis.)-is not meant to replace a thorough review of applicable laws. Companies mentioned in this article are a good starting place to learn more, along with applicable regulatory bodies. Safety control circuits are segmented into categories depending on their ability to maintain integrity in the event of failure. EN-954-1 Safety Related Parts of Control Systems establishes five levels from Category B at the lowest to Category 4 at the highest. ANSI/RIA R15.06-1999, Safety Requirements for Industrial Robots and Robot Systems, (but not part of the European Directive) also details a risk assessment and multiple levels of safety system integrity with the lowest being a ‘Simple’ system and the highest a ‘Control Reliable’ system. Banner Engineering provides a general description of safety circuit integrity levels, not specific to a standard. It defines Basic, Single Channel, Single Channel with Monitoring, Dual Channel, and Dual Channel with Monitoring. Basic safety system integrity may use non-safety-rated components designed to withstand their environment and integration in accordance with relevant standards. Provision for redundancy is not required. Products aid protection Manufacturers provide a wealth of products that, when properly applied, contribute to overall safety of machines. Check out online catalogs or a local distributor for further information about products and how to apply them. Also reference Control Engineering Buyer’s Guide. Interlocking switches are assembled to movable guards to ensure power to the hazard will be turned off in the event of the guard door not properly close. Some interlocking switches also incorporate a locking device that locks the guard door closed and will not release it unless the machine is in a safe condition. Two-hand controls are a common method of preventing access while the machine is in a dangerous condition. Both hands of the operator must be placed in a safe position while the machine is actuated. When physical access is frequently required, physical guarding is too restrictive for efficient machine operation. In this case, a device is required to prevent dangerous motion while allowing access by sensing presence of the operator and isolating the power source. Photoelectric light curtains emit a ‘curtain’ of harmless infrared light beams across the access point of the hazardous area. When any of the beams is blocked, the device switches off the hazard power source. Pressure sensitive safety mats are other devices for detecting operator presence in a hazardous area. For machinery covering a distance, such as conveyors, it is often more convenient and effective to use a cable pull device along the hazard area. These devices use a steel wire rope connected to latching pull switches, so that pulling on the rope in any direction at any point along its length will trip the switch and cut off machine power. Single Channel systems use safety-rated components with proven safety principles and designs but no provision for redundancy. Single Channel with Monitoring system incorporates Single Channel systems with a periodic check of the system, either automatically or manually during normal operation and at start-up. Dual Channel is a redundant system that does not fail to danger if a single fault occurs, because the second independent channel maintains ability to arrest dangerous motion. To further increase safety, diverse redundancy is employed, for example, normally open switches in the first channel and normally closed in the second. Dual Channel with Monitoring system uses redundancy combined with fully integrated checking functions. No single failure can cause loss of the safety function and any fault is detected immediately or at the next demand on the system. Once a safety critical fault is detected within the system, a safe state is maintained until the failure is corrected. Hierarchy of risk Rockwell Automation information points out the hierarchy of measures for eliminating risk according to the EU directive. First, the design must be inherently safe design. as part of the machine-design process. For those machine areas where that is not possible, designers must add protective devices. These can be locked gates, safety mats, light curtains, etc. Many times residual areas of risk cannot be dealt with by add-on devices. In those cases, risks must be contained by personal protective equipment and/or training. General, common-sense safety tips include suitable construction materials, adequate lighting; reliable control systems; prevention of accidental, unexpected start up; and use of one or more emergency stop devices. Two major ingredients of a safety strategy are risk assessment and risk reduction. Good risk assessment requires a clear understanding of machine limits and functions. It involves taking a long, dispassionate view of the entire machine and all operator/maintenance interactions with it. Each potential hazard must be identified and the degree of risk to personnel must be estimated. The next step is to evaluate each risk to determine whether existing safety measures are adequate or if additional measures must be taken. Reduce risks All this evaluation must, of course, lead to risk-reduction efforts. After implementations are completed, then assessment must be repeated to assure the desired result was, in fact, attained. Is all of this effort necessary? It is a legal requirement in the European Union. If your company is an OEM shipping there, then this is more than a theoretical exercise. Always document the risk estimation. Perform the analysis logically and methodically. Have others check it. Put it in a form that others can follow if you are unavailable. While evaluating risk, include all the life stages of the machine. These will include, at minimum, installation, commissioning, maintenance, de-commissioning, normal operation, and consequences of foreseeable misuse or faults. The term ‘risk’ includes both the severity of potential harm and the probability of occurrence. Rockwell’s guide to safety principles includes a suggested method for risk assessment. This is offered as a general guide to encourage methodical and documented assessment practice. When evaluating risk, consider severity of potential injury and probability of occurrence, which includes evaluating frequency of exposure and probability of injury. Assess injury severity Assess the severity of injury from a hazard as either fatal, major (normally irreversible), serious (normally reversible, e.g., loss of consciousness), or minor (e.g., bruising, cuts, light abrasions). Frequency of exposure can be classified as frequent (several times per day), occasional (daily), or seldom (weekly or less). Probability of injury can be classified as unlikely, possible, probable, certain. Numeric values can be attached to each category yielding a total for each hazard. Comparison of hazards generates a hierarchy of hazards that can be tackled in order of severity. It is essential to look at this process as iterative. Don’t use the ‘inoculation’ method of safety, that is, take a small injection and be cured forever. After completing an analysis, go back and assure that applied corrective measures were appropriate and effective. Use experience with the machine to discover previously hidden hazards. Training is an important preventive measure. After documenting the risk process, develop training materials to ensure proper equipment operation and maintenance. It’s hard to find good employees these days. Take care of the ones who are already there. Control engineers play an important role in machine safety and in protecting plant personnel.