It is safe to say that almost everyone who works in an industrial environment can agree that machine safety is important, protecting those who work with machines from accidents that may result in harmful or life-altering injuries. A small investment in machine safeguards is usually all that an employer needs to financially and legally protect both their interests as a company and those of their employees. Since it is not possible to find a machine guarding solution that can reduce the risk of machine related injuries to zero, the objective of machine guarding is to ensure that the risk of injuring users is negligible.
Machine safety, in its most general sense, refers to the overall safety of a machine or piece of equipment that has the potential to cause harm to personnel or property. There are a number of factors that determine what makes a machine hazardous. Likewise, there are just as many ways to mitigate those hazards, with some options being better than others. There are also a series of steps that must be taken to implement a fully validated and compliant machine safety system. Finally, safety design comes with its own industry jargon and requirements that can make the process of implementing a machine safety system a bit overwhelming. Thankfully, Rockwell Automation has defined the “Machine Safety Lifecycle” to help simplify things a bit. In this blog, I will detail Rockwell’s clear and easy-to-follow approach to implementing a safety system, and show how this approach is critical for ensuring machine safety.
Rockwell’s Machine Safety Lifecycle
According to Rockwell, there are 5 steps or actions that comprise the machine safety lifecycle. These are (1) Conduct a risk assessment; (2) Define the functional requirements; (3) Design and verify the system; (4) Install and validate the system; and (5) Maintain and improve the system over the life of the equipment (1)*. I have broken down each step in more detail below:
Stage 1: Risk Assessment
In the risk assessment stage, according to Rockwell, a machine or system is analyzed, and all the hazards and their associated risk levels are identified. A “hazards” level of risk is assigned based on the following three factors: The severity of the possible injury, the frequency with which personnel are exposed to the hazard, and the probability with which a person is able to avoid the hazard if exposed. Some of these factors are subjective, and it can thus be hard to ensure that all hazard points on a machine have been identified when working alone. Therefore, risk assessments are best completed by a team. Since maintenance personnel will interact with a piece of equipment differently than, say, the operators, it is important to include personnel from a range of differing disciplines to ensure all possible hazards are identified. Similarly, it helps to have supervisory or administrative personnel present at the time of the assessment and to highlight any procedural changes or updated PPE requirements they will need to know for documentation purposes. At the conclusion of the assessment, a risk assessment measure level, such as the required performance level (PLr) of the safety system will be assigned. This measure will need to be met as part of the design. Typically, the greater the danger posed by the safety risk, the greater the risk mitigation and safety integrity requirement.
Stage 2: Safety Functional Requirements
In the second stage of the machine safety lifecycle, a safety functional requirement specification (SFRS) is developed for the machine that uses information obtained during the risk assessment. This document addresses the risks identified in the assessment, and thoroughly describes the requirements needed to mitigate each risk to a negligible level. It also specifies the overall safety rating the system needs to meet. The SFRS does not need to be a long document. All the SFRS is meant to do is to clearly detail each risk and associated hazard, and indicate the type of risk reduction used to make the equipment safe. Since there are multiple methods to mitigate a risk, this document serves to refine the direction that will be taken during the design phase.
Stage 3: Design and Verification
The third step in the machine safety lifecycle is the stage in which the safety system is designed and verified. The system is designed using the information gathered during the assessment and the SFRS. The main requirements that must be considered when designing a safety system are as follows: The circuit architecture (redundant circuits, dual channel devices, etc.), the reliability of the components used in the system (the length of time before a part will fail), the diagnostic coverage of the system (ability of the system to detect component faults), and how well protected the system is against common cause failure (such as when multiple parts fail due to the same cause). Different combinations of these parameters yield different safety ratings (PLr). A high-risk system would need full redundancy with high reliability and diagnostic coverage, as well as diversification in components. On the other hand, an intermediate risk level system could be somewhere in the middle on those parameters. There is a handy table that illustrates this concept very effectively, seen here on page 85. Once the system has been designed and verified that it does indeed meet the required safety rating, the next thing to do is to implement the system on the equipment.
Stage 4: Installation and Validation
After the safety system is installed on the equipment / machine, it needs to be validated. This means that it functions as designed and still meets the safety rating designated in the SFRS. Validation is different than normal functional testing, although that is still a part of it. Besides making sure the system functions properly, tests must also be done to ensure that the safety circuit is able to detect faults and fail into a safe state. This is done by deliberately introducing faults into the circuit (like shorting a pair of contacts, disconnecting one of the input channels on a device, disconnecting power, etc.). This entire process needs to be documented thoroughly and a record of the tests kept on file for the life of the system.
Stage 5: Maintain and Improve
Finally, the goal at the end of the machine safety lifecycle is to simply maintain and improve the safety system over time. A poorly maintained system may degrade more quickly than expected and could introduce new safety concerns. In addition, any time the equipment / machine is modified and a new hazard presented, the safety lifecycle must repeat. This ensures that the safety system in place is compliant with the relevant safety standards.
(1)* Rockwell Automation, “Safety Related Control Systems for Machinery: Principles, standards, and Implementation.” Machine Safebook Rev. 5, Rockwell Automation, Inc. 2016, pp. 1-144 [Online]. Available: https://literature.rockwellautomation.com/idc/groups/literature/documents/rm/safebk-rm002_-en-p.pdf.
– By Tanner Grieve