How Much Safety Is Enough?

Safety Training
An Omron STI technician trains a maintenance engineer on how a new light curtain and muting package operates on a press brake.
Source: Omron STI

Utilizing programmable safety systems allow an OEM total design flexibility on how to react on safety-critical situations while still being able to achieve the highest safety categories at a cost comparable to traditional hardwired safety solutions.

Robert Muehlfellner, director of automation technology, B&R Industrial Automation

Free Standards

Since you mention robots, a good starting place is to review ANSI/RIA R15.06 Industrial Robots and Robot Systems—Safety Requirements. The standard is laid out such that there are two paths the reader can follow in safeguarding a robot system. The first is the Prescribed Method, in which the requirements are very prescriptive and are at a high level of safety. The other path, the Risk Assessment Method, allows for justification of other safeguarding solutions, which is what it sounds like you are looking for. If you do not have a copy of this standard, you can purchase one at IHS Standards Store, or you can get a copy free from your local Banner Engineering representative. Your local Banner Engineering representative can also help and make suggestions as to appropriate safeguarding solutions.

Mike Carlson, safety products marketing manager, Banner Engineering

It’s Curtains for Danger
Safety light curtains and perimeter guards protect access to a robot cell and monitor the interior of this assembly and welding robot station.
Source: Sick

Safety Ratings

When addressing robotic safety, a user should first reference the applicable industry consensus standards. In the U.S., the relevant standard is ANSI/RIA R15.06-1999—Safety Requirements for Industrial Robots and Robot Systems; in Canada, CSA Z434-03—Industrial Robots and Robot Systems—General Safety Requirements. Both of these industry consensus standards address safe implementation and operation of robotic systems. Additionally, both standards provide two methods for users to determine how to adequately safeguard their equipment. The first option is called the prescribed method, while the second is referred to as the risk assessment method. Using the prescribed method, the user is provided with performance requirements of an adequate safeguarding solution. The risk assessment method, however, provides a method for the user to determine the level of safeguarding adequate for the risks presented by the manufacturing system.

Since the robot is associated with other equipment, any appropriate consensus standards for the specific metal cutting equipment should also be referenced, including the ANSI B11 machine tool standards. Within the ANSI B11 standards, risk assessment is recommended to determine the appropriate safeguarding measures that should be implemented based on the associated risks of the equipment. Furthermore, another risk assessment model is provided in ANSI B11.TR3-2003—Risk Assessment and Risk Reduction—A Guide to Estimate, Evaluate and Reduce Risks Associated with Machine Tools.

Through risk assessment, the hazards are identified and the severity of harm and frequency of exposure are evaluated, resulting in the estimated risk of each hazard. Using the risk reduction process, safeguarding measures commensurate with the associated risk are identified using the hierarchy of controls. When performed properly, the outcome should result in a process that is safe for operators, regardless of which risk assessment/risk reduction model is used.

Aside from the outcome of the risk assessment/risk reduction process, the RIA, CSA and B11 consensus standards all require that the safety components used for human protection are safety-rated for all applications, with the exception of the very lowest-risk applications. When considering components that are used in safety-related functions, best practice is to use components that are safety-rated, meaning each device has been tested, evaluated and proven to operate in a reliable and acceptable manner when applied in a function critical to health and welfare of personnel. If it is ever unclear if a device has been tested to be safety-rated, the user can always contact the device manufacturer to determine suitable use of the product. If the manufacturer states that the device is safety-rated, they should have the documentation available to provide further information, including which third-party testing organization performed the evaluation and to which standards. It is also important to note that all components within the safety system should be safety-rated, from the interlock or presence-sensing devices the operators will interact with, to the components of the control circuit, such as the force-guided relays, safety monitoring relays or safety programmable logic controller (PLC) that control the hazards.

Chris Soranno, machine & process safety engineer,
assess & proposal coordinator
Omron Scientific Technologies

Don’t Forget to Document

Your company has to decide what level of risk reduction measures you want to apply for adequate or acceptable risk.

Safe Zone Control
When the forklift truck needs to load parts past the light curtain, the loading bay can be set to safe load. This allows the loading of parts to that station by muting the light curtain, but without stopping the robot from working. So in the situation of the loading from the close side of the image (Zone 1), the robot can continue to pick the parts from the other loading bay (Zone 2) and move to attach the parts (Zone 3) near the conveyor. In safe load, the robot will only work between Zone 2 and 3 and not come to Zone 1 until the trick has loaded, moved away and the light curtain is unmuted.
Source: Rockwell Automation

To determine what level of safety is appropriate for your custom machinery, it is best to start with determining what hazards are associated with the operation of the machine. This is commonly called a risk assessment. There are many examples of a risk assessment process—ANSI TR3 and RIA15.06 are the most referenced sources.

A risk assessment is a useful tool to determine exactly what you need to do to provide a safe machine for your employees.

Following is one method of performing a risk assessment.

Identify all the reasonably foreseeable hazards associated with the machine. Some considerations include how the operators and service technicians interact with the machine, how other people in the plant—for example, managers, potential customers—interact with the machine and what type of environment the machine is located in.

Once you have a list of potential hazards, you need to determine the potential severity of each of the hazards and the possibility to avoid the hazard. Severity can be anywhere between death/permanent injury to a minor injury where the person will be able to return to work during the same shift.

Now you have a list of hazards and the severity of each of those hazards. You then need to determine the probability of occurrence for each of those hazards. The probability of occurrence can be anywhere from very likely to happen, for example, the chances of cutting your hand if you move it across the edge of a piece of sheet metal, to rare, the chances of a machine tipping over.

You now have a prioritized list of hazards according to the potential injury and probability that your company can use to determine the correct level of safety for your machine. You can find and apply various risk reduction safety strategies, such designing out the hazards, using safeguarding devices, personal protective equipment and work procedures to your machine to remove hazards to a point where you and your company are comfortable with the risks that remain and that the risks are acceptable.

One last important step is to document your risk assessment process. If you haven’t documented your process, you haven’t completed the risk assessment.

Steve Aamodt, machine tools market manager, Sick

Safety Dollars Enhance Machine Design

This is a question many machine builders and end users face continuously. It all starts with your one question: How do we decide exactly what level of safety is appropriate for our custom machinery? We all know that we must design, build and use safe machines, but what is safe and how safe do I really need to make the machine?

Source: Bosch Rexroth

The best answer to your question is to perform a risk assessment. Many U.S. and European Union standards require manufacturers to do risk assessments. In addition, OSHA in the U.S. requires all end users to provide a safe working environment for employees. Standards like NFPA 79, ANSI RIA 15.06, ANSI/PMMI B155.1, ISO 12100 and ISO 14121 all require that risk assessment be performed to determine the appropriate level of safety for each machine.

Risk assessments are the best way to determine what level of safety is appropriate. Risk assessments help the machine builder meet regulator and standard requirements as well as help determine the proper amount of safety to be applied to the machine. By identifying the hazards and risk associated with those hazards, proper safety mitigation can be applied to the machine. You can determine what level of safety must be applied and also determine where and how. For example, you don’t want to apply too much because that might drive the price up; and too little could leave potential hazards unguarded. Applying contemporary safety solutions means applying the appropriate amount of safety in the most cost-effective manner. To do this, you need to leverage new technology and the latest safety standards to provide a safer, more productive machine.

Risk assessments also have other benefits, including showing due diligence in the machine design process, providing information on how to use the machine correctly, offering information on where and how to spend safety dollars to enhance the machine design. This ultimately leads to a better, safer machine and results generally in a more marketable machine to end users, your customers.

So, how do we decide exactly what level of safety is appropriate for your custom machinery? Design it in from the beginning and use a risk assessment to properly implement the appropriate levels of safety to enhance your machine’s design and improve productivity.

Michael B Miller, certified functional safety expert and manager,
safety business development,
Rockwell Automation

E-Stop Is Not a Silver Bullet

There is often concern that adding personnel safety measures to a machine will cripple production. However, if properly implemented, safety measures should be transparent to the operation of the machine. Before you start adding safety you must have a proper risk assessment done to determine what level of safety is needed.
A key issue is stopping distance. An e-stop is only a stopping device; it does not protect the person once they have hit the e-stop in a work area. Another issue is machine setup, which usually involves jogging the robotics and machinery. Most robot manufacturers provide a three-position switch pendant for allowing motion inside of a work envelope. Again, this is only really a stopping device, not a protection device.

For safety and productivity measures, consider adding a level of safety called “safe motion.” Most vendors provide servo motion with a starting lockout. However, this doesn’t help your production when you have to jog the machine from inside, since the starting lockout would prevent the motion from starting. Safe motion incorporates monitoring the speed, position direction and torque of a servo motion, and in some cases a redundant holding brake to protect workers servicing a vertical axis.

When the machine is stopped and the operator enters the work area, the safety measures should automatically—through detection of presence by safety mats, light curtains or guard switches—prevent unexpected motion. Using drive-based safety functions like “safe operational stop,” you don’t have to remove power from the motors, possibly losing synchronization and/or time to restart after a production interruption has been remedied. This will help avoid productivity loss.

In addition, if it is necessary to move machine parts to clear a jam or complete a similar recovery operation, using the safety-related features in the servo drives—such as safety-related reduced speed, limited incremental distance or limited direction—can allow that motion to be done safely under power instead of manually, helping to clear a problem quickly to resume production. Jogging the machine with a three-level enabling switch while in the work area can now be done with confidence, since the dual, redundant monitoring of the drive will not allow the speed to exceed the configured reduced speed, even if there is a hardware failure or programming error in the control system.

Bosch Rexroth provides all of this safety-related functionality in its drive-based Safety on Board system, which is compatible with nearly all vendors’ controls. It can be connected to provide the safety functions independently of the control, thus making it great for retrofits where safety is required. Use of these drive-integrated personnel safety measures can assist the operator in recovery operations and result in improved productivity.

The key to machine safety starts with a good risk assessment and a plan to safeguard all machines. We don’t recommend that your equipment selection be left only to those controls that provide a starting lockout. You will be forced to add a lot more on the controls side to accomplish safe motion control.

David Arens, food and packaging applications engineer,
and Gary Thrall, account executive—machine tool and integrated safety,
Bosch Rexroth Electric Drives and Controls