Proactive machine safety assessment pays off

The benefits of a safety control assessment go far beyond just machine operation. But if we don't embrace a safety strategy when designing machines for our customers, we may lose out to foreign competition.

By Curt Miller, CFSE, PE

NEW WORLDWIDE SAFETY standards and domestic technical reports lean on the principle of performance-based safety control solutions. The Europeans felt trade economic pressures before we did, and knew they would have to prevent trade barriers through a universal standards strategy. This opened up a new approach to safety measures, one that looks at the evaluated risk of an unmitigated machine as the design basis for additional safety measures, albeit a safety system or other protective layer. Machine builders who follow this approach can design a safer machine and, in the long run, lower end user lifecycle costs. Other significant benefits surface as well as a result of this proactive engineering and management process.

The main benefits resulting from a performance-based, machine safety lifecycle approach include:

  • A closer pre-sales relationship with the potential user
  • Proper front-end selection of protection devices
  • A decrease in specification errors and resulting accidents
  • Consequences, impacts on manufacturing, and corporate image losses can be quantified (beyond basic personnel safety and equipment costs) and included for a higher justification
  • The production process is enhanced by uncovering embedded reliability issues
  • Lower compliance costs for machine use abroad as a result of uniform methods

Details on each of the above will follow, but first here is a quick review of new and historical methodologies from both the machine builder and end user perspectives.

A Brief History of Safety Control
As mentioned, the U.S. does not have a unified front that clearly spells out each machine builder's and end user's machine safety requirements. Unfortunately, the general attitude is that the end user has ultimate responsibility for an incident. So, unless the end user clearly specifies his machine safety needs, it is left to the machine builder--who is under pressure to maintain costs in a competitive environment--to interpret current laws and standards to determine whether or not the system is in compliance.

This is not an easy task because the regulation and standards trail is murky at best. Figure 1 (click the Download Now button at the end of this article for a pdf version of all figures mentioned in this story) shows the compliance “maze” that a unique automated machine builder must follow. OSHA, naturally, is the overriding regulator and provides very general "1910.2xx" standards. The figure also references the American National Standards Institute (ANSI) for application standards and the Nationally Recognized Testing Laboratories (NRTLs) for device standards and certifications. ANSI, in turn, oversees the development of needed standards through various consensus bodies including the Association for Mechanical Technology (AMT) and the National Fire Protection Agency (NFPA), to name a few. There might be reference and industry-specific standards that should be reviewed as well.

New Assessment-Based Approach
Rather than just following a prescriptive approach to standard machine tool applications or following "good engineering judgment" for unique apparatus, the new ANSI (B11.TR3 (Dec. 2000), B11.TR4, RIA 15.06, and B11.20) application standards all point to a risk-based, performance-oriented procedure. Some machine builders may feel unsettled by this, because no longer does someone “tell” them what they should do so that they can stand behind it. An appropriate analogy is that of a mother who protects her child against the winter elements. A mother wants to protect her child, so she tells him he must wear a coat to remain warm. If the government felt this mother represented the norm and wanted all children to be protected, then they would state that all children must wear coats.

But what about the season? (Production and resulting personnel hazard exposure rates fluctuate too.) What if the child already has on two or three layers of clothing? (How many protective layers does your application have?)

Even if the weather stayed “cold” all the time, are there different temperature levels that require different coats (like different machine safety control integrity levels)? Based on the degree of cold, what would the consequences be? Is the child in good health and might just catch a cold as in most cases, or could he come down with a severe case of pneumonia and die? (Likewise, what is the magnitude of unmitigated consequences with your machine?)

These new standards weigh the risk of each hazard, compare it to a tolerable level that is based upon existing protection levels, and if insufficient, add more protection. The gap itself will determine the appropriate functionality and integrity of the preventative measure. This can be accomplished by using a risk matrix table (Figure 2 -- click the Download Now button at the end of this article for a pdf version of all figures mentioned in this story) ), which has the likelihood and consequence metrics across two axes. Quadrants are internal to the matrix, and should be calibrated to the different approaches to risk reduction and protection technology that the company wants to standardize on.

Bank on the Benefits
Let’s take a closer look at the benefits mentioned earlier.

Benefit 1--Closer pre-sales relationships are developed. For the machine builder, this means that he will review with the prospective user his list of known hazards for his equipment and relay how he lowered the risk to a tolerable level. The user can evaluate the hazards presented, add any additional hazards that might result from the equipment’s location at his site, and ultimately determine if he agrees with the machine builder’s evaluation. If the user needs more protection, he might elect to have the machine builder upgrade the control reliability solution to a level that matches the perceived risk.

Given a "cost of ownership" that would include a high cost of an accident, this stage should be an integral part of the pre-sales evaluation. Machine builders and prospective users that take a progressive approach to protecting personnel and assets will reject the poor and inherently dangerous designs that are the result of "low-bid" approaches.

Benefit 2--Proper front-end selection of protection devices. The machine builder can optimize its design with a balanced methodology, matching the machine safety control integrity benefit to its targeted risk reduction. In the past, especially in process industry applications with large consequences, there was a general tendency to over-specify. In the domestic machine markets, it appears the reverse it true. Protection levels are lagging the potential consequence of an accident.

Because the user has taken time to properly define his corporate "calibrated" risk matrix with machine safety control design guidelines, the result is a uniform methodology to the protection device selections across local and other corporate sites. The user can relay this information to prospective machine builders.

The benefit to both parties is that appropriate measures will be in place from the start, instead of being haggled over during the installation, or added as a retrofit after the equipment is installed.

Benefit 3--Decrease of specification errors and resulting accidents. It has been reported by the UK Health and Safety Executive1 that 44% of accidents resulting from safety controls are due to specification errors. An additional 36% result from changes during commissioning and after installation. If performance-based, good engineering practices of the new standards are followed, the resulting accident rates should drop as well. The benefits to both machine builder and machine user are significant.

Benefit 4--Impacts on manufacturing and corporate image losses can be quantified and included for a higher-level justification. By quantifying the consequence portion of the corporate risk matrix, a method that involves the expected value of risk integrals will sum more than just the safety and equipment costs. It could include personnel issues such as fatalities, injuries and retraining; environment factors that include exceptional toxic release, internal cleanup activities, fines, etc.; equipment replacement and installation; business interruptions as, for example, a measure of lost production over the expected period; and business liability arising from direct customer contract losses. In addition, there could be fundamental business issues affecting company image and subsequent effect on stock market value, lost market share as customers react by going to competitors, or the cost of maintaining during warranty period, depending on the sophistication and location of user.

For the machine builder, the above results could affect the company’s own business liability from customers’ lost business and lost market share, its own company image, and subsequent warranty obligations.

Clearly, communicating all these potential consequences and their effect on design in the proposal review stage should be an imperative for both machine builder and customer.

Benefit 5--Production benefits realized by uncovering embedded reliability issues. If a complete reliability analysis is done both on the machine mechanical parts and the safety and control components, the weak links would be uncovered.

For the machine builder, this could lead to a competitive edge. If adding 5% in incremental capital costs for a safer, more reliable machine means the user sees a 20% production cost savings--and the user can quantitatively see this--then this value-add approach could enhance the machine builder’s competitive edge.

Although a more reliable solution or study may cost more, the lifecycle cost for the customer could be much lower. In the selection of new equipment, a user might not always be able justify the added redundancy up front, but if some minimal provisions (extra wiring, cabinet space, etc.) were included, it might reduce the cost for future upgrades. For equipment that has been in service for more than ten years, cost/benefit studies may justify immediate upgrades.

This type of incremental addition strategy could help both parties make significant contributions to their bottom line.

Benefit 6--Uniform method should lower compliance costs for use abroad. The machine builder that follows the new assessment methodology will alleviate redundant designs and decrease the time needed to reach those foreign market.

If the customer has more than one facility, this approach provides a common, systematic culture to keep all involved parties "on the same page" about hazards, estimated risk, and prescribed machine safety protection. Both machine builder and customers will be "locked-in-step" with their international approach to functional safety with common platforms.

It Makes Good Sense
Given the six benefits that result from a performance-based safety assessment, wouldn't every machine builder and customer in the U.S. want to follow this new approach? Doesn't it make sense? Wouldn’t it be "The most significant step forward in the field of safety in the past thirty years," as declared by Fred Manuele?

We can speculate that most of the companies that could benefit are too busy, too scared, or too lean to follow an approach that requires an investment on the front end.

But if we don’t embrace these strategies, don't be surprised if we lose an American stronghold to foreign competition, as did the car makers that lagged behind in embracing quality procedures to foreign competition in the 1980s. It clearly could happen again.


 About the Author


Curt Miller, CFSE, PE, safety consultant with exida, has more than 13 years of professional experience with safety systems. He most recently spent six years supporting machine control markets as senior engineer for an automation supplier. Curt is a BSChE graduate of Texas A&M. You can reach him at
cmiller@exida.com