Beware corporate safety standards

Machine builders are often put in a tough situation by a dictated standard because they also must assume partial liability for something they didn’t engineer.

By Jason Christopher, Field Editor

IF YOU WORK for an industrial machine builder or a system integrator, you surely are familiar with corporate standards. At the onset of any job, you get a stack of documents describing the customer’s electrical, pneumatic, and hydraulic specifications to which you’re supposed to design.

Traditionally, these standards detail what manufacturer and part number is allowable for each different device on the machine, a.k.a., a preferred components list. They also might recommend some build practices that the end users would like to see to ensure continuity and functionality in their facility. These corporate standards will dictate, for example, that “circuit breakers aren’t acceptable for the main disconnect” or “all line voltage wiring shall be black.” Sometimes, they even recommend preferences that the end user would like to see employed, such as “all equipment shall be outfitted with a lighting disconnect and a 120 V AC receptacle fused for no less than 3 A.”

Lately, I’ve noticed a new trend in these documents. It seems that, as companies update them, they’re intent on upgrading the safety-related aspects of the corporate standard. I’ve seen some documents dictating that our designs must incorporate a two-channel safety relay for specified functions. Others actually provide sample wiring diagrams that clients would like us to follow.

I’m very cautious about corporate standards that dictate specific designs. For example, what if the system designer’s risk assessment indicates that the specified hazard is only a Category 2 risk? Complying with the customer’s corporate standard requiring two-channel safety circuits adds unnecessary cost and complexity to the system. In this example, the error is on the side of safety. What if the error is in the opposite direction?

I recently was handed a corporate safety standard that dictated how the e-stop circuit should be wired, and what safety relays were allowable for this application. Missing from the list of allowable safety relays were any time-delay models that provided provisions for a Category 1 controlled stop. Further, the company also called for guard door switches that were “power-to-lock.” The machine we were quoting employs dual 17,500-rpm spindles. In an e-stop situation, the spindle could take as long as 10 minutes to wind down if left to freewheel by simply removing power. If the main disconnect is turned off, then a service technician or operator would have full access to the machining area, while the spindles were winding down, courtesy of the “power-to-lock” safety switches.

This particular corporate safety standard actually constituted a significant safety oversight, which was created out of an uninformed attempt to create a safer machine.

Perhaps our machine-buying customers should approach safety enhancements a little differently. Instead of dictating which components to use and how to wire safety circuits, they should simply tell us equipment suppliers to do our job. What I mean by this is that they should be asking us for the machine’s risk assessment, and approve our designs based on the thoroughness of the assessment and the level to which the engineering design addresses the hazards detailed in the assessment.

If machine builders are doing their job, before a single wire is terminated, nearly every hazard associated with that piece of equipment is known and understood. Each hazard will be recorded in a document that details all of the steps necessary to reduce each risk to an acceptable level. Furthermore, for each risk, there should be a quantifiable means of determining whether or not enough risk reduction had been performed.

In addition, there is also a liability issue to consider when corporate standards dictate designs to a machine builder. If there is an unsafe failure, at least part of the liability for that failure is assumed by the end user that dictated the design. Likewise, the machine builder is put in a tough situation by a dictated standard because they also must assume partial liability for something they didn’t engineer.

The job of the responsible engineer on the purchasing end of the deal should be to review the risk assessment, along with the design, and determine if the equipment does achieve a satisfactory level of safety. If a customer wants to enhance the safety level of the incoming machines, they can help ensure that the supplier is taking the necessary steps to provide safe equipment, and let them know up front that they will be evaluated on that basis.

Our customers shouldn’t try to do our job for us. They just need to let us do ours.

  About the Author
Jason Christopher is a control systems designer for Peko Precision, Rochester, N.Y., a provider of custom production machinery and assemblies. You can reach him at

Free Subscriptions

Control Design Digital Edition

Access the entire print issue on-line and be notified each month via e-mail when your new issue is ready for you. Subscribe Today. E-Newsletters

Biweekly updates delivering feature articles, headlines with direct links to the top news stories that are critical to staying up to date on the industry — company news, product announcements, technical issues and more. Subscribe Today.