Get functional safety savvy now

To limit liability and the risk of getting a raw deal, OEMs need to develop a strong safeguarding background. This article helps you determine whether a potential business aligns with your long-term goals.

Functional Machine SafetyBy Curt Miller, CFSE, PE, Exida Inc.

WHY DO industrial OEMs need to develop a strong safeguarding background? The obvious answer is to limit liability—costs that could far exceed the sales price of the equipment itself. This is especially true in the litigious U.S, where we reportedly have 40 lawyers for every engineer, while Japan has 40 engineers for every lawyer. That’s a net comparative effect of 160 to 1, and excludes the moral principle of “doing the right thing.”

For a real eye-opener, consider the struggle of SMS Group, a manufacturer of CNC machine tools for turning, drilling, welding, and leak-detection applications. Located in Saginaw, Mich., it employs about 100 people.

For nearly 20 years, SMS defended 23 product liability suits, all involving equipment never manufactured by SMS. In fact, SMS provided no service, no spare parts, and doesn’t even manufacture the types of machines involved in the claims. Each machine had at least two owners and, in some cases, as many as five. All 23 machines were older than 18 years, and all had been modified, at times without regard to government safety standards. Also, SMS often found that every safety door and guard had been removed prior to the accident.

Despite these facts, SMS had to spend $6.5 million to defend these cases. SMS deserves credit for surviving after having to spend so much to defend itself. Hopefully you’ll never get caught in this kind of guilt-by-association web.

So, how carefully should industrial machine builders choose their customers, and how finicky do they need to be to avoid such a raw deal?

The Gang of Four

The four categories of U.S. clients that need OEMs to understand how to incorporate a higher level of safety are: 1) high-risk manufacturers that can have one catastrophic event; 2) large clients with a corporate image to uphold; 3) marginal return/generic industry-types facing increasing competition; and 4) those recovering from an incident.


Safety Motivators for Users
Let’s first discuss the users’ requirements side of the equation. In the U.S., we have basically four categories of clients that need their industrial OEMs to understand how to incorporate a higher level of safety than typically required in the past (See Figure 1).

These four types of users include:

  1. High-risk manufacturers that can have one catastrophic event
  2. Large clients that have a corporate image to uphold
  3. Marginal return/generic industry-types that are facing increasing competition
  4. Those recovering from an incident

Each type is motivated to produce its end product efficiently and safely, so it can turn a profit for it owners or shareholders.

High-Risk Acknowledged Manufacturers
These companies could have one incident that could cost billions of dollars. If prudent, they’ll use a team that’s competent in the functional safety techniques applied to their high-potential-hazard process. If you work with them, your package should reflect their cautious approach as well. For example, if you supply turbo-machinery, you might want to provide safety and standard control packages that are scalable to customer preferences. In several instances, users have stated that their OEMs only have one solution available and they’re inflexible concerning functional safety issues that vary from site to site.

One incident in the process industries such as refining, chemical, and oil and gas production can have dire consequences. Multiple casualties, onsite and offsite in neighboring communities, could be caused by a runaway reactor or vessel rupture. By the time you add the fines, lawsuits, lost production, and capital costs, you could be talking about billions of dollars coming directly off the bottom line.

This sector has taken a big, universal step forward with a “harmonized standard” called ISA 84.00.01 (ISA 84, ref 2). This performance standard allows each user company to quantify its risk individually, and match it with an appropriate level of functional safety. Besides reviewing system integrity and using assessed devices (normally certified to the IEC 61508 standard), these companies also include “Functional Safety Management” (basically, a quality process) to minimize systematic issues that could creep into their safety lifecycle processes.

Likewise, semiconductor manufacturing is another high-risk sector. Richard Carter, formerly with Applied Materials, an OEM to the semiconductor industry, recalls a report of a fatality in Japan involving a running turbo pump coming off a machine tool, and hitting a technician. There also is the potential for injury from more than 100 machines operating in a typical wafer fabrication area, or “fab,” as well as possible releases of toxic gases such as phosgene, arsenic, and saline.

In addition, the semiconductor sector is a virtual third-party community of nothing other than SEMI S2 (Environmental, Health and Safety Guideline for Semiconductor Manufacturing Equipment) reports. Though the latest S2 modification does reference ANSI standards such as R15.06 (robot safety requirements) and ISA 84, this tightly knit industry doesn’t follow them or their development actively, although they do plan to use IEC 61508-compliant devices in their safety control solutions.

The nuclear industry is a third high-risk sector. One incident can’t be tolerated here. As a result of current high gasoline prices, the nuclear industry is getting a second look after about 30 years of construction dormancy. However, one event like Chernobyl, Three-Mile Island, or even the less-known Sellafield or Mayak incidents in 1957, would put the industry back on its heels, perhaps for more than another 30 years.

In the U.S, this industry has been very slow to change its safety technology, and still has a large base of analog, pneumatic, and hardwired relay controls. But with the advent of smart instrumentation and digital controls, IEC 61508-certified safety PLCs and components are making headway.

Large Corporate Clients
This category includes companies with high-volume manufacturing, distribution centers, pulp and paper manufacturing, and non-nuclear power plants. Other types in this category are low-risk continuous processing, discrete manufacturing, or a mixture of both. These clients will make the news based on their public name and frequency of their accidents, not due to the hazard magnitude itself.

In many cases, these companies have corporate and site staff personnel with backgrounds in occupational safety and machine controls. Interestingly, despite their personnel, many of these companies are exposed because no one really understands functional safety. If you can show them where they’re deficient, your value-added safety acumen could give them the accident aversion they’re looking for, and your reward will be to ascend to preferred-supplier status.

To support this type of relationship, I recently assessed a global food manufacturer that had just installed a new packaging line with several palletizing robots and an automatically guided vehicle (AGV) in a high-traffic zone. The report I submitted contained 27 recommendations that the company initially rejected as “too nitpicky.” Signage, lights, hard guards, and AGV program fine-tuning proposals were included in the list.

An injury, perhaps preventable by some of those nits picks, occurred within two months of the report. The solution partner contracted to correct the deficiencies feels he’ll now have many support opportunities from this company worldwide.

Small, Marginal-Return, or Ignorant
There are many small U.S. manufacturers that have relatively small operations, profits, or could fit in one the previous two categories, except they don’t know they’re at risk. This latter category includes the highly dangerous “Ignorant” group.

With a severely overstressed U.S. Occupational Health and Safety Administration (OSHA) unable to monitor all companies, this group has accidents waiting to happen. When they do, these smaller firms will pay dearly or, in some cases, enter bankruptcy.

For example, the manufacturing area in San Antonio, Tex., has a significant “low-cost” attitude when it comes to safety. The city has a smorgasbord of industries, including tortilla factories, aeronautics, contract pharmaceuticals, thermoforming, metal forming, cement, textiles, meat processing, robotics, and stage animation.

One major PLC supplier, who worked in the area, says none of these manufacturers would give him the time of day to discuss an integrated safety and control solution. He abandoned the program and went back to low-cost, competitive PLC sales.

In another example, one Texas-based robotics OEM has a client in Mexico that demands conventional controls at the “right price.” The controls designer feels exposed by the solution provided from both a serviceability and safety perspective. So far, one “bogus” service call to correct client wiring already has cost the OEM the price of doing a more advanced diagnostic and safe upgrade.

If you’re dealing with one of these companies, your safety expertise will help you determine whether the potential business aligns with your long-term business goals. In short, do you accept the business risk or do you walk away?

Injury or Fatality Incident Recovery
This is the wake-up call for a manufacturer. In hindsight, they realize the full costs of the incident at minimum exceed three times the cost of a safety program. For two simple calculators that demonstrate the net effect, go to and get “Safety Pays” or ask Industrial Safety Integration for its “Ounce of Prevention.” The latter program helps you break out production personnel, incident management/media relations, potential criminal charges, and about 20 “other incidental” costs to give you the complete picture.

If an injury or death doesn’t bankrupt a company, it’s likely to be quite receptive to Category 4 control reliability. Category 4 is the European designation for the highest level of functional machine safety. These firms often can’t get it in fast enough, and they’ll be in high-speed functional safety development mode, and will expect the same from their OEMs. If you don’t have the background, they’ll find someone else that confidently supports a progressive safety approach.

Benefits to OEMs and Customers
Developing or reinforcing your functional safety savvy and philosophy is money and time well spent. For a little more persuasion, read “Proactive Machine Safety Assessment Pays Off,” CONTROL DESIGN, May ’05, p. 45. It lists six benefits of safety excellence:

  1. Closer pre-sales relationship developed with the potential user. If you can discuss risk strategies together, this can only strengthen your relationship
  2. Proper front-end selection of protection devices. Following a performance standard supports a verified solution. This way, you don’t worry about over-designing.
  3. Decrease in "specification errors" and resulting accidents. More than 50% of errors typically are embedded in a non-safety-assessed system design. New safety requirement specification (SRS) practices will be a major benefit.
  4. Besides direct personnel safety and equipment protection, the consequences/impacts of manufacturing losses and corporate image damage can be quantified and included for a clearer justification. Help your clients look at the whole picture.
  5. Production will benefit by uncovering embedded reliability issues. Since production downtime is considerable in many industry applications, verification prior to installation will ensure the expected reliability.
  6. Uniform method should lower compliance costs for machine usability abroad. If you can design to the current European standards, you generally should be okay there as well.

If you can quantify a few of these, you’ll find the justification for the added safety measures. Finally, there’s a documented case of an industrial OEM that shipped a hardened, European CE design overseas, but built and sold a stripped-down version in the U.S. Following an injury at a U.S. location, the OEM eventually settled out of court for $21 million. So, the really savvy functional safety message is “Get it. Then stand behind it!”

In Europe, It’s the Law

IN EUROPE, there is a progressive requirement that each OEM must develop a technical file to support its equipment to get CE marking, which is the manufacturer's declaration that its product complies with the essential requirements of the relevant European legislation. As a consequence, these OEMs feel it’s their clear responsibility to stay ahead of the safety curve, and are at minimum, as well-versed as their users.

The European Union also is embracing the new IEC 62061 “Safety of Machinery” standard that was approved in January 2005 for high-complexity control applications. The U.K. Health and Safety Executive feels, using statistical diagnostic data, it’s a more risk-based approach than its predecessor, EN 954-1, which was prescriptive and didn’t cover functional safety management or software issues. The key is knowing which standard to apply and when to apply it. If you have, for example, a relay-based, low-risk application, EN 954-1 will suffice. But if the hazard is severe and you want to use a safety PLC, then 62061 should be your choice.

  About the Author
Curt Miller, PE, CFSECurt Miller, a partner at safety consultant Exida since 2004, has more than 15 years of professional experience working with safety systems at several corporations in the U.S. Gulf Coast area. His book “A Manager’s Guide to ISA 84 Compliance” will be published this summer.