Machine Safety Incorporates Relays, PLCs, Risk Assessment and Standards

Don’t Get Burned: Machine Safety Is No Trip to the Beach. Apply Risk Assessment to Protect Employees and Reduce Exposure to Accident Liability

By Jim Montague, Executive Editor

What’s in your bottle? The SPF of your sunscreen lotion might protect your hide, but achieving appropriate safety integrity levels (SILs) will protect your operators and machines. This is especially true if you precede SILs with a hazard identification and risk assessment (RA) and follow them with performance requirements, consistent implementation, thorough training and continuous revaluation.

If you don’t apply protection, however, you could wake up at the metaphorical beach with a lobster-red sunburn. Likewise, most machine safety programs are inspired by a painful wake-up call. These events can be deadly serious destructions of life, limb and equipment, or only slightly less serious near misses that could turn tragic next time if changes aren’t made.

Enough Was Enough

After several years of poor safety performance, Goodyear Tire & Rubber’s plant in Gadsden, Ala., had two major injuries, which occurred when employees were caught in the facility’s let-off shear machinery in 2006. In one event, a machine had been left in automatic mode, and it seized and injured an operator’s hands when he patted down the roll of rubber on it.

The U.S. Occupational Safety and Health Administration gave the company a 7.87 rating in 2005 and a 4.46 rating in 2006.

“We had a huge need for improved safety,” says Charles Skaggs, Goodyear’s health and safety manager. “We had 300 new staff this year, and for the past four or five years, we’ve had to tell them that Gadsden was at or near the bottom of all Goodyear plants in terms of safety. After 2006, our corporate management said it wasn’t going to put up with these incidents any more and asked us to study ways for our machines to achieve first-class safety ratings.”

Goodyear’s subsequent study included input from the Rubber Manufacturers Assn., which reported that the most dangerous place in the Gadsden facility—and in most tire-making applications—is the wind-up and let-off areas in their fabric bias cutter and sheet calendar machines. RMA recommended that Goodyear focus on improving the wind-up and let-off safety at all its global facilities. Consequently, Goodyear’s management ordered mandatory safety release (MSR) capabilities, so its machines could attain a Level 1 safety rating, and budgeted $3 million for the project.

To help improve the safety of its machines, many of which were very old, Goodyear used a  Rockwell Automation modular kit-based solution that could be implemented and reproduced among multiple machines. Goodyear began installing the presence-sensing equipment and light-activated barriers from August to December 2007. These devices prevent the wind-up and let-off machines from running if an operator puts his or her hand in it. The kit also includes new e-stop equipment, replacing the former safety cables and belly bars, as well as new safety interlocks and fencing.

“Because the kits are modular, we could implement them in 67 wind-up/let-off applications in 20 weeks,” says Skaggs. “The kits were so successful that Goodyear plans to spread them across all of our plants.” Besides completing its MSR project on time, Skaggs reports that Gadsden improved its safety performance and record by 61% in the approximately 12 months that it’s been in place. The plant had 34 fewer OSHA-reportable incidents during the same period, and its safety project also reduced downtime by 34%. The $885,000 worth of safety equipment that Goodyear has installed so far paid for itself in just four months. More specifically, Gadsden’s OSHA-reportable incidents dropped from 148 in 2004 to just 29 in 2007 and 27 as of October 2008.

Skaggs believes the main requirements for a successful safety improvement project include 100% commitment from management, sufficient training and awareness, thorough understanding of the production system and coming to realize that safety is not a technology problem, but is about educating people and overcoming traditional resistance to change.

To further encourage and ensure safety, last year Goodyear started a rapid improvement activity (RIA) program, in which company participants spend one day in a safety class and then go through their facilities and applications, seek out safety-related items that need to be improved and try to complete 80% of those fixes in three days. So far, Skaggs says Goodyear’s employees have found 262 items and have improved 219 of them.

“After doing so badly in 2003-04, Gadsden’s plant management and Goodyear’s corporate management said we just had to do safety differently,” adds Skaggs. “Before that, we just didn’t have enough of a focus on it. So, we revised our whole safety structure and also began to drive more safety responsibility to our safety teams on the plant floors. We also work very closely with our union’s safety representatives, and we have a very good relationship with them because we both have the same goal of no one getting hurt. I think this kind of relationship is something you must have to improve safety and maintain it.”  

From Reactive to Proactive

The main lesson in Goodyear’s story is that machine builders and users increasingly look ahead to solve safety problems before they become incidents or accidents, rather than look back after they’ve happened.

“We’ve progressed from the idea that there’s a magic formula and that you’ll be safe if you just use it,” says Alan Metelsky, controls engineering manager at the Gleason Works, Rochester, N.Y., which builds machine tools for gear-processing manufacturers. “This was the idea several years ago—that if you follow the right U.S. or European standard and use the right doodads, then you’ll be safe. However, I say you won’t necessarily be safe. You can’t just blindly follow a cookbook and expect to do it perfectly enough to address all the different elements in each individual application.”

Table 1: Risk Assessment

So, identifying hazards is still very important, but Metelsky says they should be followed by task-based risk assessments that include what the operators and maintenance staff do during normal operations and during the whole life of the machine. “The tremendous advantage of a logical, well-thought-out RA is that it can provide tailored risk mitigation that fits each given hazard,” he adds. “If we need to change a machine’s design, having an RA helps us justify and back up those decisions. This lets us avoid being overly redundant, reduce risk appropriately, apply RA consistently and spend less on safety while still being safe.” 

To achieve these safety goals, Dave Collins, Schneider Electric’s senior machine safety product marketing manager, says users must understand that machine safety includes two primary areas: safety inputs from e-stops, light curtains and other devices, and then safety logic devices that respond to the inputs and decide when and how to safely shutdown a machine or process. “Early safety standards required machine builders to use electromechanical safety relays, but now they can use programmable devices such as safety PLCs,” says Collins. “The problem is that people often overcount the safety input points they need, so they may risk shutting down too much. Or they might not add enough safety inputs, so they might not be shutting down enough devices to be safe. Consequently, they must examine their machine more closely to determine what could hurt someone and then guard against it.”

Chris Soranno, Omron STI machine and process safety engineer, adds that machine safety is evolving from being historically reactive to being increasingly proactive. “Proactive safety looks at machines and processes before accidents happen, which is far less costly and makes it easier to identify causes,” he states. “In the past, proactive safety was viewed as something that slowed productivity. This isn’t true if you do proactive safety correctly. If you know how a machine or system should perform and you can compare this to how it’s performing in reality, then this directs you how to fix it, and you can reduce risk based on those performance requirements.”

During the current economic recession, he adds, some users and builders are finding they have some time to reinvest in safety solutions and training, so they’ll have the proper safeguard and safety circuits in place when the economy comes back. 

Users Demand, Mindsets Follow

Perhaps even more motivating than safety regulations and responsibilities is the fact that more manufacturing companies are demanding that their machine builders conduct RAs and comply with safety standards, often because the users themselves are doing these things. Procter & Gamble, Cincinnati, reports that it requires its machine suppliers to provide thorough RAs as part of completing P&G’s purchase orders for new equipment.

“Risk assessment is important to P&G because we too are legally obligated to provide a safe workplace, and getting RAs for our machines can help us form the basis for our safety procedures,” says Mark Lewandowski, machine controls technology leader in P&G’s Corporate Engineering Technologies division. “This is added to the fact that our people are our most important asset, and we have a moral obligation to them.”

Despite these and other good reasons for doing RAs, Lewandowski says there are several reasons why machine OEMs resist doing them, including a lack of awareness about the regulations, fear of liability, confusion on how to do RAs, worry that sharing data on residual risk will scare away customers and concerns that performing an RA will be too costly. However, he insists that doing RAs is far better than avoiding them.

“Besides the fact that U.S. standards require machine suppliers to do RAs, it’s useful for them to show this kind of due diligence in their design process and demonstrate that their machine is safe to use,” says Lewandowski. “If you’re sued, it’s much better to have done a good RA. And it helps us create better partnerships with our builders. We want to work with builders that show they value safety as much as we do.”

Consequently, Lewandowski adds that P&G expects its machine builders to:

  • Learn and understand how to use all the codes and standards that apply to their machines and related equipment.
  • Develop a consistent process and format for implementing safety on their machines, use it for all their equipment, and also settle on a way to document and share that information.
  • Use an RA procedure throughout their machine design process, so it’s easier to eliminate potential problems earlier.
  • Provide those RAs to all users of all their machines.

Lifecycles and RA Software

Sometimes, even with a longstanding safety program and a good safety culture, incidents happen. Time, laxity and statistics can catch up to the most vigilant operation at some point. So, the logical course is to be as ready as possible and lessen the impact when it happens. Today, this means performing traditional hazard identification and mitigation chores but then expanding that initial safety perspective to draft safety plans for how operators interact with their machines, how those machines perform in their overall production settings and how they operate over their lifetimes from design and installation to decommissioning and disassembly.

Doing RAs gets easier with practice, and several users report that using software templates can speed up the whole process. “We make sure to follow appropriate regulations and good engineering practices, and we have a technical file for each machine,” says Mel Bahr, founder of MGS Machine in Maple Grove, Minn., which makes cartoning, case packing and product handling machines (Figure 1). “To do an RA, we need to determine all the hazards on a planned machine. First, we try to design out the hazards. Second, we guard using typical safeguarding and interlocks. In addition to guarding, we also warn. We also use Packsafe RA software and our internal templates to guide us through the whole process, review hazards for each machine, and help make sure we haven’t forgotten anything.” Packsafe is offered by the Packaging Machinery Manufacturers Institute.


MGS Machine
Figure 1: MGS Machine uses PMMI’s PackSafe design software to perform risk assessments of its machines, such as its Stealth II horizontal continuous motion cartoner, and make sure they comply with ANSI and CGMP standards.
Source: MGS Machine

Similarly, just as relays gave way to safety PLCs, other programmable functions are seeking a role in machine safety. For example, Siemens Energy & Automation’s Extended Safety functions allow users of its drives to program safe speed and zones for their specific applications. These functions allow operators to power down drives and continue working on devices without completely turning them off, which can save costly downtime.

To coordinate many machine safety resources, educational materials and industry-specific methods, Rockwell recently launched an online safety portal at

The Best Defense

Besides ensuring safe operations, consistent RA and safety procedures can help machine builders reduce potential liability exposure, and boost their defense if and when they’re sued. “OSHA’s regulations are law, but they’re also limited and outdated,” says Omron STI’s Soranno. “So, most machine builders and users follow the American National Standards Institute standards. These are voluntary, but if you have an incident, then OSHA could say you should have been following ANSI and cite you if you were not.”

In fact, Gleason’s Metelsky argues that a good RA may be even better than showing compliance with a safety standard. “When an application requires you to deviate from a standard, you strengthen your legal position by backing your decision with a sound risk assessment and being consistent in your practices,” he says. “For example, under some circumstamces, the safety distance calculation for a light curtain might be modified to allow mounting closer to the hazard than the U.S. or European Normalization (EN) standards dictate. Approach conditions or the nature of the hazard are two factors that can be taken into account in an RA, and yet they are not considered in the accepted calculations. By documenting risk reduction with a solid RA and treating deviations with a consistent approach, you could achieve a more effective balance between operability and safety, while maintaining a defensible design. We think this is one of RA’s biggest advantages.”  

Table 1: Standards

Dave Felinski, safety director for the Association for Manufacturing Technology, adds, “Attorneys working for large user firms used to maintain the belief that documenting an RA was like handing the plaintiff a smoking gun. Many now see the light and have warmed to the notion that a well-documented RA can help them in court by showing what was considered, what was done and why it was done.”

Trick Bag Helps Harmonize Standards

Naturally, as safety technologies evolved from relays and other hardware to safety PLCs and software, the safety standards covering them have struggled to catch up and keep pace. “There are more than 21,000 ANSI standards for materials and machinery, so it’s important for builders and users to identify which ones apply to them,” says John Russell, PE, risk quality assessment—manufacturing at Liberty Mutual Insurance in Irving, Texas. “This is fairly easy to do by going to the standards’ support organization websites or by searching online for the name of the type of machine and ‘safety standards.’ ”  

As North American machine builders tried to break into European markets in recent years, they had to adapt their equipment to meet EN standards. Many found themselves in an unusual bind that forced them to essentially follow European standards at home, too. This happened because OSHA’s and ANSI’s rules are voluntary and civil litigation is public in North America, but EN and other safety rules are law in Europe and the legal system is more closed. As a result, some builders that added safety capabilities so they could sell to European users now might be asked why they added safety functions for Europe but not for North America, which could mean much added exposure and potential liability. This is why having a consistent RA for all customers or one worldwide standard is preferable.

“When the attorneys realized it would be a lot worse to ship a machine to Europe with safety functions that it didn’t have in North America, they came to understand that RAs could be very useful,” says C. Fred Hayes, PMMI’s standards and safety coordinator.

So, where the EN 954-1 standard used to include only safety categories, it soon will be merged into the new EN 13849-1 standard, which adds safety performance levels based on statistical analyses to better determine failure probabilities. Likewise, the new International Organization for Standardization 10218 robotics standard might be adopted soon by the ANSI/Robotic Industries Assn. R1506 standard, which reportedly would make it the first truly global machine safety standard.

“The big idea of globalizing standards is that if your machine can meet them, then you can sell your machine anywhere,” says Craig Nelson, Siemens E&A’s Sinamics drives product manager. “Most importantly, one worldwide standard means builders will no longer have to readapt their machines to meet regional or local requirements because they’ll have already satisfied them.”