Risk assessment considerations for integrated control and safety systems

The benefits of combined safety and control, including less infrastructure and development time, don’t come entirely without risk. However, a proper system and software can bring integrated control and safety (ICS) into a single programming environment safely. As with any safety system, integrated or separate, a proper risk assessment is the first step. Because ICS systems make safety part of the design upfront, rather than as an afterthought, more consideration can be given to safety risks in the initial design. It starts with a risk assessment of the machines and production process. How to perform a risk assessment, where to start and what to do with the results are important factors.

Depending on the location, manufacturing and machinery must meet certain regulations, such as the European Union’s Machinery Directive, American National Standards Institute (ANSI) standards and National Fire Protection Association (NFPA) standards, says Christopher Woller, safety product manager at Beckhoff Automation.

Per the International Organization for Standardization (ISO) 12100 standard, “Risk assessment is a series of logical steps to enable, in a systematic way, the analysis and evaluation of the risks associated with machinery. Risk assessment is followed, whenever necessary, by risk reduction. Iteration of this process can be necessary to eliminate hazards as far as practicable and to adequately reduce risks by the implementation of protective measures.”

In this iterative process, it does not matter whether individual elements are considered safety or process, explains Woller. “As each risk is identified and mitigated, the safety function design and subsequent risk reduction are an exercise in statistical analysis to arrive at an acceptable level of residual risk,” he says.

The ISO 12100 standard is the defining regulation for performing a risk assessment, adds Noah Greene, product specialist for safety at Phoenix Contact. “In simplified terms, it consists of defining machine limits, identifying hazards that are present, eliminating risks and continuously reevaluating risks present until they are sufficiently reduced,” Greene says.

Many facilities can leverage a hazard and operability (HazOp) assessment, suggests Rudy de Anda, head of strategic alliances at Stratus. “This practice allows engineers to identify and address any safety risk before an incident occurs,” he says. “Based on the HazOp results, engineers will then identify and implement measures that reduce risks while minimizing the disruption to operations. Typically, teams begin with changes to the process design, then move to mechanical interlocks and finally update control techniques. However, if the risk remains high once teams reach the control technique stage, they may need to implement a safety instrumented system (SIS).”

A risk assessment should focus on the critical safety zones of a machine, says Mark Russell, tech application support manager at Allied Electronics & Automation. Before the system is even built, do a risk assessment on the areas where risk exists, such as pinch zones, cut places or a compact or a trash baler. “We figure out the places where humans would interact with a machine that could be dangerous,” Russell says. “Then we put those together, making sure that all the risks are contained, and then the safety protocol in the functional program runs. To marry control and safety together, you put the higher priority on the functions of the safety system, so that always executes at a faster run rate than the operational code, so you're continuously checking your safety cycle before you check your next operational step.”

The TÜV Rheinland Functional Safety Training Program was founded in 2004 and supports engineers and technicians in extending their knowledge in functional safety and the appropriate standards. a TÜV-certified functional safety engineer Mike Warren, who is also product manager for safety controllers and safety components at Omron, emphasizes risk assessment at the machine level:

· Consider the stakeholders, not just investors, also operators and environmental, health and safety managers, as well as owners, operators and maintenance personnel.

· Consider the application—what are the output goals, and how they might affect risk factors?

· Identify and follow any corporate mandates for safety levels.

· All those pieces contribute to a calculated baseline score, looking at each individual cell in the whole system.

· The system score advises recommendations for risk mitigation and establishes residual risks and a final safety score.

· What is not dictated by regulations requires a balance between system safety upgrades and residual risk, and customers operate where they are comfortable on the safety scale.

“The best risk assessment can do is to identify the residual risk,” says Warren. “And then it's a customer's prerogative whether to operate at a lower level of safety or they press on and invest in a complete safety package to achieve the highest possible level of safety; it's at the discretion of the customer.”