Machine safety webcast: Your questions answered

Webcast presenter Jacob Kimball from Schneider Electric highlighted machine safety issues such as worker habits, motor control cabinet best practices, OSHA standards, and more.

By Jacob Kimball March 13, 2019

During the recent Plant Engineering webcast, “5 ways to achieve machine safety without sacrificing performance,” Jacob Kimball, product manager for machine automation at Schneider Electric discussed how in an age of more automated machinery, the roles of operators and maintenance personnel also are changing. The webcast, now available on-demand, reviews these issues and discusses how to improve safety performance while maintaining or improving productivity.

Attendees at the live webcast event had more questions following the presentation, and Kimball has responded to those questions below:

Q: If the operator does general maintenance, do you see improvement with safety and habits of the worker?

Kimball: Maintenance is an essential part of functional machine safety in several ways. In general practice, good maintenance of machines improves safety profoundly by reducing unexpected events, keeping an orderly workplace, reducing worker stress, and allowing greater focus on the designed tasks of the equipment. There are also direct benefits. For example, the safety related parts of the control system have rated operational specifications including exposure to environment, electrical and mechanical load, number of operations and MTTF (mean time to dangerous failure). These factors must be considered with a maintenance program.

While on this subject, it is good to be reminded that during the risk assessment phase of implementing functional safety solutions, it is critical to involve a cross-functional team to consider task-based risks for the entire life cycle of the machinery and for every known task including foreseeable misuse. Maintenance, cleaning, supply management, operation, supervisory, replacement, installation, removal, and other activities should be included in the risk assessment.

Q: What are current best practices for motor control cabinets/rooms? (We are currently in conceptual design of a greenfield plant expansion.)

Kimball: Most of the applicable safety standards associated with motor control cabinets and rooms are related to building safety, fire safety, and electrical safely. There may or may not be functional machine safety related designs to consider, but the principles of risk assessment still apply.

Consider the designed use of the equipment, who will operate, clean, maintain, or otherwise be exposed to potential risks. Consider how the hazards can be designed out or guarded against and clearly indicated. If there are machine related risks then it would be good to consider well established practices from ANSI B15, RIA, OSHA 29 CFR 1910, NFPA 79, ISO 13849 and others as appropriate to the machinery types and hazards.

Q: Does OSHA specify in its regulations that risk assessment is mandatory?

Kimball: Yes. See OSHA 1910.132(d)(2) for example. It states that hazard assessments are required and must be documented. This is in the general section and therefore applicable for all types of workplace hazards. In most cases OSHA does not specify exactly which type of risk assessment methodology must be used. There are parts of OSHA 1910 that address specific applications and industries. There are too many to mention here. Check the osha.gov website for applicable standards.

Q: What’s the thumb rule to select between safety PLC, modular safety controller and safety relays?

Kimball: You will get different answers depending on specifics, but here are a few considerations. First, safety relays are the most commonly used based on the number of units sold to machine builders, panel builders, and plants. This is likely because application and selection of safety relays are straightforward, and the individual cost of safety relays is low compared to many of the programmable options.

If an application requires logic in the safety related parts of the control system, it would be good to consider programmable safety controllers and safety PLCs. Safety logic can include the ability to handle safety operations in different ways depending on the phase of operation or the specific location of the access or hazard. In other words, if the sequence of operation for the safety related control system includes “either – or, If – then, unless, AND, OR, NAND, NOR” type of logic then programmable safety controllers and safety PLCs will be a good solution.

Even without the need for logic, the option for safety controllers may be preferable due to cost. If the application requires more than two to four relays it could be that a single module of a safety controller will be smaller and less expensive. The difference in selection criteria between safety controller and safety PLC is much debated, but the considerations are related to the complexity and size of the application as well as the level of logic integration between the non-safety operations of the PLC and the safety related parts of the control system. Other people will consider the potential or perceived benefits of having separate systems handle the safety and normal operations.

Q: Is there any guideline to determine what category of stop is required for a particular application?

Kimball: Yes. But, first let’s avoid a common area of confusion about the word “category.” The word category is used to define different architecture designs for functional machine safety in the ISO 13849-1 standards. This relates to the design structure of the safety control system involving considerations for redundancy and the detection of system faults to align to the required performance level resulting from the risk assessment. That’s a different subject than stop category.

The stop categories considered are normally defined as stop categories 0, 1 & 2. Stop category 0 is the immediate removal of power. Stop category 1 is a controlled stop with power still available during the stopping period then followed by removal of power. Stop category 2 is a controlled stop with power remaining present even after the stop is complete.

Knowing stop category definitions and where to find details will help with the decision, but a risk assessment will be required first. ISO 13849-1, ISO 12100, NFPA 79, IEC 60204, CSA C22.2 and other standards may be helpful with this. Consider the characteristics of the machine and the results that the stop category will have on safety. It is tempting for the sake of operational efficiency to prefer stop categories 1 or 2, but the primary consideration must be safety.

In the risk assessment it is good to consider questions such as: Will complete removal of power bring the hazard to a stop? Will it be better to control the hazard with power still present? Is there inertia to dissipate? Does position play a part in reducing the hazard? Keep in mind that there are some guidelines such as ISO 13850, IEC 60204-1 and NFPA 79 that do not permit stop category 2 for emergency stopping.

Additionally, there are special considerations in some industries. An example of this is the SEMI S2 standards applied in the semiconductor industry. These standards directly define the stop functions while not nullifying other standards that apply.

Q: Regarding the augmented reality technology for safety applications – is this currently utilized in daily operations and processes and not just the occasional hazardous access to a panel, station, etc.?

Kimball: Augmented operator interface technology is not typically part of the functional safety system. The components and technology are not evaluated according to standards typical of safety related parts of a control system. Therefore, these emerging technologies are primarily helpful in helping operators, maintenance staff, engineers, and supervisors to have an improved view of the operation of the machine and access to helpful information. This can be used to improve safety.

A phrase sometimes used for this way of improving safety is “complementary measures.” These can be documented in association with the risk assessment and other safety related documents and procedures. This has similar benefits as personnel training and safety procedures. Improvements to safety can be defined and understood, but this is not related to technical design criteria such as diagnostic coverage, MTTF, SIL, PL, architecture categories, and similar.

Q: Are risk assessment and validation carried out in-house, or do they have to be executed by third-parties in order to eliminate bias?

Kimball: In many applications, there are no specific requirements or enforcement for risk assessment to be done by third party agencies, but there are some applications where third-party assessment or certification is required. There are various factors to consider. For example, for CE marking, the Machinery Directive highlights in Annex IV specific types of machines and applications that are known to present hazards that are particularly severe.

These applications may require testing and approval by notified bodies for independent assessment of suitability for certification. Also, products that are designed to be safety related parts of the control systems must be certified by nationally recognized or otherwise certified testing labs for suitability of use. OSHA and NEC have some specific requirements for meeting specifications and minimum requirements which must be verified by testing labs.

Many times, the assessment of a factory, process, or specific machine in use will not have a requirement for third-party validation. However, the owner or user of such equipment may opt for third-party involvement due to expertise in the field. Even when third parties are involved it’s important to involve the designers, maintenance teams, users, and others that will encounter the machinery on the cross-functional team. A third-party team may not be aware of some of the local practices, environmental conditions, and other variables that will contribute to the risk assessment. For best results it’s good to stay involved and contribute to the assessment process.


Author Bio: Jacob Kimball, product manager for machine automation, Schneider Electric