Risk Assessment

The Plot
• Understanding the League of Justice
(aka OSHA, ANSI, NFPA)
• Introduction to our hero Risk Assessment
• ANSI vs. ISO
• Project Definition unmasked
• Risk Assessment – his powers revealed
(a.k.a the impenetrable risk assessment form)
• Your Powers and how to apply them

Question: In the title slide
what is the Risk Assessment
to save us from?
SUPER TRIVIA
Answer: The Evil Hazard

O HA
• OSHA: Occupational Safety and Health Administration
– OSHA was created in 1971 under the Occupational Safety and Health
Act, which President Nixon signed into effect in December 1970.
– It falls under the Department of Labor of the National Government
– It’s mission is to help employers and employees reduce on the job
injuries, illnesses and deaths.
• Who is required to comply?
– The OSH Act covers private sector employers/employees in the 50 states. That means us.
– The OSH Act covers employers and employees either directly through Federal OSHA or
through an OSHA-approved state program.
• Ohio does not have a state approved program hence Ohio falls under the Federal OSH
Act
• What am I complying with?
– Part 1910 otherwise known as the Occupational Safety and Heath Standard
• There are actually 52 total standards covering everything from Implementing the
Privacy Act to Health and Safety Regulations for Longshoring.

Six Safety Powers of
O HA
• Administrative Safety (strength)
– program development, emergency planning, safety audits…
• Facility Safety (x-ray eyes)
– confined spaces, Electrical Safety, ergonomics, fire safety…
• Exposure Control (bullet proof)
– asbestos safety, bloodborne pathogens, hazardous
materials…..
• Personal Protection (laser beam eyes)
– back safety, first aid, PPE, eye safety……
• Tools and Equipment (can fly)
– compressed gas, Machine Guarding, rigging, welding…
• Behavior and Attitude (Protects the Innocent)
– conflict resolution, drug and alcohol, fitness and wellness…

O HA superpower
•General Duty Clause (Section
5(a)(1))
– “requires that each employer
“furnish … a place of employment
which [is] free from recognized
hazards that are causing or are
likely to cause death or serious
physical harm to their employees. ”
(Reverse time)

NFPA a.k.a The Torch
• NFPA: National Fire Protection Association
– NFPA has been a worldwide leader in providing fire, electrical,
building, and life safety to the public since 1896
– Responsible for over 300 codes and standards that are designed
to minimize the risk and effects of fire.
– Most notable standards for Swagelok are
• NFPA 70 (N.E.C)
• NFPA 70E (Arch Flash)
• NFPA 79 (Electrical Standard for Industrial Machines)

Question: The Torch was a
member of what superhero
group?
SUPER TRIVIA
Answer: The Fantastic Four

ANSI a.k.a Professor X
• ANSI: The American National Standards Institute
– ANSI, itself, does not develop standards;
• it facilitates the development of standards by establishing
consensus among qualified groups written entirely by
volunteers.
• OSHA has adopted many ANSI and NFPA standards by
reference over the years
– ANSI and NFPA both deal with employee safety but in different
areas.
• NFPA is mainly electrical in nature
• ANSI is mainly safeguarding in nature
• What about standards that are not referenced?.....i.e do we
have to respect the Green Lantern even though he doesn’t
live in the Westchester Mansion?

O HA accepts the Green Lantern
• The NFPA 70E is NOT referenced within OSHA, so is it
enforceable?
• Swagelok enforces it as it is referenced in SI-12-056 – PPE
for HRC-0, 1
• SP-12-026 (Swagelok Electrical Policy) references SI-12-056
and states “For Swagelok associates, failure to adhere to
this electrical policy can result in disciplinary action, including
termination.”
• Section 29 CFR 1910.2(g) states a “National consensus
standard” means any standard or modification thereof
which has been adopted and promulgated by a nationally
recognized standards-producing organization [NFPA /
ANSI / ISO] under procedures whereby it can be
determined that persons interested and affected by the
scope or provisions of the standard have reached
substantial agreement on its adoption”.

So who wins DC or Marvel
I mean ANSI or NFPA
• There are important differences between OSHA and
ANSI / NFPA. It mainly has to do with technical scope.
– OSHA laws typically set out only a general framework,
procedure and/or set of standards to guard against a hazard.
– An ANSI / NFPA standard is consistent with the law but goes
into much greater depth. It provides the technical, nuts-and-
bolt details that the statutes leave out.
– ANSI / NFPA Standards also typically go much further than
the laws in protecting workers.
– You can think of OSHA as the statute or law and ANSI / NFPA
as the regulations or rules to follow that law.
• LOTO example

Question: What other NFPA
standard (already mentioned)
is not referenced by OSHA
Hint: It’s a prime number
SUPER TRIVIA
Answer: NFPA 79

Are all Villians (hazards)
created equal?
• Hazard Safety
– There are levels of Hazards
• Would you want the same safeguards to protect you from
Grumpy Bear as you would Galactus the ultimate Villain?
• Different machines inherently have different levels of
hazards to an employee and need to be guarded properly
to that level of hazard
• The levels are determined by the Risk Assessment

• The process by which the intended use of the
machine, the tasks, the hazards and the level of risk
are determined.
– ALL safety standards whether European or American require
a risk assessment
• Without determining what a hazard is, how do you know
how to protect against it and to what level of protection do
you need?
What is this Risk
Assessment?

O HA likes destroying hazards
• 29 CRF 1910.132(d)(1)
– The employer shall assess the workplace to determine if hazards are
present, or are likely to be present, which necessitate the use of
personal protective equipment (PPE).
• 29 CRF 1910.132(d)(2)
– The employer shall verify that the required workplace hazard
assessment has been performed through a written certification
that identifies the workplace evaluated; the person certifying that the
evaluation has been performed; the date(s) of the hazard assessment;
and, which identifies the document as a certification of hazard
assessment.
• So what does this all mean?

Question: What would happen
to Bruce Banner when he
became angry?
SUPER TRIVIA
Answer: He would become the HULK

Does our hero Risk Assessment
have a twin?
• There are many different risk rating systems and NO
universally accepted solution.
– ANSI B11.TR3 / R15.06:1999 - US
– ISO12100 / IEC 61508parts 1-7 - European
• Some of the European and American standards
are being harmonized
• R15.06:2012 Robot Safety Standard (US) and
ISO10218:2010 (International Standard for Robot
Safety)
• ISO is most widely recognized risk
assessment procedure

Question: Wonder Woman was
played by who in the tv series
SUPER TRIVIA
Answer: Lynda
Carter

Question: Who can lift the
hammer of Thor
DOUBLE SUPER
TRIVIA
Answer: Thor
Bonus: What is the
hammer made of
Answer:
Alpha
Particles

Put on your underroos
• Machine suppliers and End Users have the
responsibility for defining and achieving acceptable
risk over the lifecycle of the machine
– Machine supplier is responsible for the design, construction
operation and initial maintenance procedures of the machine
– End User is responsible for the operation and ongoing
maintenance of the machine through decommissioning
• Lifecycle progression from concept through
decommissioning
1
Design
Concept
2
Preliminary
Design
3
Detailed
Design
4
Build or
Purchase
5
Commission
(Install / Debug)
6
Production
Maintenance
7
Decommission
Machine and Equipment Lifecycle Stages

Step 1 – Even Superhero's have limits
• Determine the limits of the machine
– Use limits determined by the INTENDED use of the machine,
production rates, cycle times, speeds, people involved….
• Space limits
– Range of movement, space requirements for installation,
maintenance and operator interface
• Time limits
– Maintenance and wear of tools, mechanical and electrical
components
• Environmental limits
– Temperature, humidity, noise, location
• Interface limits
– Other machines or auxiliary equipment

Step 2 – The task at hand
• All tasks of the machine should be identified
• Remember to consider the entire lifecycle of the machine
– System install
– Start up / commissioning
– Setup
– Operation
– Tool Change
– Planned maintenance
• Unplanned maintenance
– Recovery from control failures, jams
– Decommissioning

Question: What was Batman’s
secret identity
SUPER TRIVIA
Answer: Bruce
Wayne

Step 3 – Identify the Risk
Risk
Related to the
considered hazard
Is a function of
with
Severity
That results from
the hazard
Frequency
of occurrence
Probability
of avoidance
and

Step 4 – Reduce that Risk
• If the level of risk is not acceptable, risk reduction
measures shall be implemented to reduce that
risk
• Risks shall be reduced using the hazard control
hierarchy
– We’ll get to this in a bit
• Risks can be reduced by
– Reducing the potential severity of harm presented by the
hazard
– Improving the possibility of avoiding the harm
– Reducing the need for access to the hazard zone

Hazardous Control Hierarchy
Most
Preferred
Least
Preferred
Protective
Measure
Example Influence on Risk Classification
Elimination
Or
Substitution
• Robots and
conveyors
• Redesign the
process
• Impact on overall risk (elimination)
• May affect severity of harm
Design Out
Guards and
Safeguards
• Barriers
• Interlocks
• Presence sensing
devices
• Two hand
controls
• Greatest impact on the probability
of harm (occurrence of hazardous
events under certain
circumstances)
• Minimal if any impact on severity of
harm
Engineering
Controls
Awareness Devices
• Lights and beacons
• Computer warnings
• Signs and labels
• Potential impact on probability of
harm (avoidance)
• No impact on severity of harm
Administrative
Controls
Training and
procedures
• Safe work
procedures
• Lockout / Tagout
(LOTO)
harm (avoidance and/or exposure)
Personal Protection
Equipment
(PPE)
• Safety glasses
• Ear plugs
• Gloves
• Protective footwear
harm (avoidance)

Question: How did Spiderman
get his powers
SUPER TRIVIA
Answer: He was bit by a
radioactive spider

Step 5 – Assess Residual Risk
• When risk reduction measures have been
selected, the residual risk shall be assessed.
• This process follows the same procedures as the
initial risk
• The incentive to defeat or circumvent risk
reduction measures shall be considered when
validating risk reduction measures
– Prevents the task from being performed
– It slows down production
– The hazard is not recognized by associates as a
hazard
– The risk reduction measure in not accepted as
suitable, necessary or appropriate for its function.

Step 6 – Achieve Acceptable Risk
• Once the residual risk has been established for
each hazard, a decision shall be made to accept
the residual risk or further reduce it.
• High Residual Risk – only acceptable when all
reasonable alternatives/options have been
reviewed and formally deemed impracticable or
infeasible
• Medium Residual Risk – Undesirable but
permissible only when all reasonable alternatives
have been formally deemed infeasible
• Low Residual Risk – Usually acceptable
• Negligible Residual Risk - Acceptable

Step 7 – Validate solution
• After the risk reduction measures have been
implemented, their effectiveness shall be validated
– Testing and verifying operation of safety devices
– Review of training
– Presence of warning labels preferably scratch n’ sniff
– Presence of lockout procedures and safe job procedures
– Functioning of complimentary equipment
• I shouldn’t even have to say this but, the testing of
the safeguarding measures shall not expose an
individual to potential harm should the safeguard
not provide the protection expected.
– There I said it

Step 8 – Time to document
• The outcome of a risk assessment
shall be documented
• The documentation shall demonstrate
– The procedures that were followed
– The hazard identified
– The risk reduction methods employed to
reduce the risk to an acceptable level

Question: How many
superhero’s secret identity has
a first name of Bruce
SUPER TRIVIA
Answer: 2
Bruce Wayne and Bruce Banner

Flowcharts are like kryptonite to
Superman
Set Limits of the assessment (1)

Superman
Identify Tasks and Hazards (2)

Superman
Assess Initial Risk (3)
Risk Scoring
System

Superman
Risk Scoring
System
Reduce Risk (4)
Hazard Control
Hierarchy

Superman
Risk Scoring
System
Reduce Risk (4)
Hazard Control
Hierarchy
Assess Residual Risk (5)
Risk Scoring
System

Superman
Risk Scoring
System
Reduce Risk (4)
Hazard Control
Hierarchy
Risk Scoring
System
Residual
Risk
Accepted? (6)

Superman
Risk Scoring
System
Reduce Risk (4)
Hazard Control
Hierarchy
Risk Scoring
System
Validate Solution (7)
Residual
Risk
Accepted? (6)
YES
NO

Superman
Risk Scoring
System
Reduce Risk (4)
Hazard Control
Hierarchy
Risk Scoring
System
Validate Solution (7)
Results Documented (8)
Residual
Risk
Accepted? (6)
YES
NO

Question: What is Green
Lanterns weakness?
SUPER TRIVIA
Answer: The color Yellow

B11.0.TR3 Risk Assessment Matrix
Severity of Harm
Probability of
Occurrence
Catastrophic Serious Moderate Minor
Very Likely High High High Medium
Likely High High Medium Low
Unlikely Medium Medium Low Negligible
Remote Low Low Negligible Negligible
• In this model the risk terms are correlated to
the level of risk reduction required.
– Risk - The combination of the probability of occurrence of harm and
the severity of that harm

Probability of Occurrence
• It is estimated by taking into account the
frequency, duration, extend of exposure,
training and awareness.
• Very Likely – near certain to occur
• Likely – may occur
• Unlikely – not likely to occur
• Remote – so unlikely as to be near zero
• Remember when estimating the probability
the highest credible level of probability is to
be selected

Severity of Harm
• Catastrophic – death or permanently
disabling injury
– unable to return to work
• Serious – severe debilitating injury or
illness
– able to return to work at some point
• Moderate – significant injury or illness
– requires more than first aid
• Minor – no injury or slight injury requiring
no more than first aid.

Risk Reduction Architecture
• High
– Dual channel with continuous monitoring
• Medium
– Redundancy with self checking upon startup
• Low
– Redundancy that may be manually checked
• Negligible
– Physical barriers, electrical devices using a single
channel non-safety rated components

Question: Who played
Superman in the 1980’s movies
SUPER TRIVIA
Answer: Christopher Reeves

R15.06 (1999) Risk Assessment Matrix
• The new standard (not yet released) has been harmonized with
ISO10218 which has standardized on the ISO 12100 Risk Assessment
methodology and utilizing PL values based on the ISO 13849-1
standard
Severity of Injury Exposure Avoidance Risk Reduction
S2 Serious Injury
E2 Frequent A2 Not Likely R1
A1 Likely R2A
E1 Infrequent A2 Not Likely R2B
A1 Likely R2B
S1 Slight Injury
E2 Frequent A2 Not Likely R2C
A1 Likely R3A
E1 Infrequent A2 Not Likely R3B
A1 Likely R4

Severity / Frequency / Avoidance
• Severity
– S1 – Slight injury – Normally reversible or
requires only first aid as defined in OSHA
1904.12
– S2 – Serious Injury – Normally irreversible or
fatal or requires more than first aid as
defined in OSHA 1904.12

Severity /Frequency / Avoidance
• Exposure
– E1 – Infrequent – Less then once per
hour
– E2 – Frequent – More then once per
hour
• Avoidance
– A1 – Likely – Can move out of the way,
or sufficient warning /reaction time or
robot speed is less then 250mm/sec
– A2 – Not Likely – Cannot move out of
the way, or inadequate reaction time or
robot speed greater then 25mm/sec

R15.06 Safety Category
Category Safeguard Performance Circuit Performance
R1 Hazard elimination or hazard
substitution
Control reliable
R2A Engineering controls preventing access
to the hazard or stopping the hazard i.g.
interlocked barrier guards, light curtains
Control reliable
R2B Single Channel with
monitoring
R2C Single Channel
R3A Non-interlocked barriers, clearance
procedures and equipment
Single channel
R3B Simple
R4 Awareness means Simple

Control Reliable R1/R2
• Control Reliable: Safety circuitry shall be
designed, constructed and applied such
that a single fault shall not lead to the loss
of the safety function.
– R1 is dual channel circuitry with continuous
monitoring of the safety function and will detect
a fault and stop machine function in a safe
manner
– R2A is dual channel circuitry that will check the
safety function at machine start-up and
periodically during operation. If a fault is
detected a stop signal will be generated

Question: Batman protected
what city?
SUPER TRIVIA
Answer: Gotham

ISO 13849 Risk Assessment Matrix
Categories
B 1 2 3 4
F1
S2
S1
F2
P1
P2
P1
P2
Possible Category
Preferred Category
Over-dimensioned for risk

Severity / Frequency / Avoidance
• Severity
– S1 – Slight injury – Normally reversible
– S2 – Serious Injury – Normally irreversible
or fata
• Frequency
– F1 – Infrequent – Less then once per hour
– F2 – Frequent – More then once per hour
• Avoidance
– P1 – Likely – Can move out of the way, or
sufficient warning
– P2 – Not Likely – Cannot move out of the
way, or inadequate reaction time

CATEGORY B
• Fault can lead to the loss of the safety
function
• Basic components can be used
• Proper engineering practices
– i.e wiring, placement of parts…..

CATEGORY 1
• The same requirements as those of
Category B apply plus the following
• Well tried components
• Design with past success (industry
standard)
• Made and verified using principles
which demonstrate its suitability and
reliability for the safety-related
application

Question: What was the name
of Green Hornets car
SUPER
TRIVIA
Answer: Black Beauty

CATEGORY 2
• Safety functions are checked at
startup and suitable intervals

CATEGORY 3
• Safety functions are checked at
startup and suitable intervals
• Single fault does not lead to the loss
of the safety function
• Dual channel

CATEGORY 4
• Automatic safety function detection
• Single fault does not lead to the loss
of the safety function
• Dual channel
• Diagnostic Coverage is High

The Mega Graph
Risk Reduction System Architecture
ANSI B11.TR6
(ISO 13849-1:1999)
ANSI B11.0 RIA R15.06
CSA Z434
ISO 13849-1
(1999)
IEC 61508
SIL
ISO 13849-1
(2006) PL
Requirement B shall apply.
Single fault immediately
detected and accumulation
of undetected faults shall not
lead to loss of safety
function
High
Redundant with
continuous
monitoring
R1/R2A
(control reliable)
4 3 e
Single safety fault shall be
detected on subsequent
demand of system
Intermediate
Redundant with
self checking at
start-up
R2A/R2B
(control reliable)
SC w/monitoring
3 3 to 2 b, c or d
Single fault of safety parts
shall not lead to a loss of
safety function
Low
Redundant with
manual monitoring
R2B / R2C
SC w/manual
monitoring
2 2 to 1 a, b, c or d
Well tried and true
components and safety
principles shall be used
Lowest
Single Channel
R3A
Single channel 1 0 b or c
SRP/CS and or their
protective equipment as well
as their components
designed to withstand
expected influence
R3B / R4
simple B a or b

Question: Name of Superman’s
father
SUPER TRIVIA
Answer: Kal-El

Risk Assessment

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Risk Assessment

Similar to Risk Assessment (20)

Risk Assessment