T06 machine safetyachievingandmaintainingregulatorycompliance-canada

Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.Rev 5058-CO900E
PUBLIC INFORMATION
T06 - Machine Safety: Achieving and
Maintaining Regulatory Compliance

Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.PUBLIC INFORMATION
Session Description
2
The trends for machine safety continue to grow as the world evolves and regulatory
compliance becomes more common. Rockwell Automation safety consultants have
been helping automation users like you help protect their workforce and operations
for many years. New global standards change how automation systems are
classified. Are you familiar with the new standards and do you know how to address
them? During this session, we will discuss the process that is used to identify and
migrate safety concerns.

Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.PUBLIC INFORMATION 3
Agenda
Safety Functional Requirements
Specification (SFRS)
Fundamental Assessment Process
What is Risk?
One Persons View of the
“Journey of Safety Standards”
Safety Life Cycle

Safety Standards of Yesterday
Withdrawn
EN 954
CATEGORY
FAULT
TOLERANCE
DIAGNOSTICS
2005/6 2011

These new standards are called “Functional Safety Standards”
because they look at how well the safety system needs to function!
ISO 13849-1 IEC 62061
Safety Categories are no longer
in effect since EN954-1 was
withdrawn in December of 2011.
EN954-1 outlined the
requirements for Categories.
ISO 13849-1 has replaced
EN954-1 as the most commonly
followed international machine
safety standard.
ISO 13849-1 and IEC 62061 are functional safety standards that evaluate how well the
safety system needs to function!.

Safety Standards of Today
EN954 Withdrawn
2005/6 2011
FAULT TOLERANCE
DIAGNOSTICS SRS
RELIABILITY
SYSTEMATIC
FSM
IEC/EN 62061 SIL
EN ISO 13849 PL
EN 954
CATEGORY
FAULT
TOLERANCE
DIAGNOSTICS

Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.PUBLIC INFORMATION Copyri
Transition from EN954-1 to ISO-13849-1
 EN954-1 was initially published in 1996 and was withdrawn in December of 2011. It
described the requirements for Categories/Structure. EN954-1 identified these categories
as:
 Cat B
 Cat 1
 Cat 2
 Cat 3
 Cat 4
 In 2006 the European Union began a new approach to applying safety standards. The
most utilized standard is ISO-13849. ISO-13849 uses Performance Levels as shown
below:
 PLa
 PLb
 PLc
 PLd
 PLe

The difference between Categories and Performance Levels is
added requirements to ensure enhanced performance!
 A Category is a simple definition of circuit requirements that comes from
EN954. Categories were based on basic electro-mechanical devices,
not solid state devices that exist today!
 A Performance Level is an improved definition of circuit performance
that comes from ISO13849. It includes guidance on design
requirements for all technologies!
 Performance Levels use Categories and adds additional requirements to
ensure proper system performance. The added requirements are:
 Diagnostic Coverage (Fault monitoring capability)
 Component Reliability (MTTFd and B10d)
 Common Cause Failure Fractions (Design considerations)

Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.PUBLIC INFORMATION Copyri
EN/ISO 13849-1 Explanation
 EN/ISO 13849-1 is the result of improvements to the old EN-954
standard. It introduced many new design concepts that provide
guidance on the design and integration of safety components to meet
required performance levels (PLr).
Category Performance Level
A performance Level is an improved Category!

Performance Level Components/Attributes

Additional reasons for the change
from EN 954 and ISO 13849!
EN 954 EN ISO 13849
Electrical Control Circuits Control circuits all technologies :
• Electrical
• Pneumatic
• Fluids
• Hydraulic
Safety Categories B, 1, 2, 3 & 4 Performance Levels PLa to PLe
Safety provided by the structure of
the control circuit
Safety provided by:
• The architecture/structure (categories)
• The reliability of the system (MTTFd, B10d)
• The diagnostic coverage of the system (DC)
• The preventive measures against common causes
of failure (CCF)
Draw a diagram (schematic) Draw a diagram and verification of PL
Does PL(achieved) = PLr (required) ?
Not just electrical
anymore!

Agenda
Fundamental Assessment Process
What is Risk?
One Persons View of the
“Journey of Safety Standards”
Safety Life Cycle

Functional Safety Life Cycle
Safety Life
Cycle
STEP 5
MAINTAIN & IMPROVE
SAFETY SYSTEM
STEP 1
TEAM BASED RISK
ASSESSMENT
STEP 4
SAFETY SYSTEM
INSTALLATION &
VALIDATION
STEP 2
SAFETY SYSTEM
FUNCTIONAL
REQUIREMENTS
STEP 3
SAFETY SYSTEM
DESIGN & VERIFICATION

Why?
14
 It is quite common for any group, whether it be a new equipment OEM or a
facility End-user, to have a multitude of questions and concerns when
starting at the beginning of the machine safety system lifecycle.
–What does the word safety really mean, and
how is it achieved?
–What is risk? How is it measured?
–Do I need a PHD in mathematics to analyze
probability and risk?
–How safe do I need to make this machine?
–How do I go about identifying hazards
The most valuable attribute of a risk assessment process is
that it answers most of these questions for us

The Foundation:
Begins with a Risk Assessment
 Provides Safety Performance Level – Design Target
 Creates the Foundation of the Safety System Functional
Requirements, System Design and Validation Protocol.
 Shows “Due Diligence” and compliance to Global standards
S1
S2
F2
F1
Performance
Level, PLr
a
b
P1
P2
e
c
d
P1
P2
P1
P2
P1
P2
F2
F1
S = Severity
F = Frequency or Duration of Exposure
P = Avoidance Probability
Task/Hazard
Contribution to
Risk
Reduction
Low
High

Risk
Categories
CSA Z434
R1
As
determined
from the risk
assessment
Risk Categories to Circuit Performance
R2A
R2B
R2B
R2C
R3A
R3B
R4 a
b
b
c
c
d
d
e
Performance
Levels
ISO13849-1
Control Reliable
Control Reliable
Single CH with Monitoring
Single CH with Monitoring
Single CH
Single CH
Simple
Simple
Cat 3+
Cat 3+
Cat 2
Cat 2
Cat 1
Cat 1
Cat B
Cat B
Categories
From
EN954
CSA Z432

Safety Categories Are Being Replaced
 EN 954 (Categories) withdrawn December 31, 2011
 SIL and PL assessment require more information and calculation than Categories  It is
not a direct conversion!
Note: Intended to show approximate equivalency for guidance only; attaining the corresponding
PL or SIL requires more information and calculation based on several additional factors
SIL 3PLeCategory 4
SIL 2PLdCategory 3
PLcCategory 2
SIL 1
PLbCategory 1
-PLaCategory B
Safety Integrity Level
IEC 62061
Performance Level
ISO 13849-1: 2008
Category
EN 954
17
Control Reliable
Control Reliable
Single CH with
Monitoring
Single CH
Simple
CSA
Circuit Performance

The Purpose of Risk Assessment
18
 The process serves as an effective tool for properly identifying and assessing the
real hazards involved in operating a particular machine.
 Risk assessment provides a method for determining equivalent levels of protection
when designing safeguards.
 The process takes away the guesswork when estimating risk and prescribing safety
system performance.
 Risk assessment is an active, documented process that can be filed and maintained
for the entire life of the machine, and serves as documented proof of your “due
diligence”.
 Risk assessment establishes the foundation and early framework for the design and
implementation of an effective machine safety program.

What is “Safety” Exactly?
19
 Before we can understand what exactly we achieve through risk assessment, it will
be important to provide an answer for the first few questions.
 What does the word safety really mean, and how is it achieved?
 Safety, with respect to machinery operation is defined in IEC 62061:2005 as:
…Safety is freedom from unacceptable risk
 This immediately gives us a definition for safety in terms of risk, so it now
starts to become more clear how risk assessment plays a part in achieving
safety?!?

What is Risk?
 Now we must define risk? Under the same standard, risk can be defined as:
Risk is the combination of the Severity of harm, and the probability of
occurrence of that harm (Frequency of exposure + Avoidability).
20
What severity of harm would come to the skydiver if his
parachute did not open?
+
What is the probability that the parachute(s) will not open
and the skydiver will experience this harm?
Probability factors might be:
How frequent does the person skydive?
+
If the parachute(s) do not open, is the skydiver able to avoid
or limit the harm from the fall?

Defined Risk Scale
21
• If we can then define risk in terms of parameters that can be easily selected
and summed together, then we will have a simple method for estimating risk
relative to machine hazards.
• Risk assessment methodologies provided in machine standards provide this
method through risk graphs and matrices, as we will see later.
Risk = Severity of Harm + Probability of Occurrence of Harm
Negligible
Low
Medium
High

Acceptable Risk
22
• Acceptable risk may differ from organization to organization, and therefore this
value is not purely defined in any standard or methodology. The important thing
is that your organization (and the risk assessment team) determine this
threshold prior to starting the risk assessment.
• Since safety is freedom from unacceptable risk, we will need to establish a
value on our range that determines a threshold between acceptable, and
unacceptable. Various standards will provide guidance on how to determine
when acceptable risk has been achieved.
Negligible
Low
Medium
High
Acceptable Risk

23
The risk assessment analyzes each person’s
activities and identifies those activities that have risk!
Task / Hazard Identification
Step 1 Step 2 Step 3
Identify
Affected
Personnel
Identify
Hazards
Identify
Tasks

Hazard Identification
24
 Operators and helpers, maintenance
personnel
 Quality control, material handlers
 Engineers, technicians, sales personnel
 Trainees, supervisors, safety personnel
 Administrative personnel, passers-by
Considers ALL affected personnel

25
 Packing, transportation, unloading, unpacking
 System installation, start up, commissioning
 Set up, try out, teach, operation (all modes)
 Tool change, planned and unplanned
maintenance
 Troubleshooting, house cleaning, accident
recovery
 And for CE, risk must be assessed entirely
through to de-commissioning and disposal of
the machine!
Considers ALL tasks being
performed on the machine

26
Mechanical hazards:
 Crushing / Shearing / Cutting / Severing / Stabbing
 Entanglement / Drawing in / Trapping / Impact /
Abrasion
 High pressure fluid injection / part ejection
As well as other hazards such as
 Electrical, thermal, noise, vibration, radiation,
dangerous substance handling, bad ergonomics, etc.
Considers ALL reasonably
foreseeable hazard scenarios

27
 Unexpected start-up
 Over-run, over-speed, or variations in operating
speed of to (or any similar malfunction)
 Variations in the rotational speed of tools
 Failure of power supplies and various control
circuits
 Systematic errors in software code / Specifications
 Effects of EMC / EMI
 Effects of the installed environment (Temp,
moisture, etc.)
 Operator “mode confusion”
 Lack of proper procedures and/or training
Considers ALL reasonably
foreseeable hazard scenarios

Fundamental Process
Risk Evaluation
Risk Reduction
Risk
Reduction
Complete for
particular hazard
OK
Unacceptable
Define all known machine characteristics and limits
Risk Estimation
Next hazard

29
Risk Evaluation
Risk Reduction
Risk
Reduction
Complete for
particular hazard
OK
Unacceptable
Risk Estimation
Next hazard

30
 The first pass of hazard identification is performed on the machine while
ignoring all current safeguards that may be in place.
 All risks must be identified and estimated
 It needs to be determined whether or not the existing safeguard and it’s
performance are applicable and appropriate for the level of risk.
 All tasks are broken down into individual steps
 Allows each step to be assessed more thoroughly for exposure to
hazards.
 Provides a flow and outline for the risk assessment process

Risk Estimation
31
Risk Evaluation
Risk Reduction
Risk
Reduction
Complete for
particular hazard
OK
Unacceptable
Risk Estimation
Next hazard

Risk Evaluation
32
Risk Evaluation
Risk Reduction
Risk
Reduction
Complete for
particular hazard
OK
Unacceptable
The process of risk reduction may have to be implemented several times
before the risk is mitigated to an acceptable value
Risk Estimation
Once the risk is acceptable, we can then
move on to the next hazard.

Risk Evaluation
33
Risk Evaluation
Risk Reduction
Risk
Reduction
Complete for
particular hazard
OK
Unacceptable
Risk Estimation
Next hazard

Risk Graphs/Matrix/Chart
34
For example purposes, we will utilize the ISO 13849-1:2006 Risk Graph

Risk Graphs/Matrix/Chart
35
But depending on our objectives, we could use various other methods. We should
consider that one objective is to define our safety performance, and that our risk graph
should provide a method for doing so…..

Typical Worksheet
36
A typical risk assessment worksheet will look similar to the one below, with
a column provided for each item of data that will be collected and/or
determined.

Typical Worksheet
37
With a task and hazard identified, we enter this data into our worksheet
Task
Step
Hazard:
a. Details of potential hazard
b. Event leading to hazard or failure
mode
c. Hazardous Energy Source(s)
d. Reference to a supporting photo or
drawing.

RIA R15.06 Risk Estimation
Task: Loading part to fixture Frequency: 30 times per hour
Affected
Personnel
Area Hazard Potential
Incidents /
Accidents
Operators /
Supervisors /
Technicians /
Engineers
“A” –
Load
Station #1
Impact /
pinch
points
Struck by
moving
Robot
Hazard Potential
Incidents /
Accidents
Severity Exposure Avoidance Initial
Rating
Impact Struck by
moving
robot
Example
A
Load Station
#1
C
Robot
Load
Fixture
S2 E2 P2
On the first
pass, assume no
safeguards are
in place
Estimate the Risk Level
PLe

Risk Reduction
Accident Potential Risk Reduction techniques
Struck by Robot Redesign: Automate loading
Interlocked Hard Guarding (manual or
automatic safety gate)
Light Curtain
Floor mat / Area Scanner
Assuming risk reduction is in place, repeat the assessment process: Identify hazards /
Estimate Risks / Evaluate Risks until an acceptable level of risk has been achieved.
A
Load Station
#1
C
Robot
Load
Fixture
Manual Loading Station to
Robotic Processing CellExample
Task: Loading part to fixture
Frequency: 30 times per hour A
Load Station
#1
C
Robot
Load
Fixture

Risk Assessment Work Sheet
• The Rating Columns are filled in and the Risk Reduction Category is filled in
• Risk Estimation
Risk Assessment Worksheet Sheet #: Date:______
Machine: Panel Assembly Cell
Prior to Safeguards With Safeguards
Task
Potential
Incidents
/Accidents
Sever
ity of
Injury
Expo
sure
Avoid
ance
Risk
Reduction
Category
Potential
Safeguards
Recommend-
ations Expos
ure
Avoid
ance
Sev
erity
Residual
Risk
Impact / Pinch
points due to
Robot motion
S2 E2 A2 PLeLoading3 lb.
Part into
Fixture, 30
times per hour

ISO 13849 Risk Estimation
41
Risk Parameters:
• Severity
• Frequency and/or Exposure
• Probability of avoiding hazard or limiting
harm
Safety Function Performance Level
(Determined from graph)
We now enter the risk estimation parameter selections into our worksheet

Risk Assessment Work Sheet
• The Potential Safeguard and Recommendation Columns are filled in
• Risk Reduction
Risk Assessment Worksheet Sheet #: Date:______
Machine:Panel Assembly Cell
Prior to Safeguards With Safeguards
Task
Potential
Incidents
/Accidents
Sever
ity of
Injury
Expo
sure
Avoid
ance
Risk
Reduction
Category
Potential
Safeguards
Recommen--
dations Expos
ure
Avoid
ance
Sev
erity
Residual
Risk
Impact / Pinch
points due to
Robot motion
S2 E2 A2 Ple Redesign:
Automate
Part Loading
Guarding:
Light
Curtains,
Floor Mat,
Interlocked
Gate,
Automated
Gate
Short Term:
Add Light Curtain
Guarding
solution.
Loading3 lb.
Part into
Fixture, 30
times per hour

43
1. We evaluate the initial risk
Risk Evaluation
3. We then adjust risk parameters affected
by the existing and installed
safeguards
2. If risk is unacceptable, we
must then evaluate the
application of our existing
and newly recommended
safeguards and mitigation
measures
4. Then evaluate the residual risk to
determine if it is acceptable
We now enter the risk estimation parameter selections into our worksheet

44
Each step of a task will result in a completed worksheet (example below)

45
 Step 1: Select
Severity of the hazard.
 S1: Slight
(normally reversible
injury)
 S2: Serious
(normally irreversible
injury or death)
* Note: Annex A will
provide more
detailed guidance on
the selection of this
parameter.
S1
S2
F2
F1
Performance
Level, PLr
a
b
P1
P2
e
c
d
P1
P2
P1
P2
P1
P2
F2
F1
13849-1/Annex A, Figure A.1
Step 1

46
 Step 2: Select
Frequency and/or
exposure to hazard.
 F1: Seldom to less
often and/or
exposure time is
short
 F2: Frequent to
continuous and/or
exposure time is
long
provide more
parameter.
S1
S2
F2
F1
Performance
Level, PLr
a
b
P1
P2
e
c
d
P1
P2
P1
P2
P1
P2
F2
F1
Step 2

47
 Step 3: Select
Possibility of avoiding
the hazard or limiting
harm.
 P1: Possible under
specific conditions
 P2: Scarcely
possible
provide more
parameter.
S1
S2
F2
F1
Performance
Level, PLr
a
b
P1
P2
e
c
d
P1
P2
P1
P2
P1
P2
F2
F1
Step 3

Design it out
Fixed enclosing guard
Interlocked guard
and safety devices
Awareness Means
Training & supervision
Personal protective
equipment
Hierarchy of Risk Reduction Measures
48
More Details in Future SafeDesign Webinars

Safety Life
Cycle
STEP 5
MAINTAIN & IMPROVE
SAFETY SYSTEM
STEP 1
TEAM BASED RISK
ASSESSMENT
STEP 4
SAFETY SYSTEM
INSTALLATION &
VALIDATION
STEP 2
SAFETY SYSTEM
FUNCTIONAL
REQUIREMENTS
STEP 3
SAFETY SYSTEM

50
 Rockwell’s Typical Scope of Work (SOW)
 Review the initial mitigation functionality recommendations from the
risk assessment
 Discussions with the Customer Safety, Engineering, Operations and
Management to “double check” and verify that the plans will not
impede production and maintenance, and where possible, enhance
daily tasks while achieving safety goals.

51
Rockwell Automation Delivers the SFRS via a 3 Step Process
 Step 1 - On-site review of the recommended mitigation options as defined within the completed Risk
Assessment by others or Rockwell Automation. The effort will include discussions and additional on-site
checks, panel inspections, cable routing plans, and measurements. The primary purpose is to document
what and how the safety function is to be performed. The process ensures any changes are agreeable to
all Customer name parties. The on-site review is estimated to take XX days, with the remainder of the
documentation generation being performed off-site.
 Step 2 - Documentation of the agreed functionality. The functionality will be documented in tabular form,
as shown on next slide. The Safety Function will be defined, and corresponding E-Stop, Electrical,
Guarding, Pneumatic and Hydraulic safety category and related functions will be documented. The
integration details of the required new and existing components (Safety and Standard) will be determined
and documented. Additional, primary circuit components and system controls will be defined, along with
guard dimensions and types. When complete, Customer name will be asked to formally approve the
SFRS (sign-off). (Refer to the example tables below).
 Step 3 - Review of the initial mitigation design to determine if any changes are required based on the
approved SFRS.

52

Scalable Assessment Slide
53

Safety Life
Cycle
STEP 5
MAINTAIN & IMPROVE
SAFETY SYSTEM
STEP 1
TEAM BASED RISK
ASSESSMENT
STEP 4
SAFETY SYSTEM
INSTALLATION &
VALIDATION
STEP 2
SAFETY SYSTEM
FUNCTIONAL
REQUIREMENTS
STEP 3
SAFETY SYSTEM

Questions?
55

Copyright © 2012 Rockwell Automation, Inc. All rights reserved.COMPANY CONFIDENTIAL - Internal Use Only
Then fill in the required information on the
survey screen:
1. Your Session Code (i.e. T200)
2. Your Short Code Located on your
Badge
3. Select “YES”
4. Hit “Continue”
To start, scan the QR
Code below:
Like what you saw? Request Follow-up
from a Rockwell Representative!

T06 machine safetyachievingandmaintainingregulatorycompliance-canada

Recommended

Recommended

More Related Content

What's hot

What's hot (17)

Similar to T06 machine safetyachievingandmaintainingregulatorycompliance-canada

Similar to T06 machine safetyachievingandmaintainingregulatorycompliance-canada (20)

More from Vo Quoc Hieu

More from Vo Quoc Hieu (9)

Recently uploaded

Recently uploaded (20)

T06 machine safetyachievingandmaintainingregulatorycompliance-canada