CSA Z432 Third Edition Open for Public Review!

CSA Z432, Safeguarding of Machinery, is the basic stand­ard for Canada when it comes to most types of machinery. Only Power Presses and Press Brakes, and Industrial Robots are covered sep­ar­ately in their own stand­ards. CSA Z432 provides guid­ance on import­ant top­ics, like:

  • Risk Assessment
  • Risk reduc­tion through the Hierarchy of Controls
  • Guard design requirements
  • Safeguarding device applic­a­tion require­ments, and
  • Instructions and inform­a­tion for use

This stand­ard should be used by every­one in Canada respons­ible for the safe design of machinery used in Canadian work­places, and for the safety of work­ers who use machinery in their daily tasks.

CSA has just opened pub­lic review on CSA Z432, Safeguarding of Machinery, third edi­tion. If you are a user, a build­er of machinery, or an eval­u­at­or of machinery, this is your oppor­tun­ity to see the draft of this import­ant stand­ard, and to make com­ments to help the Technical Committee improve the stand­ard on your behalf.

To access the pub­lic review copy, you must register on CSA’s Public Review sys­tem. Registration is free and allows you to get read-​only access to the drafts of all new stand­ards that CSA is pre­par­ing to pub­lish. The time you take to read and com­ment on new stand­ards is very valu­able to the Technical Committees, as it helps us to cor­rect areas where mis­un­der­stand­ings or con­fu­sion may exist, and to add mater­i­al where it is needed.

See the Draft

Review closes 2-​Jan-​2016, so don’t delay!

If you need more inform­a­tion, please con­tact Jill Collins at CSA Group.


Scoring Severity of Injury – Hidden Probabilities

This entry is part 8 of 8 in the series Risk Assessment

I’ve been think­ing a lot about risk scor­ing tools and the algorithms that we use. One of the key ele­ments in risk is the Severity of Injury. There are hid­den prob­ab­il­it­ies attached to the Severity of Injury scores that are assigned that are not dis­cussed clearly in any of the risk assess­ment stand­ards that are com­monly in use. This all star­ted when I was chal­lenged to write an ana­lys­is of the prob­lems with the CSA Risk Scoring Tool that you can find in the 2014 ver­sion of CSA Z434. That tool is deeply flawed in my opin­ion, but that is not the top­ic of this post. If you want to read my ana­lys­is, you can down­load the white paper and the present­a­tion notes for my ana­lys­is from the Compliance inSight Publications page [1].

Scoring risk can be a tricky thing, espe­cially in the machinery sec­tor. We rarely have much in the way of real-​world data to use in the ana­lys­is, and so we are left with the opin­ions of those build­ing the machine as the basis for our eval­u­ation. Severity is usu­ally the first risk para­met­er to be estim­ated because it’s seen as the “easy” one – if the char­ac­ter­ist­ics of the haz­ard are well known. One aspect of sever­ity that is often missed is the prob­ab­il­ity of a cer­tain sever­ity of injury. We’re NOT talk­ing about how likely it is for someone to be injured here; we’re talk­ing about the most likely degree of injury that will occur when the per­son inter­acts with the haz­ard. Let me illus­trate this idea anoth­er way: Let’s call Severity “Se”, any spe­cif­ic injury “I”, and the prob­ab­il­ity of any spe­cif­ic injury “Ps”. We can then write a short equa­tion to describe this relationship.

Se f (I,Ps)

Since we want there to be a pos­sib­il­ity of no injury, we should prob­ably relate these para­met­ers as a product:

Se = I x Ps

Ok, so what? What this equa­tion says is: the Severity (Se) of any giv­en injury (I), is the product of the spe­cif­ic type of injury and the prob­ab­il­ity of that injury. More simply yet, you could say that you should be con­sid­er­ing the most likely type of injury that you think will occur when a per­son inter­acts with the haz­ard. Consider this example: A work­er enters a robot­ic work cell to change the weld tips on the weld­ing gun the robot uses. This task has to be done about once every two days. The entry gate is inter­locked, and the robot was locked out before entry. The floor of the work cell has wire­ways, con­duits and pip­ing run­ning across it from the edges of the cell to the vari­ous pieces of equip­ment inside the cell, cre­at­ing uneven foot­ing and lots of slip and trip haz­ards. The work­er misses his foot­ing and falls. What can you expect for Se in this case?

We know that falls on the same level can lead to fatal­it­ies, about 600/​year in the USA [2], but that these are mostly in the con­struc­tion and min­ing sec­tors rather than gen­er­al man­u­fac­tur­ing. We also know that broken bones are more likely than fatal­it­ies in falls to the same level. About a mil­lion slips and falls per year res­ult in an emer­gency room vis­it, and of these, about 5%, or 50,000, res­ult in frac­tures. Ok, so what do we do with this inform­a­tion? Let’s look at typ­ic­al sever­ity scale, this one taken from IEC 62061 [3].

Table 1 – Severity (Se) clas­si­fic­a­tion [2, Table A.1]

Consequences Severity (Se)
Irreversible: death, los­ing an eye or arm 4
Irreversible: broken limb(s), los­ing a finger(s) 3
Reversible: requir­ing atten­tion from a med­ic­al practitioner 2
Reversible: requir­ing first aid 1

Using Table 1, we might come up with the fol­low­ing list of pos­sible sever­it­ies of injury. This list is not exhaust­ive, so feel free to add more.

Table 2 – Potential Injury Severities

Possible Injury Severity (Se)
Fall on same level – Fatality 4
Fall on same level – Broken wrist 3
Fall on same level – Broken collarbone 3
Fall on same level – Torn rotat­or cuff 2
Fall on same level – Bruises 1
Fall on same level – Head Injury 3
Fall on same level – Head Injury 4

How do we score this using a typ­ic­al scor­ing tool? We could add each of these as line items in the risk register, and then assess the prob­ab­il­ity of each, but that will tend to cre­ate huge risk registers with many line items at very low risks. In prac­tice, we decide on what we think is the most likely degree of injury BEFORE we score the risk. This res­ults in a single line item for the haz­ard, rather than sev­en as would be the case if we scored each of these poten­tial injur­ies individually.

We need a prob­ab­il­ity scale to use in assess­ing the like­li­hood of injur­ies. At the moment, no pub­lished scor­ing tool that I know of has a scale for this, so let’s do the simple thing: Probability (Ps) will be scored from 0 – 100%, with 100% being a certainty.

Going back to the second equa­tion, what we are really doing is assign­ing a prob­ab­il­ity to each of the sever­it­ies that we think exist, some­thing like this:

Table 3 – Potential Injuries and their Probabilities

Possible Injury (I) Severity (Se) Probability (Ps)
Fall on same level – Fatality 4  0.0075%
Fall on same level – Broken wrist 3  5%
Fall on same level – Broken collarbone 3  5%
Fall on same level – Torn rotat­or cuff 2  5%
Fall on same level – Bruises 1  90%
Fall on same level – Head Injury 3 1%
Fall on same level – Head Injury 4   0.0075%
Fall on same level – Lacerations to hands 2 90%

The per­cent­ages for fatal­it­ies and frac­tures we taken roughly from [1]. Ok, so we can look at a table like this and say that cuts and bruises are the most likely types of injury in this case. We can either decide to group them for the over­all risk score, or we can score each indi­vidu­ally, res­ult­ing in adding two sep­ar­ate line items to the risk register. I’m going to use the oth­er para­met­ers from [2] for this example, and devel­op an example risk register, Table 4. In Table 4,

Se = Severity

Pr = Probability of the Hazardous Event

Fr = Frequency and Duration of Exposure

Av = Possibility to Avoid or Limit Harm

The algorithm I am using to eval­u­ate the risk is R = Se x [Pr x (Fr + Av)] [1]. Note that where I have com­bined the two poten­tial injur­ies into one line item (Item 1 in the register), I have selec­ted the highest sever­ity of the com­bined injur­ies. The less likely sever­it­ies, and in par­tic­u­lar the fatal­it­ies, have been ignored. You can click on  Table 4 to see a lar­ger, more read­able version.

Table 4 - Example Risk Register
Table 4 – Example Risk Register

Note that I did not reduce the Se scores in the Final Risk Score, because I have not made changes to the slip/​trip and fall haz­ards, only to the like­li­hood of the injury occur­ring. In all cases, we can show a sig­ni­fic­ant risk reduc­tion after mit­ig­a­tion. I’m not going to get into risk eval­u­ation (i.e., Is the risk effect­ively con­trolled?) in this par­tic­u­lar art­icle, but the fact that you can show a sig­ni­fic­ant risk reduc­tion is import­ant. There are lots of con­sid­er­a­tions in determ­in­ing if the risk has been effect­ively controlled.


Consideration of the prob­ab­il­ity of cer­tain kinds of injur­ies occur­ring must be con­sidered when estim­at­ing risk. This pro­cess is largely undoc­u­mented but nev­er­the­less occurs. When risk ana­lysts are con­sid­er­ing the sever­ity of injury from any giv­en haz­ard, this art­icle gives the read­er one pos­sible approach than could be used to select the types of injur­ies most likely to occur before scor­ing the rest of the risk parameters.


[1] D. Nix, ‘Evaluation of Problems and Challenges in CSA Z434-​14 Annex DVA Task-​Based Risk Assessment Methodology’, 2015.

[2] National Floor Safety Institute (NFSI), ‘Quick Facts – Slips, Trips, and Falls’, 2015. [Online]. Available: http://​nfsi​.org/​n​f​s​i​-​r​e​s​e​a​r​c​h​/​q​u​i​c​k​-​f​a​c​ts/. [Accessed: 21- Jul- 2015].

[3] ‘Safety of machinery – Functional safety of safety-​related elec­tric­al, elec­tron­ic and pro­gram­mable elec­tron­ic con­trol sys­tems. IEC 62061.’, International Electrotechnical Commission (IEC), Geneva, 2005.


Digiprove sealCopyright secured by Digiprove © 2015
Acknowledgements: International Electrotechnical Commis more…
Some Rights Reserved

Risk Assessment Blunders

Analysis TeamUpdated 7-​Jul-​2014

Recently I read a blog post writ­ten by David Cant, called, “Are You Making These Risk Assessment Blunders?”. Writing in the UK, Mr. Cant spoke to some of the com­mon kinds of prob­lems that can occur when employ­ers con­duct risk assess­ments. Many his points are equally applic­able to machine building:

  1. No Risk Assessment – This seems self evid­ent, since you can’t work to con­trol what you don’t know exists. Unfortunately, some liab­il­ity law­yers have advised cli­ents NOT to con­duct risk assess­ments, on the basis that you can’t be blamed for some­thing you knew noth­ing about. This pos­i­tion is chan­ging, since risk assess­ment has become a fun­da­ment­al piece of the machinery design pro­cess and is included in US, Canadian, International, EU, and Australian stand­ards to name a few. What remains as a liab­il­ity are poorly done risk assess­ments, and those can cer­tainly hurt a com­pany in a liab­il­ity case. See Point 3.
  2. Not Properly Identifying Hazards – This is anoth­er big one. Machine build­ers some­times fail to under­stand the haz­ards that are incor­por­ated into their machinery, espe­cially in the case of sys­tem integ­rat­ors. Identification is the first step, ana­lys­is is the second step. Once the haz­ard has been iden­ti­fied, the assessors must ana­lyze the haz­ard to under­stand the mag­nitude of injury that can occur, e.g., a paper cut, hear­ing loss, per­man­ent mus­cu­lo­skelet­al dis­order, fatal­ity, etc.
  3. Creating an inad­equate risk assess­ment – If you “phone it in”, any know­ledgable per­son will be able to see that, and you can be sure that pro­sec­utors will bring that to the atten­tion of the court! Any claim that is made will be refuted by a know­ledgable per­son hired by the prosecution.
  4. Assuming Safety Because You Have a Document – A risk assess­ment report nev­er pro­tec­ted any­one from harm. Actions based on the report are what pro­tect people from harm. Simply com­plet­ing a risk assess­ment and stick­ing the report in the design file fixes noth­ing, and going back to the liab­il­ity dis­cus­sion, will cre­ate prob­lems when it becomes clear that a) You knew about the risks, b) You thought out mit­ig­a­tion meas­ures for the risks, but c) You failed to act on your own recommendations.
  5. Not involving your employ­ees – I would change this to read, “Not involving the cus­tom­er or end user.” Getting a risk assess­ment done by an out­side indi­vidu­al is likely going to res­ult in a poor out­come, if that per­son does not work with the know­ledgable people in your organ­iz­a­tion. If this is an intern­al risk assess­ment for a pro­cess used in-​house, then you need the work­ers involved with the pro­cess to be part of the risk assess­ment team. You also need the pro­cess design­ers (elec­tric­al, mech­an­ic­al, soft­ware, etc.). If this is a product devel­op­ment risk assess­ment, then you will need product design­ers, mar­ket­ing or sales people, and end-​users. In all cases you may also need out­side experts to help with haz­ard ana­lys­is and mit­ig­a­tion, since you may not have the expert­ise in-​house. A good example of this is the use of indus­tri­al lasers into processes.
  6. Assessing risk gen­er­ic­ally – this goes back to point 3 – a risk assess­ment has to be rel­ev­ant to the pro­cess, product or ser­vice that it describes. Using a risk assess­ment developed by someone else for some oth­er sim­il­ar product, pro­cess or ser­vice lim­its your think­ing to just what they decided was rel­ev­ant. Better to start with a blank sheet, and only at the end look at other’s work to see if you may have missed any­thing they included.
  7. Doing the risk assess­ment after the machine has been designed, built and put into use – This is a com­mon prob­lem, and espe­cially affects work­places that buy off-​the-​shelf machinery and used machinery. Many machine build­ers are not famil­i­ar with risk assess­ment or the bene­fits to their products, their liab­il­ity expos­ure, and their repu­ta­tion in the mar­ket­place, let alone the bene­fits to their cus­tom­ers. Conducting the risk assess­ment after the equip­ment is in use means that the first stage of the Hierarchy of Controls can­not be used. Since this is the only stage that can achieve 100% risk reduc­tion, this is a HUGE loss. In addi­tion, this means that any changes needed to mit­ig­ate risk require expens­ive changes when the machinery is already in pro­duc­tion, com­pound­ing the expense with lost pro­duc­tion. If you have no oth­er option – for instance, you’ve taken over an exist­ing busi­ness and no risk assess­ments have been done in the past, then late is bet­ter than nev­er, but it should be a last resort and not the first choice. Special thanks to Douglas Florence for sug­gest­ing this added blunder!

All of this brings me to some import­ant stand­ards. The Canadian Standards Association released CSA Z1002, Occupational health and safety – Hazard iden­ti­fic­a­tion and elim­in­a­tion and risk assess­ment and con­trol, in 2012. This is a land­mark stand­ard, because it addresses work­place risk assess­ment. No oth­er stand­ards devel­op­ment organ­iz­a­tion has released any­thing quite like it. There are some innov­at­ive ideas in the stand­ard, includ­ing the idea of “risk trans­fer.” This concept explains how risk is trans­ferred from the developer or sup­pli­er of a product, pro­cess or ser­vice, called the “extern­al con­text”, to the user organ­iz­a­tion, called the “intern­al con­text”, and then to the work­er. At each trans­fer point, the risk should have been reduced so that the worker’s expos­ure is as low as pos­sible, and cer­tainly no high­er than per­mit­ted by law.

In the machinery world, the “moth­er stand­ard” is ISO 12100, Safety of machinery — General prin­ciples for design — Risk assess­ment and risk reduc­tion. This stand­ard affects many of the machinery safety stand­ards developed world­wide, includ­ing CSA Z432 and the ANSI B11 stand­ards, and is har­mon­ized under the Machinery Directive as EN ISO 12100. This stand­ard lays out the pro­cess for safe machine design and provides the frame­work for machinery risk assess­ment. A com­pan­ion doc­u­ment, ISO/​TR 14121 – 2, Safety of machinery – Risk assess­ment – Part 2: Practical guid­ance and examples of meth­ods, provides guid­ance on how to con­duct a risk assess­ment, and offers up some example tools that could be used for this pur­pose. In the US, ANSI pub­lishes ANSI B11-​TR3, Risk Assessment and Risk Reduction – A Guide to Estimate, Evaluate and Reduce Risks Associated with Machine Tools, provid­ing sol­ar guides to users of the B11 fam­ily of standards.

Need to know more? Contact me for inform­a­tion train­ing and risk assess­ment work in your facility!