The Top Five errors I see machine builders make on a depressingly regular basis:
1) Poor or Absent Risk Assessment
Risk assessments are fundamental to safe machine design and liability limitation, and are required by law in the EU. They are a included in all of the modern North American machinery safety standards as well.
Machine builders frequently have trouble with the risk assessment process, usually because they fail to understand the process or because they fail to devote enough resources to getting it done.
If risk assessment is built into your design process, it becomes the norm for how you do business. Time and resources will automatically be devoted to the process, and since it’s part of how you do things it will become relatively painless. Where people go wrong is in making it a ‘big deal’ one-time event. Also getting it done early in the design process and iterated as the design progresses means that you have time to react to the findings, and you can complete any necessary changes at more cost-effective points in the design and build process. The worst time to do risk assessment is at the point where the machine is on the shop floor ready to start production. Costs for modification are then exponentially higher than during design and construction.
Poorly done, risk assessments become a liability defense lawyer’s worst nightmare and a plaintiff’s lawyer’s dream. Shortchanging the risk assessment process ensures that you will lose, either now or later.
Fight this problem by: learning how to conduct a risk assessment, using quality risk assessment software tools, and building risk assessment into your standard design process/practice in your organization.
2) Failure to be Aware of Regulations & Use Design Standards
This one is a mystery to me.
Every market has product safety legislation, supported by regulations. Granted, the scope and quality of these regulations varies widely, but if you want to sell a product in a market, it doesn’t take a lot of effort to find out what regulations may apply.
Design standards have been in existence for a long time. Most purchase orders, at least for custom machinery, contain lists of standards that the equipment is required to meet at Factory Acceptance Testing (FAT).
Why machine builders fail to grasp that using these standards can actually give them a competitive edge, as well as helping them to meet regulatory requirements, I don’t know. If you do, please either comment on this story or send me an email. I’d love to hear your thoughts on this!
Fight this problem by: Doing some research. Understand the market environment in which you sell your products. If you aren’t sure how to do this, use a consultant to assist you. Buy the standards, especially if your client calls them out in their specifications. Read and apply them to your designs.
One great resource for information on regulatory environments and standards applications is the IEEE Product Safety Engineering Society and the EMC-PSTC Listserv that they maintain.
3) Fixed Guard Design
Fixed guarding design is driven by at least two factors, a) preventing people from accessing hazards, and b) allowing raw materials and products into and out of the machinery.
Designers frequently go wrong by selecting a fixed guard where a movable guard is necessary to permit frequent access (say more than once per shift). This is sometimes done in an effort to avoid having to add interlocks to the control systems. Frequently the guard will be removed and replaced a couple of times, and then the screws will be left off, and eventually the guard itself will be left off, leaving the user with an unguarded hazard.
The other common fault with fixed guards relates to the second factor I mentioned – getting raw materials and products in an out of the machine. There are limits on the size of openings that can be left in guards, dependent on the distance from the opening to the hazards behind the guard and the size of the opening itself. Often the only factor considered is the size of the item that needs to enter or exit the machinery.
Both of these faults often occur because the guarding is not designed, but is allowed to happen during machine build. The size and shape of the guards is then often driven by convenience in fabrication rather than by thoughtful design and application of the minimum code requirements.
Fight this problem by: Designing the guards on your product rather than allowing them to happen, based on the outcome of the risk assessment and the limits defined in the standards. Tables for guard openings and safety distances are available in North American, EU and International standards.
4) Movable Guard Interlocking
Movable guards themselves are usually reasonably well done. Note that I am not talking about self adjusting guards like those found on a table saw for instance. I am talking about guard doors, gates, and covers.
The problem usually comes with the design of the interlock that is required to go with the movable guard. The first part of the problem goes back to my #1 mistake: Risk Assessment. No risk assessment means that you cannot reasonably hope to get the reliability requirements right for the interlocking system. Next, there are small but significant differences in how the Canadian, US, EU and International standards handle control reliability, and the biggest differences occur in the higher reliability classifications.
In the USA, the standards speak of control reliable circuits (see ANSI RIA R15.06-1999, 4.5.5). This requirement is written in such a way that a single interlocking device, installed with dual channel electrical circuits and suitably selected components will meet the requirements. No single ELECTRICAL component failure will lead to the loss of the safety function, but a single mechanical fault could.
In Canada, the machinery and robotics standards speak of control reliable systems (see CSA Z432, 8.2.5), not circuits as in the US standards. This requirement is written in such a way that TWO electromechanical interlocking devices are required, one in each electrical channel of the interlocking system. This permits the system to detect mechanical failures such as broken or missing keys, and if different types of interlocking devices are chosen, may also permit detection of efforts to bypass the interlock. Most single mechanical faults and electrical faults will be detected.
In the EU and Internationally, control reliability is much more highly developed. Here, the application of ISO 13849, IEC 62061 or IEC 61508 have taken control reliability to higher levels than anything seen to date in North America. Under these standards, the required Performance Level (PLr) or Safety Integrity Level (SIL) must be known. This is based on the outcome of, you guessed it, the Risk Assessment. No risk assessment, or a poor risk assessment, dooms the designer to likely failure. Significant skill is required to handle the analysis and design of safety related parts of control systems under these standards.
Fight this problem by: Getting the training you need to properly apply these standards and then using them in your designs.
5) Safety Distances
Safety distances crop up anywhere you don’t have a physical barrier keeping the user away from the hazard. Whether its an opening in a fixed guard, a movable guard like a guard door or gate, or a presence-sensing safeguarding device like a light curtain, safety distances have to be considered in the machine design. The easier it is for the user to come in contact with the hazard, the more safety distance matters.
Stopping performance of the machinery must be tested to validate the safety distances used. Failure to get the safety distance right means that your guards will give your users a false sense of security, and will expose them to injury. This will also expose your company to significant liability when someone gets hurt, because they will. Its only a matter of time.
Fight this problem by: Testing safeguarding devices.
OK, so this list should really be SIX things. Just consider this to be a bonus for reading this far!
Designs, and particularly safety critical designs, must be tested. Let me say it again:
Safety Critical Designs MUST Be Tested.
Whatever theory you are working under, whether it’s North American, European, International or something else, you cannot afford missing the validation step. Without validation you have no evidence that your system worked at all, let alone if it worked correctly.
Fight this problem by: TESTING YOUR DESIGNS.
A wise man once said: “If you think safety is expensive, try having an accident.” The gentleman was involved in investigating the crash of a Sikorsky S-92 helicopter off the coast of Newfoundland. 17 people died as a result of the failure of two titanium studs that held an oil filter onto the main gearbox, and the fact that the helicopter failed the ‘1/2-hour gearbox run-dry test’ that is required for all new helicopter designs. This was a clear case of failure in the risk assessment process complicated by failure in the test process.
Watch the CBC documentary “Cougar 491“. This is definitely worth the time. If you are located outside Canada, you will have a problem with this link. Unfortunately, CBC does not stream it’s video outside Canada. Sorry.