Online Training Centre Opens

Online Training Centre Opens

You’ve been chal­lenged to start doing risk assess­ments on your machine designs, but you don’t know where to start. Per­haps you’ve bought a few stan­dards or a book or two, hop­ing to fig­ure it all out, but you nev­er seem to be able to stay focused long enough to get what you need from these mate­ri­als.

You need train­ing. You start the hunt in the Google search box, but find­ing the right kind of train­ing is daunt­ing. How do you know what you need?

Search no longer! Com­pli­ance inSight Con­sult­ing opened it’s online Train­ing Cen­tre this month and is now tak­ing enrol­ments for the char­ter class in Machin­ery Risk Assess­ment!

Risk Assessment 101

Risk Assess­ment 101 is designed for machin­ery design­ers, tech­nol­o­gists and engi­neers who need to get a han­dle on the basics of risk assess­ment. The course includes 12 mod­ules, cov­er­ing

  • the basics of risk
  • haz­ard iden­ti­fi­ca­tion and analy­sis
  • like­li­hood of injury
  • risk con­trol mea­sures
  • risk assess­ment work­flow
  • doc­u­men­ta­tion
  • next steps

The course includes a live class each week, unit quizzes to help learn­ers gauge their under­stand­ing, live office hours with the instruc­tor each week, a Face­book dis­cus­sion group, and much more. Stu­dents suc­cess­ful­ly com­plet­ing the course will receive a Cer­tifi­cate of Achieve­ment.

The Char­ter Class is lim­it­ed to 15 stu­dents and is being offered at a spe­cial intro­duc­to­ry price. If you’re inter­est­ed, don’t waste any time, enroll right away to secure a seat.

Future Courses

Over the next few months, addi­tion­al cours­es will be added to the Train­ing Cen­tre on top­ics like CE Mark­ing, Func­tion­al Safe­ty, Machine Guard­ing, and much more. Some cours­es will be self-direct­ed, while oth­ers will have live class­es as part of the pro­gram.

Our goal at CIC is to pro­vide our cus­tomers with a con­ve­nient, afford­able way to get the train­ing they need when they need it. We hope to see you in class soon!

ISO 13849–1 Analysis — Part 1: Start with Risk Assessment

This entry is part 1 of 9 in the series How to do a 13849–1 analy­sis

I often get ques­tions from clients about how to get start­ed on Func­tion­al Safe­ty using ISO 13849. This arti­cle is the first in a series that will walk you through the basics of using ISO 13849. Keep in mind that you will need to hold a copy of the 3rd edi­tion of ISO 13849–1 [1] and the 2nd edi­tion of ISO 13849–2 [2] to use as you go along. There are oth­er stan­dards which you may also find use­ful, and I have includ­ed them in the Ref­er­ence sec­tion at the end of the arti­cle. Each post has a Ref­er­ence List. I will pub­lish a com­plete ref­er­ence list for the series with the last post.

Where to start?

So you have just learned that you need to do an ISO 13849 func­tion­al safe­ty analy­sis. You have the two parts of the stan­dard, and you have skimmed them, but you are feel­ing a bit over­whelmed and unsure of where to start. By the end of this arti­cle, you should be feel­ing more con­fi­dent about how to get this job done.

Step 1 — Risk Assessment

For the pur­pose of this arti­cle, I am going to assume that you have a risk assess­ment for the machin­ery, and you have a copy for ref­er­ence. If you do not have a risk assess­ment, stop here and get that done. There are sev­er­al good ref­er­ences for that, includ­ing ISO 12100 [3], CSA Z432 [4], and ANSI B11.TR3 [5]. You can also have a look at my series on Risk Assess­ment.

The risk assess­ment should iden­ti­fy which risks require mit­i­ga­tion using the con­trol sys­tem, e.g., use of an inter­locked gate, a light cur­tain, a two-hand con­trol, an enabling device, etc. See the MS101 glos­sary for detailed def­i­n­i­tions. Each of these becomes a safe­ty func­tion. Each safe­ty func­tion requires a safe­ty require­ments spec­i­fi­ca­tion (SRS), which I will describe in more detail a bit lat­er.

Safety Functions

The 3rd edi­tion of ISO 13849 [1] pro­vides two tables that give some exam­ples of safe­ty func­tion char­ac­ter­is­tics [1, Table 8] and para­me­ters [1, Table 9] and also pro­vides ref­er­ences to cor­re­spond­ing stan­dards that will help you to define the nec­es­sary para­me­ters. These tables should not be con­sid­ered to be exhaus­tive — there is no way to list every pos­si­ble safe­ty func­tion in a table like this. The tables will give you some good ideas about what you are look­ing for in machine con­trol func­tions that will make them safe­ty func­tions.

While you are iden­ti­fy­ing risk reduc­tion mea­sures that will use the con­trol sys­tem for mit­i­ga­tion, don’t for­get that com­ple­men­tary pro­tec­tive mea­sures like emer­gency stop, enabling devices, etc. all need to be includ­ed. Some of these func­tions may have min­i­mum require­ments set by Type B2 stan­dards, like ISO 13850 [6] for emer­gency stop which sets the min­i­mum per­for­mance lev­el for this func­tion at PLc.

Selecting the Required Performance Level

ISO 13849–1:2015 pro­vides a graph­i­cal means for select­ing the min­i­mum Per­for­mance Lev­el (PL) required for the safe­ty func­tion based on the risk assess­ment. A word of cau­tion here: you may feel like you are re-assess­ing the risk using this tool because it does use risk para­me­ters (sever­i­ty, frequency/duration of expo­sure and pos­si­bil­i­ty to avoid/limit harm) to deter­mine the PL. Risk assess­ment This tool is not a risk assess­ment tool, and using it that way is a fun­da­men­tal mis­take. Its out­put is in terms of per­for­mance lev­el, which is fail­ure rate per hour of oper­a­tion. For exam­ple, it is entire­ly incor­rect to say, “This machine has a risk lev­el of PLc” since we define PLs in terms of prob­a­ble fail­ure rate per hour.

ISO 13849-1 graphical selection tool for determining PLr requirement for a safety function
Graph­i­cal Per­for­mance Lev­el Selec­tion Tool [1]
Once you have assigned a required Per­for­mance Lev­el (PLr) to each safe­ty func­tion, you can move on to the next step: Devel­op­ing the Safe­ty Require­ments Spec­i­fi­ca­tion.

Book List

Here are some books that I think you may find help­ful on this jour­ney:

[0]     B. Main, Risk Assess­ment: Basics and Bench­marks, 1st ed. Ann Arbor, MI USA: DSE, 2004.

[0.1]  D. Smith and K. Simp­son, Safe­ty crit­i­cal sys­tems hand­book. Ams­ter­dam: Else­vier/But­ter­worth-Heine­mann, 2011.

[0.2]  Elec­tro­mag­net­ic Com­pat­i­bil­i­ty for Func­tion­al Safe­ty, 1st ed. Steve­nage, UK: The Insti­tu­tion of Engi­neer­ing and Tech­nol­o­gy, 2008.

[0.3]  Overview of tech­niques and mea­sures relat­ed to EMC for Func­tion­al Safe­ty, 1st ed. Steve­nage, UK: Overview of tech­niques and mea­sures relat­ed to EMC for Func­tion­al Safe­ty, 2013.


[1]     Safe­ty of machin­ery — Safe­ty-relat­ed parts of con­trol sys­tems — Part 1: Gen­er­al prin­ci­ples for design. 3rd Edi­tion. ISO Stan­dard 13849–1. 2015.

[2]     Safe­ty of machin­ery — Safe­ty-relat­ed parts of con­trol sys­tems — Part 2: Val­i­da­tion. 2nd Edi­tion. ISO Stan­dard 13849–2. 2012.

[3]      Safe­ty of machin­ery — Gen­er­al prin­ci­ples for design — Risk assess­ment and risk reduc­tion. ISO Stan­dard 12100. 2010.

[4]     Safe­guard­ing of Machin­ery. CSA Stan­dard Z432. 2004.

[5]     Risk Assess­ment and Risk Reduc­tion- A Guide­line to Esti­mate, Eval­u­ate and Reduce Risks Asso­ci­at­ed with Machine Tools. ANSI Tech­ni­cal Report B11.TR3. 2000.

[6]    Safe­ty of machin­ery — Emer­gency stop func­tion — Prin­ci­ples for design. ISO Stan­dard 13850. 2015.

Scoring Severity of Injury — Hidden Probabilities

This entry is part 8 of 8 in the series Risk Assess­ment

I’ve been think­ing a lot about risk scor­ing tools and the algo­rithms that we use. One of the key ele­ments in risk is the Sever­i­ty of Injury. There are hid­den prob­a­bil­i­ties attached to the Sever­i­ty of Injury scores that are assigned that are not dis­cussed clear­ly in any of the risk assess­ment stan­dards that are com­mon­ly in use. This all start­ed when I was chal­lenged to write an analy­sis of the prob­lems with the CSA Risk Scor­ing Tool that you can find in the 2014 ver­sion of CSA Z434. That tool is deeply flawed in my opin­ion, but that is not the top­ic of this post. If you want to read my analy­sis, you can down­load the white paper and the pre­sen­ta­tion notes for my analy­sis from the Com­pli­ance inSight Pub­li­ca­tions page [1].

Scor­ing risk can be a tricky thing, espe­cial­ly in the machin­ery sec­tor. We rarely have much in the way of real-world data to use in the analy­sis, and so we are left with the opin­ions of those build­ing the machine as the basis for our eval­u­a­tion. Sever­i­ty is usu­al­ly the first risk para­me­ter to be esti­mat­ed because it’s seen as the “easy” one — if the char­ac­ter­is­tics of the haz­ard are well known. One aspect of sever­i­ty that is often missed is the prob­a­bil­i­ty of a cer­tain sever­i­ty of injury. We’re NOT talk­ing about how like­ly it is for some­one to be injured here; we’re talk­ing about the most like­ly degree of injury that will occur when the per­son inter­acts with the haz­ard. Let me illus­trate this idea anoth­er way: Let’s call Sever­i­ty “Se”, any spe­cif­ic injury “I”, and the prob­a­bil­i­ty of any spe­cif­ic injury “Ps”. We can then write a short equa­tion to describe this rela­tion­ship.

Se f (I,Ps)

Since we want there to be a pos­si­bil­i­ty of no injury, we should prob­a­bly relate these para­me­ters as a prod­uct:

Se = I x Ps

Ok, so what? What this equa­tion says is: the Sever­i­ty (Se) of any giv­en injury (I), is the prod­uct of the spe­cif­ic type of injury and the prob­a­bil­i­ty of that injury. More sim­ply yet, you could say that you should be con­sid­er­ing the most like­ly type of injury that you think will occur when a per­son inter­acts with the haz­ard. Con­sid­er this exam­ple: A work­er enters a robot­ic work cell to change the weld tips on the weld­ing gun the robot uses. This task has to be done about once every two days. The entry gate is inter­locked, and the robot was locked out before entry. The floor of the work cell has wire­ways, con­duits and pip­ing run­ning across it from the edges of the cell to the var­i­ous pieces of equip­ment inside the cell, cre­at­ing uneven foot­ing and lots of slip and trip haz­ards. The work­er miss­es his foot­ing and falls. What can you expect for Se in this case?

We know that falls on the same lev­el can lead to fatal­i­ties, about 600/year in the USA [2], but that these are most­ly in the con­struc­tion and min­ing sec­tors rather than gen­er­al man­u­fac­tur­ing. We also know that bro­ken bones are more like­ly than fatal­i­ties in falls to the same lev­el. About a mil­lion slips and falls per year result in an emer­gency room vis­it, and of these, about 5%, or 50,000, result in frac­tures. Ok, so what do we do with this infor­ma­tion? Let’s look at typ­i­cal sever­i­ty scale, this one tak­en from IEC 62061 [3].

Table 1 – Sever­i­ty (Se) clas­si­fi­ca­tion [2, Table A.1]

Con­se­quences Sever­i­ty (Se)
Irre­versible: death, los­ing an eye or arm 4
Irre­versible: bro­ken limb(s), los­ing a finger(s) 3
Reversible: requir­ing atten­tion from a med­ical prac­ti­tion­er 2
Reversible: requir­ing first aid 1

Using Table 1, we might come up with the fol­low­ing list of pos­si­ble sever­i­ties of injury. This list is not exhaus­tive, so feel free to add more.

Table 2 — Poten­tial Injury Sever­i­ties

Pos­si­ble Injury Sever­i­ty (Se)
Fall on same lev­el — Fatal­i­ty 4
Fall on same lev­el — Bro­ken wrist 3
Fall on same lev­el — Bro­ken col­lar­bone 3
Fall on same lev­el — Torn rota­tor cuff 2
Fall on same lev­el — Bruis­es 1
Fall on same lev­el — Head Injury 3
Fall on same lev­el — Head Injury 4

How do we score this using a typ­i­cal scor­ing tool? We could add each of these as line items in the risk reg­is­ter, and then assess the prob­a­bil­i­ty of each, but that will tend to cre­ate huge risk reg­is­ters with many line items at very low risks. In prac­tice, we decide on what we think is the most like­ly degree of injury BEFORE we score the risk. This results in a sin­gle line item for the haz­ard, rather than sev­en as would be the case if we scored each of these poten­tial injuries indi­vid­u­al­ly.

We need a prob­a­bil­i­ty scale to use in assess­ing the like­li­hood of injuries. At the moment, no pub­lished scor­ing tool that I know of has a scale for this, so let’s do the sim­ple thing: Prob­a­bil­i­ty (Ps) will be scored from 0–100%, with 100% being a cer­tain­ty.

Going back to the sec­ond equa­tion, what we are real­ly doing is assign­ing a prob­a­bil­i­ty to each of the sever­i­ties that we think exist, some­thing like this:

Table 3 — Poten­tial Injuries and their Prob­a­bil­i­ties

Pos­si­ble Injury (I) Sever­i­ty (Se) Prob­a­bil­i­ty (Ps)
Fall on same lev­el — Fatal­i­ty 4  0.0075%
Fall on same lev­el — Bro­ken wrist 3  5%
Fall on same lev­el — Bro­ken col­lar­bone 3  5%
Fall on same lev­el — Torn rota­tor cuff 2  5%
Fall on same lev­el — Bruis­es 1  90%
Fall on same lev­el — Head Injury 3 1%
Fall on same lev­el — Head Injury 4   0.0075%
Fall on same lev­el — Lac­er­a­tions to hands 2 90%

The per­cent­ages for fatal­i­ties and frac­tures we tak­en rough­ly from [1]. Ok, so we can look at a table like this and say that cuts and bruis­es are the most like­ly types of injury in this case. We can either decide to group them for the over­all risk score, or we can score each indi­vid­u­al­ly, result­ing in adding two sep­a­rate line items to the risk reg­is­ter. I’m going to use the oth­er para­me­ters from [2] for this exam­ple, and devel­op an exam­ple risk reg­is­ter, Table 4. In Table 4,

Se = Sever­i­ty

Pr = Prob­a­bil­i­ty of the Haz­ardous Event

Fr = Fre­quen­cy and Dura­tion of Expo­sure

Av = Pos­si­bil­i­ty to Avoid or Lim­it Harm

The algo­rithm I am using to eval­u­ate the risk is R = Se x [Pr x (Fr + Av)] [1]. Note that where I have com­bined the two poten­tial injuries into one line item (Item 1 in the reg­is­ter), I have select­ed the high­est sever­i­ty of the com­bined injuries. The less like­ly sever­i­ties, and in par­tic­u­lar the fatal­i­ties, have been ignored. You can click on  Table 4 to see a larg­er, more read­able ver­sion.

Table 4 - Example Risk Register
Table 4 — Exam­ple Risk Reg­is­ter

Note that I did not reduce the Se scores in the Final Risk Score, because I have not made changes to the slip/trip and fall haz­ards, only to the like­li­hood of the injury occur­ring. In all cas­es, we can show a sig­nif­i­cant risk reduc­tion after mit­i­ga­tion. I’m not going to get into risk eval­u­a­tion (i.e., Is the risk effec­tive­ly con­trolled?) in this par­tic­u­lar arti­cle, but the fact that you can show a sig­nif­i­cant risk reduc­tion is impor­tant. There are lots of con­sid­er­a­tions in deter­min­ing if the risk has been effec­tive­ly con­trolled.


Con­sid­er­a­tion of the prob­a­bil­i­ty of cer­tain kinds of injuries occur­ring must be con­sid­ered when esti­mat­ing risk. This process is large­ly undoc­u­ment­ed but nev­er­the­less occurs. When risk ana­lysts are con­sid­er­ing the sever­i­ty of injury from any giv­en haz­ard, this arti­cle gives the read­er one pos­si­ble approach than could be used to select the types of injuries most like­ly to occur before scor­ing the rest of the risk para­me­ters.


[1] D. Nix, ‘Eval­u­a­tion of Prob­lems and Chal­lenges in CSA Z434-14 Annex DVA Task-Based Risk Assess­ment Method­ol­o­gy’, 2015.

[2] Nation­al Floor Safe­ty Insti­tute (NFSI), ‘Quick Facts — Slips, Trips, and Falls’, 2015. [Online]. Avail­able: [Accessed: 21- Jul- 2015].

[3] ‘Safe­ty of machin­ery – Func­tion­al safe­ty of safe­ty-relat­ed elec­tri­cal, elec­tron­ic and pro­gram­ma­ble elec­tron­ic con­trol sys­tems. IEC 62061.’, Inter­na­tion­al Elec­trotech­ni­cal Com­mis­sion (IEC), Gene­va, 2005.


Digiprove sealCopy­right secured by Digiprove © 2015
Acknowl­edge­ments: Inter­na­tion­al Elec­trotech­ni­cal Com­mis more…
Some Rights Reserved