Machinery Safety 101

Five things most machine builders do incorrectly

The Top Five errors I see machine build­ers make on a depress­ingly reg­u­lar basis:

1) Poor or Absent Risk Assessment

Risk assess­ments are fun­da­ment­al to safe machine design and liab­il­ity lim­it­a­tion, and are required by law in the EU. They are a included in all of the mod­ern North Amer­ic­an machinery safety stand­ards as well.

Machine build­ers fre­quently have trouble with the risk assess­ment pro­cess, usu­ally because they fail to under­stand the pro­cess or because they fail to devote enough resources to get­ting it done.

If risk assess­ment is built into your design pro­cess, it becomes the norm for how you do busi­ness. Time and resources will auto­mat­ic­ally be devoted to the pro­cess, and since it’s part of how you do things it will become rel­at­ively pain­less. Where people go wrong is in mak­ing it a ‘big deal’ one-time event. Also get­ting it done early in the design pro­cess and iter­ated as the design pro­gresses means that you have time to react to the find­ings, and you can com­plete any neces­sary changes at more cost-effect­ive points in the design and build pro­cess. The worst time to do risk assess­ment is at the point where the machine is on the shop floor ready to start pro­duc­tion. Costs for modi­fic­a­tion are then expo­nen­tially high­er than dur­ing design and construction.

Poorly done, risk assess­ments become a liab­il­ity defense law­yer­’s worst night­mare and a plaintiff’s law­yer­’s dream. Short­chan­ging the risk assess­ment pro­cess ensures that you will lose, either now or later.

Fight this prob­lem by: learn­ing how to con­duct a risk assess­ment, using qual­ity risk assess­ment soft­ware tools, and build­ing risk assess­ment into your stand­ard design process/practice in your organization.

2) Failure to be Aware of Regulations & Use Design Standards

This one is a mys­tery to me.

Every mar­ket has product safety legis­la­tion, sup­por­ted by reg­u­la­tions. Gran­ted, the scope and qual­ity of these reg­u­la­tions var­ies widely, but if you want to sell a product in a mar­ket, it does­n’t take a lot of effort to find out what reg­u­la­tions may apply.

Design stand­ards have been in exist­ence for a long time. Most pur­chase orders, at least for cus­tom machinery, con­tain lists of stand­ards that the equip­ment is required to meet at Fact­ory Accept­ance Test­ing (FAT).

Why machine build­ers fail to grasp that using these stand­ards can actu­ally give them a com­pet­it­ive edge, as well as help­ing them to meet reg­u­lat­ory require­ments, I don’t know. If you do, please either com­ment on this story or send me an email. I’d love to hear your thoughts on this!

Fight this prob­lem by: Doing some research. Under­stand the mar­ket envir­on­ment in which you sell your products. If you aren’t sure how to do this, use a con­sult­ant to assist you. Buy the stand­ards, espe­cially if your cli­ent calls them out in their spe­cific­a­tions. Read and apply them to your designs.

One great resource for inform­a­tion on reg­u­lat­ory envir­on­ments and stand­ards applic­a­tions is the IEEE Product Safety Engin­eer­ing Soci­ety and the EMC-PSTC List­serv that they maintain.

3) Fixed Guard Design

Fixed guard­ing design is driv­en by at least two factors, a) pre­vent­ing people from access­ing haz­ards, and b) allow­ing raw mater­i­als and products into and out of the machinery.

Design­ers fre­quently go wrong by select­ing a fixed guard where a mov­able guard is neces­sary to per­mit fre­quent access (say more than once per shift). This is some­times done in an effort to avoid hav­ing to add inter­locks to the con­trol sys­tems. Fre­quently the guard will be removed and replaced a couple of times, and then the screws will be left off, and even­tu­ally the guard itself will be left off, leav­ing the user with an unguarded hazard.

The oth­er com­mon fault with fixed guards relates to the second factor I men­tioned – get­ting raw mater­i­als and products in an out of the machine. There are lim­its on the size of open­ings that can be left in guards, depend­ent on the dis­tance from the open­ing to the haz­ards behind the guard and the size of the open­ing itself. Often the only factor con­sidered is the size of the item that needs to enter or exit the machinery.

Both of these faults often occur because the guard­ing is not designed, but is allowed to hap­pen dur­ing machine build. The size and shape of the guards is then often driv­en by con­veni­ence in fab­ric­a­tion rather than by thought­ful design and applic­a­tion of the min­im­um code requirements.

Fight this prob­lem by: Design­ing the guards on your product rather than allow­ing them to hap­pen, based on the out­come of the risk assess­ment and the lim­its defined in the stand­ards. Tables for guard open­ings and safety dis­tances are avail­able in North Amer­ic­an, EU and Inter­na­tion­al standards.

4) Movable Guard Interlocking

Mov­able guards them­selves are usu­ally reas­on­ably well done. Note that I am not talk­ing about self adjust­ing guards like those found on a table saw for instance. I am talk­ing about guard doors, gates, and covers.

The prob­lem usu­ally comes with the design of the inter­lock that is required to go with the mov­able guard. The first part of the prob­lem goes back to my #1 mis­take: Risk Assess­ment. No risk assess­ment means that you can­not reas­on­ably hope to get the reli­ab­il­ity require­ments right for the inter­lock­ing sys­tem. Next, there are small but sig­ni­fic­ant dif­fer­ences in how the Cana­dian, US, EU and Inter­na­tion­al stand­ards handle con­trol reli­ab­il­ity, and the biggest dif­fer­ences occur in the high­er reli­ab­il­ity classifications.

In the USA, the stand­ards speak of con­trol reli­able cir­cuits (see ANSI RIA R15.06 – 1999, 4.5.5). This require­ment is writ­ten in such a way that a single inter­lock­ing device, installed with dual chan­nel elec­tric­al cir­cuits and suit­ably selec­ted com­pon­ents will meet the require­ments. No single ELECTRICAL com­pon­ent fail­ure will lead to the loss of the safety func­tion, but a single mech­an­ic­al fault could.

In Canada, the machinery and robot­ics stand­ards speak of con­trol reli­able sys­tems (see CSA Z432, 8.2.5), not cir­cuits as in the US stand­ards. This require­ment is writ­ten in such a way that TWO elec­tromech­an­ic­al inter­lock­ing devices are required, one in each elec­tric­al chan­nel of the inter­lock­ing sys­tem. This per­mits the sys­tem to detect mech­an­ic­al fail­ures such as broken or miss­ing keys, and if dif­fer­ent types of inter­lock­ing devices are chosen, may also per­mit detec­tion of efforts to bypass the inter­lock. Most single mech­an­ic­al faults and elec­tric­al faults will be detected.

In the EU and Inter­na­tion­ally, con­trol reli­ab­il­ity is much more highly developed. Here, the applic­a­tion of ISO 13849, IEC 62061 or IEC 61508 have taken con­trol reli­ab­il­ity to high­er levels than any­thing seen to date in North Amer­ica. Under these stand­ards, the required Per­form­ance Level (PLr) or Safety Integ­rity Level (SIL) must be known. This is based on the out­come of, you guessed it, the Risk Assess­ment. No risk assess­ment, or a poor risk assess­ment, dooms the design­er to likely fail­ure. Sig­ni­fic­ant skill is required to handle the ana­lys­is and design of safety related parts of con­trol sys­tems under these standards.

Fight this prob­lem by: Get­ting the train­ing you need to prop­erly apply these stand­ards and then using them in your designs.

5) Safety Distances

Safety dis­tances crop up any­where you don’t have a phys­ic­al bar­ri­er keep­ing the user away from the haz­ard. Wheth­er its an open­ing in a fixed guard, a mov­able guard like a guard door or gate, or a pres­ence-sens­ing safe­guard­ing device like a light cur­tain, safety dis­tances have to be con­sidered in the machine design. The easi­er it is for the user to come in con­tact with the haz­ard, the more safety dis­tance matters.

Stop­ping per­form­ance of the machinery must be tested to val­id­ate the safety dis­tances used. Fail­ure to get the safety dis­tance right means that your guards will give your users a false sense of secur­ity, and will expose them to injury. This will also expose your com­pany to sig­ni­fic­ant liab­il­ity when someone gets hurt, because they will. Its only a mat­ter of time.

Fight this prob­lem by: Test­ing safe­guard­ing devices.

6) Validation

OK, so this list should really be SIX things. Just con­sider this to be a bonus for read­ing this far!

Designs, and par­tic­u­larly safety crit­ic­al designs, must be tested. Let me say it again:

Safety Crit­ic­al Designs MUST Be Tested.

Whatever the­ory you are work­ing under, wheth­er it’s North Amer­ic­an, European, Inter­na­tion­al or some­thing else, you can­not afford miss­ing the val­id­a­tion step. Without val­id­a­tion you have no evid­ence that your sys­tem worked at all, let alone if it worked correctly.

Fight this prob­lem by: TESTING YOUR DESIGNS.

A wise man once said: “If you think safety is expens­ive, try hav­ing an acci­dent.” The gen­tle­man was involved in invest­ig­at­ing the crash of a Sikor­sky S‑92 heli­copter off the coast of New­found­land. 17 people died as a res­ult of the fail­ure of two titani­um studs that held an oil fil­ter onto the main gear­box, and the fact that the heli­copter failed the ‘1/2‑hour gear­box run-dry test’ that is required for all new heli­copter designs. This was a clear case of fail­ure in the risk assess­ment pro­cess com­plic­ated by fail­ure in the test process.

10 thoughts on “Five things most machine builders do incorrectly

  1. Very use­ful and every­body fol­low this mes­sage about safety..its very nice sharing

  2. I just learned of a book called “Law­suit! Redu­cing the Risk of Product Liab­il­ity for Man­u­fac­tur­ers” by Ran­dall L. Good­den and pub­lished by John Wiley & Sons Inc. in 2009.

    This book high­lights some of the same key issues I dis­cuss in my art­icle. Quot­ing from the book review in Industry Week, 

    Import­ant to that pro­cess are design reviews. In Chapters 4 and 5 Good­den provides recom­mend­a­tions on the object­ives of the design reviews as well as the makeup of the design review team. Import­antly, he sug­gests the cre­ation of two teams – one focused on man­u­fac­tur­ab­il­ity and product reli­ab­il­ity and anoth­er ded­ic­ated to haz­ards ana­lys­is and risk assessment.

    Oth­er product devel­op­ment-related recom­mend­a­tions include:

    * Make sure design reviews are well doc­u­mented “for intern­al ref­er­ence, as well as to prove such respons­ible efforts really took place.”

    * Don’t assume a fail­ure mode and effects ana­lys­is sat­is­fies a product safety and liab­il­ity objective.

    * Fully test products to prove out the design.

    Sound famil­i­ar?

    I have not read this book myself, but if you are inter­ested in product safety and liab­il­ity it should be worth a read. Mr. Good­den is Pres­id­ent of the Inter­na­tion­al Product Safety & Liab­il­ity Pre­ven­tion Asso­ci­ation in the USA

    Read the whole review.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.