Understanding the Hierarchy of Controls

Effectiveness of the Hierarchy of Controls
This entry is part 2 of 3 in the series Hier­ar­chy of Con­trols

Risk assess­ment is the first step in reduc­ing the risk that your cus­tomers and users are exposed to when they use your prod­ucts. The sec­ond step is Risk Reduc­tion, some­times called Risk Con­trol or Risk Mit­i­ga­tion. This arti­cle looks at the ways that risk can be con­trolled using the Hier­ar­chy of Con­trols. Fig­ure 2 from ISO 12100–1 (shown below) illus­trates this point.

The sys­tem is called a hier­ar­chy because you must apply each lev­el in the order that they fall in the list. In terms of effec­tive­ness at reduc­ing risk, the first lev­el in the hier­ar­chy, elim­i­na­tion, is the most effec­tive, down to the last, PPE*, which has the least effec­tive­ness.

It’s impor­tant to under­stand that ques­tions must be asked after each step in the hier­ar­chy is imple­ment­ed, and that is “Is the risk reduced as much as pos­si­ble? Is the resid­ual risk a) in com­pli­ance with legal require­ments, and b) accept­able to the user or work­er?”. When you can answer ‘YES’ to all of these ques­tions, the last step is to ensure that you have warned the user of the resid­ual risks, have iden­ti­fied the required train­ing need­ed and final­ly have made rec­om­men­da­tions for any need­ed PPE.

*PPE — Per­son­al Pro­tec­tive Equip­ment. e.g. Pro­tec­tive eye wear, safe­ty boots, bump caps, hard hats, cloth­ing, gloves, res­pi­ra­tors, etc. CSA Z1002 includes ‘…any­thing designed to be worn, held, or car­ried by an indi­vid­ual for pro­tec­tion against one or more haz­ards.’  in this def­i­n­i­tion.

Risk Reduction from the Designer's Viewpoint
ISO 12100:2010 — Fig­ure 2


Introducing the Hierarchy of Controls

The Hier­ar­chy of Con­trols was devel­oped in a num­ber of dif­fer­ent stan­dards over the last 20 years or so. The idea was to pro­vide a com­mon struc­ture that would pro­vide guid­ance to design­ers when con­trol­ling risk.

Typ­i­cal­ly, the first three lev­els of the hier­ar­chy may be con­sid­ered to be ‘engi­neer­ing con­trols’ because they are part of the design process for a prod­uct. This does not mean that they must be done by engi­neers!

We’ll look at each lev­el in the hier­ar­chy in detail. First, let’s take a look at what is includ­ed in the Hier­ar­chy.

The Hier­ar­chy of Con­trols includes:

1)    Haz­ard Elim­i­na­tion or Sub­sti­tu­tion (Design)
2)    Engi­neer­ing Con­trols (see [1, 2, 8, 9, 10, and 11])

a)    Bar­ri­ers

b)    Guards (Fixed, Mov­able w/interlocks)

c)    Safe­guard­ing Devices

d)    Com­ple­men­tary Pro­tec­tive Mea­sures

3)    Infor­ma­tion for Use (see [1, 2, 4, 7, 8, 12, and 13])

a)    Haz­ard Warn­ings

b)    Man­u­als

c)    HMI* & Aware­ness Devices (lights, horns)

4)    Admin­is­tra­tive Con­trols (see [1, 2, 4, 5, 7, and 8])

a)    Train­ing

b)    SOP’s,

c)    Haz­ardous Ener­gy Con­trol Pro­ce­dures (see [5, 14])

d)    Autho­riza­tion

5)    Per­son­al Pro­tec­tive Equip­ment

a)    Spec­i­fi­ca­tion

b)    Fit­ting

c)    Train­ing in use

d)    Main­te­nance

*HMI — Human-Machine Inter­face. Also called the ‘con­sole’ or ‘oper­a­tor sta­tion’. The loca­tion on the machine where the oper­a­tor con­trols are locat­ed. Often includes a pro­gram­ma­ble screen or oper­a­tor dis­play, but can be a sim­ple array of but­tons, switch­es and indi­ca­tor lights.

The man­u­fac­tur­er, devel­op­er or inte­gra­tor of the sys­tem should pro­vide the first three lev­els of the hier­ar­chy. Where they have not been pro­vid­ed, the work­place or user should pro­vide them.

The last two lev­els must be pro­vid­ed by the work­place or user.


Each lay­er in the hier­ar­chy has a lev­el of effec­tive­ness that is relat­ed to the fail­ure modes asso­ci­at­ed with the con­trol mea­sures and the rel­a­tive effec­tive­ness in reduc­ing risk in that lay­er. As you go down the hier­ar­chy, the reli­a­bil­i­ty and effec­tive­ness decrease as shown below.

Effectiveness of the Hierarchy of ControlsThere is no way to mea­sure or specif­i­cal­ly quan­ti­fy the reli­a­bil­i­ty or effec­tive­ness of each lay­er of the hier­ar­chy — that must wait until you make some selec­tions from each lev­el, and even then it can be very hard to do. The impor­tant thing to under­stand is that Elim­i­na­tion is more effec­tive than Guard­ing (engi­neer­ing con­trols), which is more effec­tive than Aware­ness Means, etc.

1. Hazard Elimination or Substitution

Hazard Elimination

Haz­ard elim­i­na­tion is the most effec­tive means of reduc­ing risk from a par­tic­u­lar haz­ard, for the sim­ple rea­son that once the haz­ard has been elim­i­nat­ed there is no remain­ing risk. Remem­ber that risk is a func­tion of sever­i­ty and prob­a­bil­i­ty. Since both sever­i­ty and prob­a­bil­i­ty are affect­ed by the exis­tence of the haz­ard, elim­i­nat­ing the haz­ard reduces the risk from that par­tic­u­lar haz­ard to zero. Some prac­ti­tion­ers con­sid­er this to mean the elim­i­na­tion is 100% effec­tive, how­ev­er it’s my opin­ion that this is not the case because even elim­i­na­tion has fail­ure modes that can re-intro­duce the haz­ard.

Failure Modes:

Haz­ard elim­i­na­tion can fail if the haz­ard is rein­tro­duced into the design. With machin­ery this isn’t that like­ly to occur, but in process­es, ser­vices and work­places it can occur.


Sub­sti­tu­tion requires the design­er to sub­sti­tute a less haz­ardous mate­r­i­al or process for the orig­i­nal mate­r­i­al or process. For exam­ple, beryl­li­um is a high­ly tox­ic met­al that is used in some high tech appli­ca­tions. Inhala­tion or skin con­tact with beryl­li­um dust can do seri­ous harm to a per­son very quick­ly, caus­ing acute beryl­li­um dis­ease. Long term expo­sure can cause chron­ic beryl­li­um dis­ease. Sub­sti­tut­ing a less tox­ic mate­r­i­al with sim­i­lar prop­er­ties in place of the beryl­li­um in the process  could reduce or elim­i­nate the pos­si­bil­i­ty of beryl­li­um dis­ease, depend­ing on the exact con­tent of the sub­sti­tute mate­r­i­al. If the sub­sti­tute mate­r­i­al includes any amount of beryl­li­um, then the risk is only reduced. If it con­tains no beryl­li­um, the risk is elim­i­nat­ed. Note that the risk can also be reduced by ensur­ing that the beryl­li­um dust is not cre­at­ed by the process, since beryl­li­um is not tox­ic unless ingest­ed.

Alter­na­tive­ly, using process­es to han­dle the beryl­li­um with­out cre­at­ing dust or par­ti­cles could reduce the expo­sure to the mate­r­i­al in forms that are like­ly to cause beryl­li­um dis­ease. An exam­ple of this could be sub­sti­tu­tion of water-jet cut­ting instead of mechan­i­cal saw­ing of the mate­r­i­al.

Failure Modes:

Rein­tro­duc­tion of the sub­sti­tut­ed mate­r­i­al into a process is the pri­ma­ry fail­ure mode, how­ev­er there may be oth­ers that are spe­cif­ic to the haz­ard and the cir­cum­stances. In the above exam­ple, pre- and post-cut­ting han­dling of the mate­r­i­al could still cre­ate dust or small par­ti­cles, result­ing in expo­sure to beryl­li­um. A sub­sti­tut­ed mate­r­i­al might intro­duce oth­er, new haz­ards, or might cre­ate fail­ure modes in the final prod­uct that would result in risks to the end user. Care­ful con­sid­er­a­tion is required!

If nei­ther elim­i­na­tion or sub­sti­tu­tion is pos­si­ble, we move to the next lev­el in the hier­ar­chy.

2. Engineering Controls

Engi­neer­ing con­trols typ­i­cal­ly include var­i­ous types of mechan­i­cal guards [16, 17, & 18], inter­lock­ing sys­tems [9, 10, 11, & 15], and safe­guard­ing devices like light cur­tains or fences, area scan­ners, safe­ty mats and two-hand con­trols [19]. These sys­tems are proac­tive in nature, act­ing auto­mat­i­cal­ly to pre­vent access to a haz­ard and there­fore pre­vent­ing injury. These sys­tems are designed to act before a per­son can reach the dan­ger zone and be exposed to the haz­ard.

Control reliability

Bar­ri­er guards and fixed guards are not eval­u­at­ed for reli­a­bil­i­ty because they do not rely on a con­trol sys­tem for their effec­tive­ness. As long as they are placed cor­rect­ly in the first place, and are oth­er­wise prop­er­ly designed to con­tain the haz­ards they are pro­tect­ing, then noth­ing more is required. On the oth­er hand, safe­guard­ing devices, like inter­locked guards, light fences, light cur­tains, area scan­ners, safe­ty mats, two-hand con­trols and safe­ty edges, all rely on a con­trol sys­tem for their effec­tive­ness. Cor­rect appli­ca­tion of these devices requires cor­rect place­ment based on the stop­ping per­for­mance of the haz­ard and cor­rect inte­gra­tion of the safe­ty device into the safe­ty relat­ed parts of the con­trol sys­tem [19]. The degree of reli­a­bil­i­ty is based on the amount of risk reduc­tion that is being required of the safe­guard­ing device and the degree of risk present in the unguard­ed state [9, 10].

There are many detailed tech­ni­cal require­ments for engi­neer­ing con­trols that I can’t get into in this arti­cle, but you can learn more by check­ing out the ref­er­ences at the end of this arti­cle and oth­er arti­cles on this blog.

Failure Modes

Fail­ure modes for engi­neer­ing con­trols are as many and as var­ied as the devices used and the meth­ods of inte­gra­tion cho­sen. This dis­cus­sion will have to wait for anoth­er arti­cle!

Awareness Devices

Of spe­cial note are ‘aware­ness devices’. This group includes warn­ing lights, horns, buzzers, bells, etc. These devices have some aspects that are sim­i­lar to engi­neer­ing con­trols, in that they are usu­al­ly part of the machine con­trol sys­tem, but they are also some­times classed as ‘infor­ma­tion for use’, par­tic­u­lar­ly when you con­sid­er indi­ca­tor or warn­ing lights and HMI screens. In addi­tion to these ‘active’ types of devices, aware­ness devices may also include lines paint­ed or taped on the floor or on the edge of a step or ele­va­tion change, warn­ing chains, sig­nage, etc. Sig­nage may also be includ­ed in the class of ‘infor­ma­tion for use’, along with HMI screens.

Failure Modes

Fail­ure modes for Aware­ness Devices include:

  • Ignor­ing the warn­ings (Com­pla­cen­cy or Fail­ure to com­pre­hend the mean­ing of the warn­ing);
  • Fail­ure to main­tain the device (warn­ing lights burned out or removed);
  • Defeat of the device (silenc­ing an audi­ble warn­ing device);
  • Inap­pro­pri­ate selec­tion of the device (invis­i­ble or inaudi­ble in the pre­dom­i­nat­ing con­di­tions).

Complementary Protective Measures

Com­ple­men­tary Pro­tec­tive mea­sures are a class of con­trols that are sep­a­rate from the var­i­ous types of safe­guard­ing because they gen­er­al­ly can­not pre­vent injury, but may reduce the sever­i­ty of injury or the prob­a­bil­i­ty of the injury occur­ring. Com­ple­men­tary pro­tec­tive mea­sures are reac­tive in nature, mean­ing that they are not auto­mat­ic. They must be man­u­al­ly acti­vat­ed by a user before any­thing will occur, e.g. press­ing an emer­gency stop but­ton. They can only com­ple­ment the pro­tec­tion pro­vid­ed by the auto­mat­ic sys­tems.

A good exam­ple of this is the Emer­gency Stop sys­tem that is designed into many machines. On its own, the emer­gency stop sys­tem will do noth­ing to pre­vent an injury. The sys­tem must be acti­vat­ed man­u­al­ly by press­ing a but­ton or pulling a cable. This relies on some­one detect­ing a prob­lem and real­iz­ing that the machine needs to be stopped to avoid or reduce the sever­i­ty of an injury that is about to occur or is occur­ring. Emer­gency stop can only ever be a back-up mea­sure to the auto­mat­ic inter­locks and safe­guard­ing devices used on the machine. In many cas­es, the next step in emer­gency response after press­ing the emer­gency stop is to call 911.

Failure Modes:

The fail­ure modes for these kinds of con­trols are too numer­ous to list here, how­ev­er they range from sim­ple fail­ure to replace a fixed guard or bar­ri­er fence, to fail­ure of elec­tri­cal, pneu­mat­ic or hydraulic con­trols. These fail­ure modes are enough of a con­cern that a new field of safe­ty engi­neer­ing called ‘Func­tion­al Safe­ty Engi­neer­ing’ has grown up around the need to be able to ana­lyze the prob­a­bil­i­ty of fail­ure of these sys­tems and to use addi­tion­al design ele­ments to reduce the prob­a­bil­i­ty of fail­ure to a lev­el we can tol­er­ate. For more on this, see [9, 10, 11].

Once you have exhaust­ed all the pos­si­bil­i­ties in Engi­neer­ing Con­trols, you can move to the next lev­el down in the hier­ar­chy.

3. Information for Use

This is a very broad top­ic, includ­ing man­u­als, instruc­tion sheets, infor­ma­tion labels on the prod­uct, haz­ard warn­ing signs and labels, HMI screens, indi­ca­tor and warn­ing lights, train­ing mate­ri­als, video, pho­tographs, draw­ings, bills of mate­ri­als, etc. There are some excel­lent stan­dards now avail­able that can guide you in devel­op­ing these mate­ri­als [1, 12 and 13].

Failure Modes:

The major fail­ure modes in this lev­el include:

  • Poor­ly writ­ten or incom­plete mate­ri­als;
  • Pro­vi­sion of the mate­ri­als in a lan­guage that is not under­stood by the user;
  • Fail­ure by the user to read and under­stand the mate­ri­als;
  • Inabil­i­ty to access the mate­ri­als when need­ed;
  • Etcetera.

When all pos­si­bil­i­ties for inform­ing the user have been cov­ered, you can move to the next lev­el down in the hier­ar­chy. Note that this is the usu­al sep­a­ra­tion point between the man­u­fac­tur­er and the user of a prod­uct. This is nice­ly illus­trat­ed in Fig 2 from ISO 12100 above. It is impor­tant to under­stand at this point that the resid­ual risk posed by the prod­uct to the user may not yet be tol­er­a­ble. The user is respon­si­ble for imple­ment­ing the next two lev­els in the hier­ar­chy in most cas­es. The man­u­fac­tur­er can make rec­om­men­da­tions that the user may want to fol­low, but typ­i­cal­ly that is the extent of influ­ence that the man­u­fac­tur­er will have on the user.

4. Administrative Controls

This lev­el in the hier­ar­chy includes:

  • Train­ing;
  • Stan­dard Oper­at­ing Pro­ce­dures (SOP’s);
  • Safe work­ing pro­ce­dures e.g. Haz­ardous Ener­gy Con­trol, Lock­out, Tagout (where per­mit­ted by law), etc.;
  • Autho­riza­tion; and
  • Super­vi­sion.

Train­ing is the method used to get the infor­ma­tion pro­vid­ed by the man­u­fac­tur­er to the work­er or end user. This can be pro­vid­ed by the man­u­fac­tur­er, by a third par­ty, or self-taught by the user or work­er.
SOP’s can include any kind of pro­ce­dure insti­tut­ed by the work­place to reduce risk. For exam­ple, requir­ing work­ers who dri­ve vehi­cles to do a walk-around inspec­tion of the vehi­cle before use, and log­ging of any prob­lems found dur­ing the inspec­tion is an exam­ple of an SOP to reduce risk while dri­ving.
Safe work­ing pro­ce­dures can be strong­ly influ­enced by the man­u­fac­tur­er through the infor­ma­tion for use pro­vid­ed. Main­te­nance pro­ce­dures for haz­ardous tasks pro­vid­ed in the main­te­nance man­u­al are an exam­ple of this.
Autho­riza­tion is the pro­ce­dure that an employ­er uses to autho­rize a work­er to car­ry out a par­tic­u­lar task. For exam­ple, an employ­er might put a pol­i­cy in place that only per­mits licensed elec­tri­cians to access elec­tri­cal enclo­sures and car­ry out work with the enclo­sure live. The employ­er might require that work­ers who may need to use lad­ders in their work take a lad­der safe­ty and a fall pro­tec­tion train­ing course. Once the pre­req­ui­sites for autho­riza­tion are com­plet­ed, the work­er is ‘autho­rized’ by the employ­er to car­ry out the task.
Super­vi­sion is one of the most crit­i­cal of the Admin­is­tra­tive Con­trols. Sound super­vi­sion can make all of the above work. Fail­ure to prop­er­ly super­vise work can cause all of these mea­sures to fail.

Failure Modes

Admin­is­tra­tive con­trols have many fail­ure modes. Here are some of the most com­mon:

  • Fail­ure to train;
  • Fail­ure to inform work­ers regard­ing the haz­ards present and the relat­ed risks;
  • Fail­ure to cre­ate and imple­ment SOP’s;
  • Fail­ure to pro­vide and main­tain spe­cial equip­ment need­ed to imple­ment SOP’s;
  • No for­mal means of autho­riza­tion — i.e. How do you KNOW that Joe has his lift truck license?;
  • Fail­ure to super­vise ade­quate­ly.

I’m sure you can think of MANY oth­er ways that Admin­is­tra­tive Con­trols can go wrong!

5. Personal Protective Equipment (PPE)

PPE includes every­thing from safe­ty glass­es, to hard­hats and bump caps, to fire-retar­dant cloth­ing, hear­ing defend­ers, and work boots. Some stan­dards even include warn­ing devices that are worn by the user, such as gas detec­tors and per­son-down detec­tors, in this group.
PPE is prob­a­bly the sin­gle most over-used and least under­stood risk con­trol mea­sure. It falls at the bot­tom of the hier­ar­chy for a num­ber of rea­sons:

  1. It is a mea­sure of last resort;
  2. It per­mits the haz­ard to come as close to the per­son as their cloth­ing;
  3. It is often incor­rect­ly spec­i­fied;
  4. It is often poor­ly fit­ted;
  5. It is often poor­ly main­tained; and
  6. It is often improp­er­ly used.

The prob­lems with PPE are hard to deal with. You can­not glue or screw a set of safe­ty glass­es to a person’s face, so ensur­ing the the pro­tec­tive equip­ment is used is a big prob­lem that goes back to super­vi­sion.

Many small and medi­um sized enter­pris­es do not have the exper­tise in the orga­ni­za­tion to prop­er­ly spec­i­fy, fit and main­tain the equip­ment.

User com­fort is extreme­ly impor­tant. Uncom­fort­able equip­ment won’t be used for long.

Final­ly, by the time that prop­er­ly spec­i­fied, fit­ted and used equip­ment can do it’s job, the haz­ard is as close to the per­son as it can get. The prob­a­bil­i­ty of fail­ure at this point is very high, which is what makes PPE a mea­sure of last resort, com­ple­men­tary to the more effec­tive mea­sures that can be pro­vid­ed in the first three lev­els of the hier­ar­chy.

If work­ers are not prop­er­ly trained and ade­quate­ly informed about the haz­ards they face and the rea­sons behind the use of PPE, they are deprived of the oppor­tu­ni­ty to make safe choic­es, even if that choice is to refuse the work.

Failure Modes

Fail­ure modes for PPE include:

  • Incor­rect spec­i­fi­ca­tion (not suit­able for the haz­ard);
  • Incor­rect fit (allows haz­ard to bypass PPE);
  • Poor main­te­nance (pre­vents or restricts vision or move­ment, increas­ing the risk; caus­es PPE fail­ure under stress or allows haz­ard to bypass PPE);
  • Incor­rect usage (fail­ure to train and inform users, incor­rect selec­tion or spec­i­fi­ca­tion of PPE).

Time to Apply the Hierarchy

So now you know some­thing about the ‘hier­ar­chy of con­trols’. Each lay­er has its own intri­ca­cies and nuances that can only be learned by train­ing and expe­ri­ence. With a doc­u­ment­ed risk assess­ment in hand, you can begin to apply the hier­ar­chy to con­trol the risks. Don’t for­get to iter­ate the assess­ment post-con­trol to doc­u­ment the degree of risk reduc­tion achieved. You may cre­ate new haz­ards when con­trol mea­sures are applied, and you may need to add addi­tion­al con­trol mea­sures to achieve effec­tive risk reduc­tion.

The doc­u­ments ref­er­enced below should give you a good start in under­stand­ing some of these chal­lenges.


5% Dis­count on All Stan­dards with code: CC2011

NOTE: [1], [2], and[3]  were com­bined by ISO and repub­lished as ISO 12100:2010. This stan­dard has no tech­ni­cal changes from the pre­ced­ing stan­dards, but com­bines them in a sin­gle doc­u­ment. ISO/TR 14121–2 remains cur­rent and should be used with the cur­rent edi­tion of ISO 12100.

[1]             Safe­ty of machin­ery – Basic con­cepts, gen­er­al prin­ci­ples for design – Part 1: Basic ter­mi­nol­o­gy and method­ol­o­gy, ISO Stan­dard 12100–1, 2003.
[2]            Safe­ty of machin­ery – Basic con­cepts, gen­er­al prin­ci­ples for design – Basic ter­mi­nol­o­gy and method­ol­o­gy, Part 2: Tech­ni­cal prin­ci­ples, ISO Stan­dard 12100–2, 2003.
[3]            Safe­ty of Machin­ery – Risk Assess­ment – Part 1: Prin­ci­ples, ISO Stan­dard 14121–1, 2007.
[4]            Safe­ty of machin­ery — Pre­ven­tion of unex­pect­ed start-up, ISO 14118, 2000
[5]            Con­trol of haz­ardous ener­gy – Lock­out and oth­er meth­ods, CSA Z460, 2005
[6]            Flu­id pow­er sys­tems and com­po­nents – Graph­ic sym­bols and cir­cuit dia­grams – Part 1: Graph­ic sym­bols for con­ven­tion­al use and data-pro­cess­ing appli­ca­tions, ISO Stan­dard 1219–1, 2006
[7]            Pneu­mat­ic flu­id pow­er — Gen­er­al rules and safe­ty require­ments for sys­tems and their com­po­nents, ISO Stan­dard 4414, 1998
[8]            Amer­i­can Nation­al Stan­dard for Indus­tri­al Robots and Robot Sys­tems — Safe­ty Require­ments, ANSI/RIA R15.06, 1999.
[9]            Safe­ty of machin­ery — Safe­ty-relat­ed parts of con­trol sys­tems — Part 1: Gen­er­al prin­ci­ples for design, ISO Stan­dard 13849–1, 2006
[10]          Safe­ty of machin­ery – Func­tion­al safe­ty of safe­ty-relat­ed elec­tri­cal, elec­tron­ic and pro­gram­ma­ble elec­tron­ic con­trol sys­tems, IEC Stan­dard 62061, 2005
[11]           Func­tion­al safe­ty of electrical/electronic/programmable elec­tron­ic safe­ty-relat­ed sys­tems, IEC Stan­dard 61508-X, sev­en parts.
[12]          Prepa­ra­tion of Instruc­tions — Struc­tur­ing, Con­tent and Pre­sen­ta­tion, IEC Stan­dard 62079, 2001
[13]          Amer­i­can Nation­al Stan­dard For Prod­uct Safe­ty Infor­ma­tion in Prod­uct Man­u­als, Instruc­tions, and Oth­er Col­lat­er­al Mate­ri­als, ANSI Stan­dard Z535.6, 2010.
[14]          Con­trol of Haz­ardous Ener­gy Lockout/Tagout and Alter­na­tive Meth­ods, ANSI Stan­dard Z244.1, 2003.
[15]          Safe­ty of Machin­ery — Inter­lock­ing devices asso­ci­at­ed with guards — prin­ci­ples for design and selec­tion, EN 1088+A1:2008.
[16]          Safe­ty of Machin­ery — Guards — Gen­er­al require­ments for the design and con­struc­tion of fixed and mov­able guards, EN 953+A1:2009.
[17]          Safe­ty of machin­ery — Guards — Gen­er­al require­ments for the design and con­struc­tion of fixed and mov­able guards, ISO 14120.
[18]         Safe­ty of machin­ery — Safe­ty dis­tances to pre­vent haz­ard zones being reached by upper and low­er limbs, ISO 13857:2008.
[19]         Safe­ty of machin­ery — Posi­tion­ing of safe­guards with respect to the approach speeds of parts of the human body, ISO 13855:2010.

5% Dis­count on All Stan­dards with code: CC2011

Series Nav­i­ga­tionPPE”>Hock­ey Teams and Risk Reduc­tion or What Makes Rober­to Luon­go = PPEThe Third Lev­el of the Hier­ar­chy: Infor­ma­tion for Use

Author: Doug Nix

Doug Nix is Managing Director and Principal Consultant at Compliance InSight Consulting, Inc. (http://www.complianceinsight.ca) in Kitchener, Ontario, and is Lead Author and Senior Editor of the Machinery Safety 101 blog. Doug's work includes teaching machinery risk assessment techniques privately and through Conestoga College Institute of Technology and Advanced Learning in Kitchener, Ontario, as well as providing technical services and training programs to clients related to risk assessment, industrial machinery safety, safety-related control system integration and reliability, laser safety and regulatory conformity. For more see Doug's LinkedIn profile.