Five things most machine builders do incorrectly

Five things that most machine build­ers fail to do. With a Sixth Bonus fail­ure!

The Top Five errors I see machine build­ers make on a depress­ingly reg­u­lar basis:

1) Poor or Absent Risk Assessment

Risk assess­ments are fun­da­ment­al to safe machine design and liab­il­ity lim­it­a­tion, and are required by law in the EU. They are a included in all of the mod­ern North American machinery safety stand­ards as well.

Machine build­ers fre­quently have trouble with the risk assess­ment pro­cess, usu­ally because they fail to under­stand the pro­cess or because they fail to devote enough resources to get­ting it done.

If risk assess­ment is built into your design pro­cess, it becomes the norm for how you do busi­ness. Time and resources will auto­mat­ic­ally be devoted to the pro­cess, and since it’s part of how you do things it will become rel­at­ively pain­less. Where people go wrong is in mak­ing it a ‘big deal’ one-​time event. Also get­ting it done early in the design pro­cess and iter­ated as the design pro­gresses means that you have time to react to the find­ings, and you can com­plete any neces­sary changes at more cost-​effective points in the design and build pro­cess. The worst time to do risk assess­ment is at the point where the machine is on the shop floor ready to start pro­duc­tion. Costs for modi­fic­a­tion are then expo­nen­tially high­er than dur­ing design and con­struc­tion.

Poorly done, risk assess­ments become a liab­il­ity defense lawyer’s worst night­mare and a plaintiff’s lawyer’s dream. Shortchanging the risk assess­ment pro­cess ensures that you will lose, either now or later.

Fight this prob­lem by: learn­ing how to con­duct a risk assess­ment, using qual­ity risk assess­ment soft­ware tools, and build­ing risk assess­ment into your stand­ard design process/​practice in your organ­iz­a­tion.

2) Failure to be Aware of Regulations & Use Design Standards

This one is a mys­tery to me.

Every mar­ket has product safety legis­la­tion, sup­por­ted by reg­u­la­tions. Granted, the scope and qual­ity of these reg­u­la­tions var­ies widely, but if you want to sell a product in a mar­ket, it doesn’t take a lot of effort to find out what reg­u­la­tions may apply.

Design stand­ards have been in exist­ence for a long time. Most pur­chase orders, at least for cus­tom machinery, con­tain lists of stand­ards that the equip­ment is required to meet at Factory Acceptance Testing (FAT).

Why machine build­ers fail to grasp that using these stand­ards can actu­ally give them a com­pet­it­ive edge, as well as help­ing them to meet reg­u­lat­ory require­ments, I don’t know. If you do, please either com­ment on this story or send me an email. I’d love to hear your thoughts on this!

Fight this prob­lem by: Doing some research. Understand the mar­ket envir­on­ment in which you sell your products. If you aren’t sure how to do this, use a con­sult­ant to assist you. Buy the stand­ards, espe­cially if your cli­ent calls them out in their spe­cific­a­tions. Read and apply them to your designs.

One great resource for inform­a­tion on reg­u­lat­ory envir­on­ments and stand­ards applic­a­tions is the IEEE Product Safety Engineering Society and the EMC-​PSTC Listserv that they main­tain.

3) Fixed Guard Design

Fixed guard­ing design is driv­en by at least two factors, a) pre­vent­ing people from access­ing haz­ards, and b) allow­ing raw mater­i­als and products into and out of the machinery.

Designers fre­quently go wrong by select­ing a fixed guard where a mov­able guard is neces­sary to per­mit fre­quent access (say more than once per shift). This is some­times done in an effort to avoid hav­ing to add inter­locks to the con­trol sys­tems. Frequently the guard will be removed and replaced a couple of times, and then the screws will be left off, and even­tu­ally the guard itself will be left off, leav­ing the user with an unguarded haz­ard.

The oth­er com­mon fault with fixed guards relates to the second factor I men­tioned – get­ting raw mater­i­als and products in an out of the machine. There are lim­its on the size of open­ings that can be left in guards, depend­ent on the dis­tance from the open­ing to the haz­ards behind the guard and the size of the open­ing itself. Often the only factor con­sidered is the size of the item that needs to enter or exit the machinery.

Both of these faults often occur because the guard­ing is not designed, but is allowed to hap­pen dur­ing machine build. The size and shape of the guards is then often driv­en by con­veni­ence in fab­ric­a­tion rather than by thought­ful design and applic­a­tion of the min­im­um code require­ments.

Fight this prob­lem by: Designing the guards on your product rather than allow­ing them to hap­pen, based on the out­come of the risk assess­ment and the lim­its defined in the stand­ards. Tables for guard open­ings and safety dis­tances are avail­able in North American, EU and International stand­ards.

4) Movable Guard Interlocking

Movable guards them­selves are usu­ally reas­on­ably well done. Note that I am not talk­ing about self adjust­ing guards like those found on a table saw for instance. I am talk­ing about guard doors, gates, and cov­ers.

The prob­lem usu­ally comes with the design of the inter­lock that is required to go with the mov­able guard. The first part of the prob­lem goes back to my #1 mis­take: Risk Assessment. No risk assess­ment means that you can­not reas­on­ably hope to get the reli­ab­il­ity require­ments right for the inter­lock­ing sys­tem. Next, there are small but sig­ni­fic­ant dif­fer­ences in how the Canadian, US, EU and International stand­ards handle con­trol reli­ab­il­ity, and the biggest dif­fer­ences occur in the high­er reli­ab­il­ity clas­si­fic­a­tions.

In the USA, the stand­ards speak of con­trol reli­able cir­cuits (see ANSI RIA R15.06 – 1999, 4.5.5). This require­ment is writ­ten in such a way that a single inter­lock­ing device, installed with dual chan­nel elec­tric­al cir­cuits and suit­ably selec­ted com­pon­ents will meet the require­ments. No single ELECTRICAL com­pon­ent fail­ure will lead to the loss of the safety func­tion, but a single mech­an­ic­al fault could.

In Canada, the machinery and robot­ics stand­ards speak of con­trol reli­able sys­tems (see CSA Z432, 8.2.5), not cir­cuits as in the US stand­ards. This require­ment is writ­ten in such a way that TWO elec­tromech­an­ic­al inter­lock­ing devices are required, one in each elec­tric­al chan­nel of the inter­lock­ing sys­tem. This per­mits the sys­tem to detect mech­an­ic­al fail­ures such as broken or miss­ing keys, and if dif­fer­ent types of inter­lock­ing devices are chosen, may also per­mit detec­tion of efforts to bypass the inter­lock. Most single mech­an­ic­al faults and elec­tric­al faults will be detec­ted.

In the EU and Internationally, con­trol reli­ab­il­ity is much more highly developed. Here, the applic­a­tion of ISO 13849, IEC 62061 or IEC 61508 have taken con­trol reli­ab­il­ity to high­er levels than any­thing seen to date in North America. Under these stand­ards, the required Performance Level (PLr) or Safety Integrity Level (SIL) must be known. This is based on the out­come of, you guessed it, the Risk Assessment. No risk assess­ment, or a poor risk assess­ment, dooms the design­er to likely fail­ure. Significant skill is required to handle the ana­lys­is and design of safety related parts of con­trol sys­tems under these stand­ards.

Fight this prob­lem by: Getting the train­ing you need to prop­erly apply these stand­ards and then using them in your designs.

5) Safety Distances

Safety dis­tances crop up any­where you don’t have a phys­ic­al bar­ri­er keep­ing the user away from the haz­ard. Whether its an open­ing in a fixed guard, a mov­able guard like a guard door or gate, or a presence-​sensing safe­guard­ing device like a light cur­tain, safety dis­tances have to be con­sidered in the machine design. The easi­er it is for the user to come in con­tact with the haz­ard, the more safety dis­tance mat­ters.

Stopping per­form­ance of the machinery must be tested to val­id­ate the safety dis­tances used. Failure to get the safety dis­tance right means that your guards will give your users a false sense of secur­ity, and will expose them to injury. This will also expose your com­pany to sig­ni­fic­ant liab­il­ity when someone gets hurt, because they will. Its only a mat­ter of time.

Fight this prob­lem by: Testing safe­guard­ing devices.

6) Validation

OK, so this list should really be SIX things. Just con­sider this to be a bonus for read­ing this far!

Designs, and par­tic­u­larly safety crit­ic­al designs, must be tested. Let me say it again:

Safety Critical Designs MUST Be Tested.

Whatever the­ory you are work­ing under, wheth­er it’s North American, European, International or some­thing else, you can­not afford miss­ing the val­id­a­tion step. Without val­id­a­tion you have no evid­ence that your sys­tem worked at all, let alone if it worked cor­rectly.

Fight this prob­lem by: TESTING YOUR DESIGNS.

A wise man once said: “If you think safety is expens­ive, try hav­ing an acci­dent.” The gen­tle­man was involved in invest­ig­at­ing the crash of a Sikorsky S-​92 heli­copter off the coast of Newfoundland. 17 people died as a res­ult of the fail­ure of two titani­um studs that held an oil fil­ter onto the main gear­box, and the fact that the heli­copter failed the ‘1/​2-​hour gear­box run-​dry test’ that is required for all new heli­copter designs. This was a clear case of fail­ure in the risk assess­ment pro­cess com­plic­ated by fail­ure in the test pro­cess.

ESA Manufacturer’s Registration Deadline postponed

This entry is part 1 of 1 in the series Ontario ESA Manufacturers Registry

If you’ve been fol­low­ing the dis­cus­sions on the EMC/​PSTC list serv­er and else­where about the ESA Manufacturer’s registry in Ontario, you may not be aware that ESA has dropped the August 30 dead­line for regis­tra­tion. It seems that the Ontario Government and ESA are review­ing the dead­line fol­low­ing a cab­in­et shake-​up at Queen’s Park. There is no word on when or if the dead­line will be rein­stated. Need to know

This entry is part 1 of 1 in the series Ontario ESA Manufacturers Registry

If you’ve been fol­low­ing the dis­cus­sions on the EMC/​PSTC list serv­er and else­where about the ESA Manufacturer’s registry in Ontario, you may not be aware that ESA has dropped the August 30 dead­line for regis­tra­tion. It seems that the Ontario Government and ESA are review­ing the dead­line fol­low­ing a cab­in­et shake-​up at Queen’s Park. There is no word on when or if the dead­line will be rein­stated. Need to know more? Come to the PSES Symposium and be there for ESA’s present­a­tion on the Registry! http://​www​.PSESSymposium​.org

ESA Manufacturer Registration in Ontario, Canada

Do you make elec­tric­al products sold in Ontario, Canada? Are you aware of the need to register your com­pany with the Electrical Safety Authority (ESA) in order to sell your products leg­ally? If not, spend some time and catch up on the new ESA Manufacturer’s Registry!

Electrical Safety Authority LogoThis story updated 4-​Feb-​2014.

Since February 17th, 2009, there has been an inter­est­ing dis­cus­sion thread on the PSES’s EMC-​PSTC list on the new Manufacturer’s Registry in the Province of Ontario, Canada. Since there was so much interest, I decided to try to sum­mar­ize things here.


Ontario is the second old­est and the most pop­u­lous Province in Canada, with 12,160,282 people as of the 2006 census. Canada has 10 Provinces and three Territories. Ontario is Canada’s man­u­fac­tur­ing heart­land and is often a lead­er in new legis­la­tion.

ESA, or the Electrical Safety Authority as they are more prop­erly known, is the Authority Having Jurisdiction (AHJ) in the Province of Ontario, Canada. This means that they are author­ized by the Government of Ontario to reg­u­late elec­tric­al safety in the Province. ESA was formerly the inspec­tion arm of Ontario Hydro, a crown cor­por­a­tion dis­solved in 1998. ESA provides build­ing and equip­ment elec­tric­al inspec­tion ser­vices to the pub­lic and industry in the Province, and pub­lishes the Ontario Electrical Code. The Code is adap­ted dir­ectly from CSA’s Canadian Electrical Code – Part 1 (CSA C22.1), with Provincial devi­ations.

On 1-​Aug-​07, the Ministry of Small Business and Consumer Services filed Ontario Regulation 438/​07, Product Safety. This new reg­u­la­tion enables the Electrical Safety Authority to reg­u­late the safety of elec­tric­al products and equip­ment sold and used in Ontario.

The reg­u­la­tion was phased in to ensure that ESA and stake­hold­ers had enough time to devel­op tech­nic­al guid­ance to sup­port the reg­u­la­tion.

  • On 1-​Oct-​07 the sec­tions of the reg­u­la­tion that gov­ern approv­al of elec­tric­al products (cur­rently con­tained in the Ontario Electrical Safety Code) and that allow notice be giv­en to the pub­lic of unsafe elec­tric­al products came into effect.
  • On 1-​Jan-​08 oth­er sec­tions relat­ing to ESA’s invest­ig­at­ive and order-​making powers came into effect.
  • On 1-​Jul-​08 sec­tions of the reg­u­la­tion requir­ing organ­iz­a­tions to report ser­i­ous elec­tric­al incid­ents or defects came into effect.
  • On 1-​Apr-​09 the Registry will open and man­u­fac­tur­ers can begin to register with ESA. For man­u­fac­tur­ers cur­rently selling products in Ontario, regis­tra­tions must be com­pleted by 30-​Aug-​09. This require­ment is cur­rently post­poned. For more inform­a­tion, see this art­icle. If your com­pany wants to begin selling products in Ontario, the com­pany must register before products can be sold.

What is the Registry?

Recent Changes in the Ontario Electricity Act have increased the require­ments for report­ing of “ser­i­ous incid­ents” with elec­tric­al ori­gins. These require­ments are found in Ontario Regulation 438 on Product Safety. In the past, sig­ni­fic­ant num­bers of injur­ies caused by either unap­proved equip­ment, or fraud­u­lently marked equip­ment have occurred. When ESA has invest­ig­ated the equip­ment, they run into prob­lems with find­ing the ori­gin­at­or of the gear, and there­fore the per­son or com­pany who bears respons­ib­il­ity for the prob­lem. The new addi­tions to the reg­u­la­tion address this by requir­ing report­ing of severe injur­ies caused by elec­tric­al equip­ment. In order to improve trace­ab­il­ity of elec­tric­al products sold in Ontario, ESA intro­duced the Manufacturer’s Registry, and made it man­dat­ory under their author­ity as the AHJ in Ontario. See the Ontario Regulation. Registration begins 1-​Apr-​09. Registration must be com­pleted by 30-​Aug-​09. The man­dat­ory Registration dead­line has been indef­in­itely post­poned. A fee of $350 Canadian dol­lars must be paid in the first year, with a reduced fee in each fol­low­ing year.

Manufacturers of elec­tric­al equip­ment for sale in Ontario are required to register with ESA, regard­less of wheth­er they are loc­ated in Ontario or else­where. Failure to register will mean that cer­ti­fied or labeled elec­tric­al products will be deemed to be unap­proved and non-​compliant with the Ontario Electrical Code. Under Regulation 438, it is illeg­al to sell, dis­play or use unap­proved elec­tric­al products [Section 5]. Under the Industrial Establishments reg­u­la­tions (part of the Ontario Occupational Health and Safety Act), it is illeg­al to use unap­proved elec­tric­al products in the work­place [Section 40]. Similar require­ments are also found in the Construction Regulations (Ontario Regulation 213, Section 185).

More inform­a­tion on the Registry can be found on the ESA web site in the Product Safety area. There are a num­ber of FAQ’s avail­able from this page as well. They include:

The regis­tra­tion is per man­u­fac­turer and NOT per product, so once you have registered your com­pany you do not need to re-​register for every product.

Recognized elec­tric­al safety marks

ESA provides a list of all of the Certification and Inspection marks that are recog­nized in the province. As long as your product or the products you are selling bear one of these marks, the product can be dis­played, sold or used in the Province, pre­sum­ing the man­u­fac­turer is registered.

View the list of Recognized Marks and Field Evaluation Labels.

What is a ‘ser­i­ous incid­ent’?

Regulation 438 defines a ser­i­ous incid­ent in Section 1:

ser­i­ous elec­tric­al incid­ent or acci­dent” means an elec­tric­al incid­ent or acci­dent that,

(a) res­ults in death or ser­i­ous injury to a per­son,

(b) has the poten­tial to cause death or a risk of ser­i­ous injury to a per­son, or

© causes or has the poten­tial to cause sub­stan­tial prop­erty dam­age.

Reporting Requirements

Once your com­pany has registered with ESA, any ser­i­ous incid­ents occur­ring any­where you mar­ket your products becomes report­able, but only for products sold in Ontario.

Quoting from Regulation 438:

8. (1)  A man­u­fac­turer, whole­saler, import­er, product dis­trib­ut­or or retail­er that becomes aware of a ser­i­ous elec­tric­al incid­ent or acci­dent or a defect in the design, con­struc­tion or func­tion­ing of an elec­tric­al product or device that affects or is likely to affect the safety of any per­son or cause dam­age to prop­erty, shall report to the Authority as soon as prac­tic­able after becom­ing aware of the ser­i­ous elec­tric­al incid­ent or acci­dent or defect.

(2)  A cer­ti­fic­a­tion body or field eval­u­ation agency that becomes aware of a ser­i­ous elec­tric­al incid­ent or acci­dent or a defect in the design, con­struc­tion or func­tion­ing of an elec­tric­al product or device that was the sub­ject of a report giv­en by the cer­ti­fic­a­tion body or field eval­u­ation agency that affects or is likely to affect the safety of any per­son or cause dam­age to prop­erty shall report to the Authority as soon as prac­tic­able after becom­ing aware of the ser­i­ous elec­tric­al incid­ent or acci­dent or defect.

There is more to Section 8 of the reg­u­la­tion than quoted. Additional sub­sec­tions include inform­a­tion on what needs to be in the report and who needs to be involved in the invest­ig­a­tion. If you need to make a report, check the rest of Section 8 first.

For example, say that your com­pany man­u­fac­tures a wid­get, Model 1523. Model 1523 is sold in the USA, Ontario Canada, Mexico and India. The com­pany also man­u­fac­tures a dif­fer­ent wid­get, Model 2000, sold in the USA and Mexico.

At some point, reports of elec­tric­al shock and fires caused by Model 2000 start to come into your Product Safety depart­ment. Do you need to report this to ESA? NO – Model 2000 is not sold in Ontario, so severe incid­ents caused by that mod­el do not require report­ing to ESA.

Model 1523 has a clean record, so no report­ing is required there. After man­u­fac­tur­ing Model 1523 for a few years, a key com­pon­ent is changed for a cost reduced ver­sion from a dif­fer­ent sup­pli­er. Six months after the change, reports come in from Mexico and India that users have been killed by elec­tric shock received from units of Model 1523. After invest­ig­at­ing the reports, your Product Safety depart­ment determ­ines that the faulty units used the new com­pon­ent. Do you need to report this to ESA? YES – because Model 1523 is sold in Ontario.

Here’s anoth­er example. Your com­pany imports elec­tric­al products from a num­ber of coun­tries and sells them whole­sale to large retail­ers, some of whom have stores in Ontario. Do you need to register? NO – But you can­not leg­ally sell products from man­u­fac­tur­ers who are not registered in Ontario.

What if the products are impor­ted into Ontario but are not sold to users in the Province, and are only ware­housed and whole­saled to retail­ers or oth­er dis­trib­ut­ors out­side of Ontario? Do you need to register? NO – But you must com­ply with the require­ments in the oth­er jur­is­dic­tions where the product is sold. Check with the AHJ in each Province or Territory where your products are sold to determ­ine the require­ments.

What if I become aware of ser­i­ous incid­ents that are occur­ring with products I sell in Ontario? You MUST report them to ESA, wheth­er you make the product, import, dis­trib­ute or retail it.

What Products are Covered by the Regulations?

  • Consumer elec­tric­al products;
  • Commercial elec­tric­al products;
  • Electrical Medical Devices;
  • Industrial elec­tric­al products;
  • Wiring devices and products;
  • Battery-​operated devices used in Hazardous Locations;
  • Battery char­gers used with bat­tery oper­ated products;
  • Hardwired and plug-​in life safety products like Smoke Detectors and CO Detectors;
  • Certified com­pon­ents used in any of the above.

Will this become a Canadian National System?

This is not yet known. There are dis­cus­sions going on with the oth­er Provinces and Territories, how­ever these are very pre­lim­in­ary stages. ESA has stated that they are sup­port­ive of a National Program should it be developed, but at this time these require­ments exist only in Ontario.

Tax Grab?

Some people have expressed the opin­ion that this is simply a way to mask a new tax, since regis­tra­tion fees are pay­able on an annu­al basis. In fact, a means is required to fund the registry, and the fees col­lec­ted are to be used for that pur­pose. See the Funding Model Report. Since ESA’s man­date is to pro­tect the people of Ontario from elec­tric­al haz­ards, and since there are increas­ing num­bers of ser­i­ous incid­ents occur­ring where the products turn out be be unap­proved or fraud­u­lently marked, this is a reas­on­able way for the Authority to gain con­trol over the products enter­ing the mar­ket­place, and to hold every­one in the sup­ply chain respons­ible for ensur­ing that only approved products are sold in the Province.

Since there is no new mark­ing require­ment, and since reput­able man­u­fac­tur­ers are already cer­ti­fy­ing or labeling their products for sale, and fur­ther­more since the regis­tra­tion fee is quite small for any organ­iz­a­tion selling any quant­ity of product in the Province, this is not an oner­ous require­ment. You are still free to have any SCC accred­ited body whose mark is recog­nized in Ontario do the cer­ti­fic­a­tion work.

Will it work?

This is the big unknown. Canadians are known for cre­at­ing regis­tries in response to a per­ceived need to con­trol some­thing. Notable fail­ures include the National Do Not Call registry was sup­posed to allow Canadians to register their phone num­bers with the gov­ern­ment, who was then requir­ing Canadian based tele­marketers to scrub those num­bers from their call­ing data­bases. Unfortunately this only provided num­bers to off-​shore tele­marketers who are using the DNC Registry lists as a way to get num­bers to call.

It’s unfair to group this registry with the pre­vi­ous example for a num­ber of reas­ons. The imple­ment­a­tion of this registry is dif­fer­ent from the pre­vi­ous example in intent and exe­cu­tion. Compliance is mon­itored by the entire sup­ply chain. It prob­ably stands a pretty good chance of work­ing. Time will tell!

Update on this story


Since this story was ori­gin­ally writ­ten in March of 2009, all men­tion of the Manufacturer’s Registry has dis­ap­peared from the ESA web site. When I have tried to con­tact people involved in the ori­gin­al roll out of the Registry, they do not respond. I have asked for the oppor­tun­ity to inter­view one per­son in par­tic­u­lar and have yet to receive any kind of reply.

It would seem that this pro­gram has been allowed to quietly die, how­ever the legis­la­tion that per­mit­ted it to be cre­ated in the first place remains unchanged. Depending on the mood of those in charge, it could the­or­et­ic­ally be brought back to life again.