« Back To Motion Control & Motors Industry Insights
Motion Control & Motor Association Logo

Member Since 2006


The Motion Control and Motor Association (MCMA) – the most trusted resource for motion control information, education, and events – has transformed into the Association for Advancing Automation.

Content Filed Under:

Factory Automation , Machine Tool , and Robotics Factory Automation , Machine Tool , and Robotics


Risk Management Cuts Machine Costs

POSTED 12/11/2013  | By: Kristin Lewotsky, MCA Contributing Editor

Planning for safety from the beginning improves design, speeds commissioning, and reduces cost to OEM and end user alike.

Especially in today’s lean market, machines and processes need to run ever faster and more efficiently. That pressure to perform can lead to operators putting themselves at risk, which makes safety more important than ever. It’s a balance, though. A machine has to be both safe and productive—one without the other is essentially useless. “If you want a totally safe machine, you can turn it off, but then it's not producing anything,” says Chris Soranno, safety compliance manager at Omron STI (Anaheim, California). “Or you can rip all the safeguards off and run the machine at 110% of recommended speed and you maximize productivity until an accident occurs. You have to find that balance.”

The benefits of safety go beyond worker health. When properly designed, safety can decrease downtime and increase operating speed. Techniques like Safe Speed and Safe Torque Off make it easier to clear jams and restart the line, increasing overall equipment effectiveness (OEE) every bit as much as the latest motor drive. All too often, however, end users and OEMs fail to pursue those benefits. “Some machine builders want to know about the very latest technology to drive the performance of their machine, but if you ask about their safety strategy, they’ll say they’re fine with what they have,” says Tim Roback, Marketing Manager for Safety Systems at Rockwell Automation (Milwaukee, Wisconsin). “There are a couple reasons for that. Number one, in many cases, people aren't comfortable interpreting and applying the safety standards. Number two, they don't see the opportunity for increased productivity with safety improvements, so it's always an educational process to explain that safety can add value. It's not just a cost.”

To be most effective, safety has to be considered as a process rather than a task, as shown in the safety lifecycle established in standards like IEC 61508 (see figure 1). From a machine design point of view, we can break the safety lifecycle into five steps:

•    Risk assessment: Identify hazards and determine the associated risks
•    Functional requirements: Write the functional safety requirements to mitigate that risk based on standards and best practices
•    Design and verification: Design the safety solutions into the system
•    Install and validate the system: Ensure the system performs as intended and meets standards.
•    Maintain and improve: Upgrade the system as required to guarantee safe performance with modifications and wear

Figure 1: The safety lifecycle sets out a roadmap for efficiently mitigating risk. (Courtesy of Rockwell Automation)
Figure 1: The safety lifecycle sets out a roadmap for efficiently mitigating risk.
(Courtesy of Rockwell Automation)

Effective safety is designed in from the beginning, and it starts with a plan. “A good risk assessment process is the absolute foundation of any machine safeguarding solution,” says Pat Barry, regional marketing lead for safety, Rockwell Automation. “If the assessment is done properly, it makes every one of the steps that follow easier.”

Risk assessment follows a similar process regardless of standard: Examine the severity of the possible injury or harm, determine the potential frequency, and review the methods of avoidance. This establishes a matrix of risk mitigation options required to address a particular hazard. The higher the severity of the hazard, the lower the acceptable frequency, and vice versa. Each organization has to establish a level of tolerable risk for each hazard, then design the system to meet it.

The starting point is to understand how the machine will be used, which means communicating up and down the food chain. An end-user doesn't have any capability after construction to design something out and the OEM doesn't have any capability beforehand to really understand what the human interaction is with the machine, so the first thing is to try to make it a collaborative process.

The risk assessment process requires identifying all possible hazards from all possible uses. (Courtesy of Omron Automation & Safety)The key is to start with a risk assessment. This involves not just looking at the way the machine is intended to be used but also the way it’s actually used, because the two aren't necessarily the same. The days of dedicated machines are slipping away. An operations manager might switch out the tooling on a press machine, for example, to repurpose it for folding or shearing metal. The problem is that it wasn’t designed for that, which means that they may have unintentionally introduced new hazards not protected by the original design. It’s not enough for the machine to be safe in standard operations; it needs to be safe as it’s going to be used, and that requires communications.  

“One thing we often see is an OEM who builds a machine designed to run just so, and this is the only way it can be run safely,” says Soranno. “They put it out there without necessarily acknowledging the fact that the end-user is going to take the machine and repurpose it. They need to actually have that interaction with the operator, employer, and other stakeholders.”

That paradigm shift is gradually taking place, he says. Increasingly, end users tell OEMs up front how they plan to use a machine, whether it’s built for that purpose or not. This allows the OEM to perform a thorough assessment and eliminate or mitigate risk wherever they can. “The engineering team says how do we design a machine to eliminate this risk as much as possible and if we can’t design it out, what other measures do we put in places that are not going to be reliant on human behavior?” On site, they continue to augment safety whether it's training, additional safeguarding measures, etc. If the end user modifies the machine, they have a responsibility to identify any new risks and address them appropriately.

Good safety design also requires a degree of cynicism. “When performing the initial risk assessment to identify the inherent risk of the operation, you always have to make the assumption that there are no safety measures in place, that the guard was not built right or designed correctly or heaven forbid, taken off the machine and not put back,” Soranno adds.

Managing risk
Once the risk has been identified, the next step is to mitigate it by adding appropriate safety measures. Basically, risk assessment sets the bar at low, medium, or high, then the engineering team uses the guidelines below to protect users:

•    Can you design the hazard out?
•    Can you put a fixed enclosing guard over it?
•    Can you use some kind of engineered safeguard like a safety device or an interlocking guard to mitigate the hazard?
•    Can you safeguard somebody with training, awareness, or procedure?
•    Do you have to issue personal protective equipment?

For every hazard being addressed, these five questions generate a list of options. Each of those methods may be viable to safeguard the person performing the task but different options are going to have different effects on productivity, cost, and other factors. It’s important to note that the effectiveness of the approaches above decreases as they go down the list—the most useful approach is to design out the risk and the least useful is personal protective equipment. Be sure to investigate your options—it can be tempting to go with a tried and true option, but the familiar option may not necessarily be the most effective one, both in terms of safeguarding and productivity.

For a low risk activity, signage to alert staff to the potential for injury may be sufficient. A high risk requires more. Now, the designer applies the hierarchy of controls. If that's not possible—maybe the machine is already built or designed—they apply engineering controls and safeguarding technology, protective devices, safety-rated logic controllers, and redundant monitored outputs. When access is required as part of the process, it can be detected and monitored, and through the state logic determine what motion, if any, is permitted when exposure to the hazard exists.

Protecting maintenance staff
It’s tempting to focus efforts on normal production cycles, but the majority of injuries occur outside of standard operations. Staff is not intentionally careless, but safety systems often interfere with maintenance, troubleshooting, clearing jams, etc. A guard door that remains closed during normal operation may have to be opened for observation, for example, or to jog the line. All too often, safety design doesn’t take these activities into account. “There's a thinking in organizations that maintenance people are somehow inherently safer or more impervious to harm than operators, but even maintenance people need to be safeguarded,” says Soranno.

The problem is that a lot of maintenance involves troubleshooting, which requires partial energy. It's not as simple as just putting the machine into bypass mode. The design still needs to permit machine motion while providing the same level of risk reduction so that personnel can still accomplish maintenance tasks effectively and efficiently. “That's why doing the assessment and functional specification upfront is so important because the end goal is to make the easy way the safe way,” says Barry. “A lot of times we add a safety measure and it creates a barrier to somebody doing their work. If you really understand how that person interacts with the machine, then you can give them a safeguard so that they are protected just by virtue of doing their job,” he adds, likening it to an airbag in a car. “The design part is a lot easier if you've done a good detailed assessment and functional spec upfront.”

An effective assessment includes everyone who interacts with the machine—not just operators but maintenance staff, custodians, even OEMs and system integrators during activities like commissioning and decommissioning. Armed with this information, the design team can make provisions for maintenance personnel to perform their duties while remaining safe.

Of course, the plan must be properly executed in order for it to succeed.  “That's probably the place where I see people miss most frequently,” says Barry. “They’ll make a great decision about how to safeguard somebody and then they'll kind of slack off when it gets down to actually cutting off energy from a motor, for example.  Are you asking the motor to stop or are you forcing it to stop? If I take an enable signal away from a drive, I'm not removing the electricity that makes the motor spin. You have to make sure that level of integrity and reliability is there for the entire safety function.”

Ultimately, risk management helps OEMs and end users alike to ensure safe operations for everyone involved with the machine. Planning ahead is the best guarantee of success. “Whenever you view safety as an after-the-fact responsibility, typically it comes at the expense of productivity and typically it costs more,” says Roback. “If you look at it as lifecycle and think about it from the get-go, that's where the opportunity for safety and productivity gain is really maximized.”



Figure 3: Personnel can be protected from hazards by measures such as barriers that block access or light curtains that stop operations or sound alarms when broken. (Courtesy of Omron Automation & Safety)