SICK White Paper Part 3 - Risk Assessment
SICK White Paper Part 3 - Risk Assessment
SICK White Paper Part 3 - Risk Assessment
Introduction
After risks have been identified, evaluated and analyzed as outlined in Part 2 of this series (The Risk
Assessment Process), there will inevitably be some if not many residual risks not at an acceptable
level. In these instances, it is important to take action to mitigate the risk to a level deemed tolerable for
your organization. Before rushing into a knee-jerk reaction to implement possible solutions, however, it
is important to consider the rational approach to risk reduction known as the Hierarchy of Controls.
While the ISO 12100 approach includes additional risk reduction steps to be applied by the user
(employer), these measures are considered outside the scope of the International Standard.
Additionally, this standard was adopted in the U.S. as an American National Standard as ANSI/ISO
12100:2012. To better focus on the North
American regulatory requirements for
employers to make all equipment safe
(regardless of the vintage of the equipment),
other consensus standards exist which also
focus on the importance of the users role in
overall mitigation of risk, with the most broadly
applicable standard being ANSI B11.0-2010
Safety of Machinery General Requirements
and Risk Assessment. This standard includes
the hierarchy shown in Figure 1 above, and
parallels ISO 12100 in both scope and
applicability to a broad category of equipment.
It should be noted that both ISO 12100 and
ANSI B11.0 (as well as other standards) follow
the direction provided by ISO/IEC Guide 51
Safety aspects Guidelines for their inclusion in
standards, which was recently updated in April
2014. The intent of the guide is to establish
common terminology and methodologies to
standards writers when addressing key
concepts of risk reduction for inclusion in safety
standards around the world. A graphical
representation is included in Guide 51,
illustrating that risk reduction directly follows the
risk assessment process and is a combination
of efforts applied at both the design and use
phases of equipment. Figure 3 is an adaptation
of this image, modified to express that each
iterative application of additional risk reduction
measures following a hierarchical approach
further reduces the associated residual risk.
By combining these approaches, proactive organizations can reap great benefits. Machinery suppliers
are the most equipped to understand the design and intended use of the equipment, and therefore are
in the best position to successfully implement cost effective risk reduction measures at the design
phase. However, as is the case with most common off the shelf machine designs, many OEMs are
not fully aware of each end users intended use of the equipment. In these instances, the user is best
positioned to select and apply risk reduction measures that are most effective based on the process
and intended use of the machinery.
Numerous documents have been developed to outline the hazard control hierarchy and provide
guidance on its implementation. As such, different models exist; some go to great detail to define each
minute approach, while others are more general in their examination of the concepts. Figure 4 below
identifies a few of the more common classifications (into either three, five, or eight tiers) of the
hierarchy, some of the guidance associated with each, as well as a number of justifications for the
preference of order of the elements. The classifications of risk reduction measures are explored in
more detail further on.
Prevention through Design (PtD) is a national initiative lead by the National Institute for Occupational
Safety and Health (NIOSH), a U.S. federal agency under the Center for Disease Control and
Prevention (CDC) that conducts research and
makes recommendations to prevent worker
injury and illness. PtD incorporates all of the
efforts to predict and design out hazards to
workers and its focus is on individuals who
execute the designs or have to work with the
products of the design. The initiative has been
developed to support designing out hazards,
the most reliable and effective type of
prevention because it lessens the reliance on
lower hierarchy control measures. Additional
benefits of PtD include greater ease of
implementation as well as lower overall cost,
as depicted in Figure 5.
Figure 5: Model of Prevention through Design
The multi-year initiative, started in 2006, has resulted in a number of work items, including the
consensus standard ANSI/ASSE Z590.3-2011 Prevention through Design Guidelines for Addressing
Occupational Hazards and Risks in Design and Redesign Processes. As addressed in Part 1 of this
series, this standard includes guidelines and requirements for risk assessment as a key element to
identify sources of potential risk.
Many categories of engineering controls exist, as portrayed in Figure 6. Some may be integrated
into barriers (such as interlocking devices), while others may detect the presence of an individual or
other obstruction at a predetermined location (such as light curtains, area scanners, and safety
mats). Furthermore, some measures may detect the absence of an individual at a predetermined
location (such as two-hand controls), and others may be used to control access to the hazard area
(such as pull-backs and restraints).
Complimentary Measures
Some engineering controls cannot be relied upon as primary safeguarding measures, although they do
assist in reducing risk. A common example is emergency stop (e-stop) devices. E-stops are not
considered safeguarding devices because they neither detect nor prevent access to a hazard.
However, because these devices can help minimize the extent of injury in the event exposure to the
hazard does occur, they clearly qualify as a risk reduction measure.
Safety-Related Part of the Control System
As part of an overall risk reduction strategy, some measure of risk reduction is typically achieved
through the application of safeguards and/or complimentary measures employing one or more safety
functions. When this occurs, engineering control components also become elements of the safety
related part of the control system (SRP/CS). By definition, the SRP/CS is the part of a control system
that responds to safety-related input signals and generates safety-related output signals. These are
parts of machinery control systems that are assigned to provide safety functions, can consist of
hardware and software, and can either be separate from the machine control system or an integral part
of it. In addition to providing safety functions, SRP/CS can also provide operational functions (such as
ANSI B11.0
YEAR
AFFIRMED
(REAFFIRMED)
2010
ANSI B11.19
2010
STANDARD
ANSI B11.26
1)
DRAFT
TITLE
Safety of Machinery General Requirements and Risk Assessment
American National Standard for Machines Performance Criteria for Safeguarding
Functional Safety for Equipment (Electrical/Fluid Power Control Systems) Application of ISO
13849 General Principles for Design
ANSI B11.TR3
2000
ANSI Technical Report for Machine Tools Risk assessment and risk reduction A guide to
estimate, evaluate and reduce risks associated with machine tools
ANSI B11.TR4 2)
2004
ANSI Technical Report for Machine Tools Selection of Programmable Electronic Systems
(PES/PLC) for Machine Tools
ANSI B11.TR6 2)
2010
ANSI Technical Report for Machine Tools Safety Control Systems for Machine Tools
2011
3)
1999 (R2009)
American National Standard for Industrial Robots and Robot Systems Safety Requirements
CSA Z432
2004
Safeguarding of machinery
ISO 12100 4)
2010
Safety of machinery General principles for design Risk assessment and risk reduction
1996
Safety of machinery Safety-related parts of control systems Part 1: General principles for
design
ISO 13849-1
2006
Safety of machinery Safety-related parts of control systems Part 1: General principles for
design
2010
IEC 62061
2005
EN 954-1
1)
5)
NOTES
This standard is in final draft phase and is expected to be published by end of 2014 or early 2015.
2)
3)
This standard is intended to be formally withdrawn at the end of 2014. The new revision of this standard, ANSI/RIA R15.06-2012, does
not include specific guidance, but rather references ISO 13849-1 and IEC 62061.
4)
ISO 12100-2010 was a consolidation without technical change to ISO 12100-1:2003, ISO 12100-2:2003, and ISO 14121-1:2007. ISO
12100:2010 was also adopted as an American National Standard, ANSI/ISO 12100:2012.
5)
EN 954-1 was subsequently elevated to ISO 13849-1 in 1999. In turn, ISO 13849-1 was revised in 2006, effectively replacing both EN
954-1 and the 1999 ISO revision as of 1 January 2012.
Information listed is believed to be accurate at time of publication; subject to change at any time. Check with appropriate SDO for additional
information regarding scope and content of standards listed.
Awareness barriers, as noted above, differ from engineered barrier guards because they must
be installed such that a person cannot reach into the hazardous area without a conscious effort
and/or contact with the barrier. Examples include railings, chains, or other devices, which allow
entry of work pieces of varying sizes, but prevent the operator from reaching the hazard without
their awareness. Additionally, awareness barriers provide a visual boundary to the operators
movements and indicate the location of the hazard area.
Awareness signals are devices that warn individuals by means of audible sound or visible light.
Effective design of visible indicators will address unambiguous positioning, patterning, labeling
or flashing to ensure clear communication of the hazard zone. Consideration should also be
given to the prevalence of color blindness, as well as consistent color coding within the facility
and in accordance with applicable standards. Audible signals should have a distinctive sound
and intensity that distinguishes them from the highest ambient noise level in the area.
Awareness signs (also referred to as safety signs) are used to warn individuals of potential or
existing hazards. These too must be in compliance with applicable regulations and standards to
ensure that proper formats, colors, and symbols are used to provide appropriate hazard
avoidance information for risks that may be encountered.
The equipment supplier is obligated to furnish information about the intended use of the machine
considering all intended operating modes as well as reasonably foreseeable misuse. This information
must contain documentation (as appropriate) for the risk reduction measures applied, including
installation requirements, operating instructions, and maintenance requirements. Furthermore, the
supplier should provide all instructions necessary to ensure safe and proper use of the machine, and
also inform and warn the user about residual risks, including need for additional protective measures,
training, and personal protective equipment.
It is then the employers responsibility to ensure that all exposed people (not just employees) are
trained based upon the program developed. The employer must then verify the understanding and
provide for the continued competency of each person. In turn, each individual has a responsibility to
follow the training and safety procedures provided, to avoid the hazards that are identified or known to
them, and not intentionally attempt to circumvent the risk reduction measures which have been applied.
Personal Protective Equipment
Personal protective equipment (PPE) must be used in conjunction with but not in lieu of other risk
reductions measures, or when no other control methods are available or feasible. Typical PPE
includes, but is not limited to, eye protection, hearing protection, gloves, non-slip and/or steel toe
footwear, respirators, etc. Again, many standards exist in industry regarding how specific PPE must be
designed and tested. When different levels of PPE exist, selection of the appropriate PPE for the
application is often based on the risk assessment process.
10
Conclusion
As discussed in the previous white paper in this series, zero risk is virtually unattainable and all
machinery applications have some level of residual risk. However, application of the hazard control
hierarchy is essential to achieving adequate risk reduction. By applying effective risk reduction
measures from each step of the hierarchy of control, reaching an acceptable or tolerable level of
resulting risk is possible.
As stipulated in most consensus guidance documents, the hazard control hierarchy is a proven
approach to ensure that acceptable levels of machinery safety are achieved. Even for organizations
with limited expertise selecting and applying risk reduction measures, the benefits of a rational and
organized process are easily realized. When implemented as part of an overall risk assessment
methodology, results can be fulfilled which are consistent, justified, and practical.
This white paper is meant as a guideline only and is accurate as of the time of publication. When
implementing any safety measures, we recommend consulting with a safety professional.
For more information about the hierarchy of controls, contact SICK Safety Application Specialist Chris
Soranno at chris.soranno@sick.com, or visit our web site at www.sickusa.com.
11