David Collier of Pilz Automation Technology explains the key points of the process of systematic technical risk assessment that are required when building, retrofitting or interlinking machines, as required by the Machinery Directive (2006/42/EC) and the Management of Health and Safety at Work Regulations (MHSWR 1999).
Many machine builders mistakenly take the view that the risk graph in the standard for safety-related parts of control systems, EN ISO 13849-1 (which replaced EN 954-1 at the end of 2011) is a 'risk assessment' – but it is not. The design of safety control systems does play an important role in reducing risks, but risk assessment itself starts with the use of the standard EN ISO 12100:2010, Safety of machinery - General principles for design. Risk Assessment and Risk reduction.
The process includes:
Statement of machine limits including technical specifications such as range of energy supply, speed of movement, operational frequency, and other limits related to environmental and other conditions. Note that with the latest standards for safety-related controls it is increasingly important to know these limits as, later on, when a safety control system is designed, its performance may be degraded due to wear that is directly related to operational frequency (referred to as nop).
Hazard identification - who could be hurt, how and when, throughout all the relevant machinery lifecycle phases
Estimation of risk (quantification) and evaluation (if risk reduction is required)
Hierarchical approach for risk reduction. The preference is to eliminate hazards so there is no risk; for example, removing trap/nip/crush/drawing-in points. If, after this, some risks remain intolerable, the next step is to introduce safeguards and it is only at this stage that guarding would be considered, and if this guarding requires interlocking then the safety-related control system standards become relevant. Equally, if no physical guards are selected but devices such as light curtains are chosen, safety-related controls become relevant. It is at this stage that the required level of performance (PLr) or SIL of a safety function must be determined through the use of either EN ISO 13849-1 or EN 62061. The PLr or SIL indicates the degree to which the safety function reduces the risk to an acceptable level.
After safeguarding measures, EN ISO 12100:2010 refers to complementary measures that further reduce the residual risks to an acceptable level, through such measures as training, signage and warning equipment (such as beacons). It is arguable that emergency stops (E-stops) should be included here, since they should not be used as substitutes for proper safeguarding.
For builders of specific machine types there are type-C standards (such as the EN 415 series covering packaging machines), which also provide guidance on the risk assessment and risk reduction measures associated with these specific machines.
The last points to make about risk assessment are that it is an iterative process, and that it is often good to get a second pair of eyes to help. Over-familiarity with a machine can leave engineers blind to hazards that may be obvious to others.
It can be prudent to employ the services of a company that can provide both the independent risk assessment and the practical safety concept to help ensure compliance with the Essential Health and Safety Requirements of the Machinery Directive. Pilz offers these services, as well as design, implementation and validation.