Features Machine & Operator Safety Opinion
Intrinsically safe by design: A different approach to machine safety

While interviewing candidates for a designer position some years ago, I used a questionnaire to prescreen applicants. I asked them to rank attributes in order of importance to good machine design. These included efficiency, performance, safety, serviceability, ergonomics, etc. All candidates, except one, ranked safety as the most important. That candidate, instead, ranked all as equally important.

In elaborating, he called the question unreasonable, saying that asking a designer to rank these attributes implied that they could be separated as distinct features of good machine design, when actually a good machine design intrinsically integrates all attributes. Years later I understood what he meant. Good machine design integrates all attributes, taking each for granted while delivering on all, including safety.

Appliances, automobiles, elevators and our better produced equipment do that very well–intrinsically integrate all attributes, including safety, without drawing excessive resources to any one. This doesn’t mean that there aren’t safety features; it means that safety is incorporated into the inherent design architecture. While this is easier said than done, it is possible.

We often implement machine safety by first designing the fundamental machine functionality and then identifying or predicting potential safety hazards. Then we proceed to guard against hazards with physical barriers, light curtains, interlock circuits, safety switches, etc. This approach works very well; however, a better alternative may be to specify the fundamental design to be intrinsically safe by using components–hardware and software–which themselves operate/fail in a safe mode, prevent catastrophic failure and are integrated in an architecture that likewise fails in a safe mode. Again, this is easier said than done, but it is possible if we frame safety as a machine functional attribute upfront and not specify it separately.

For example, to meet requirements for emissions of appliances, such as computers or printers, a designer employs a combination of two strategies–suppression and containment. Suppression means using components and designs that inherently minimize emissions because they are efficient and deliver only what’s required, and then using creativity to minimize emissions by design while still meeting specifications. Containment means that, while we may have exhausted the benefits of suppression, we still have some excess emissions that we need to contain. This can be accomplished by putting a cover over offending components or modules. Most of our conventional safety strategies fall into the containment mode, with little consideration or emphasis on the suppression mode.

If we emulate this dual strategy approach in machine safety and employ a combination of suppression and containment so that our strategy utilizes creativity at the design phase to minimize the existence of safety hazards, then containing them becomes a simpler and/or more cost-efficient task, while still meeting all requirements. This approach also leads to more efficient designs and less complex systems.

How might we implement this strategy? First, we need to understand that safety is about suppressing/containing hazardous energy. Next, we need to design machines in a way that minimizes the energy present to the lowest levels required to meet functionality at the point of use in the cycle, with some controlled upper limit. By sizing power supplies, actuator forces and other energy converters, we calculate, test and measure our requirements and limit the energy that we make available to the system. By “dialing” our energy levels to the true power requirements and no more, hazards will be set at the lowest limits possible.

We might use innovative design to select from various energy sources appropriate to our requirements, using the constraint of energy control to weigh viable options between a pneumatic actuator vs. a programmable actuator. Individual component costs aren’t as important as total alternative system cost comparisons and, although tempting, we shouldn’t let component costs drive our design. The ability to control our energy input throughout the cycle becomes an important consideration.

One example might be a redesign of the classic press, which moves to the work surface under full control and at force equilibrium throughout its main stroke, while using feedback control and high reliability components, switching to the full work force once at the work position. By that point in most applications, any pinch points or impact hazards have disappeared. A second example is a robot arm that moves throughout its travel envelope in a “weak,” balanced force function, so that it bounces off or stops at minimum contact with an obstacle. When it reaches its precise work location, it becomes stiff and applies all of the control to achieve the precision and force requirements of the application; its remaining stroke easily guarded or invisible to the operator. A third example might be the conveying of product from station to station on conveyors that have no exposed pinch points, variable speed and torque motors, so that they sense loads and apply only the energy required.

These idealized configurations involve higher levels of feedback, with smarter algorithms along with creative mechanical design, making safety inherently part of design. A great deal of knowledge about inherently safe designs exists in what has already been successfully developed in various individual systems. What we lack is an integrated knowledge database and an approach to the problem from the suppression strategy viewpoint. Suppliers of safety components are probably the best repositories of that knowledge, since they’ve seen a lot in the field.

To pursue inherently safe designs, we might systematically rethink our conventional machine elements and how we integrate them with safety as one of the constraints. Guarding against pinch points is only required because we have designed those pinch points in to begin with. We will always need safety devices/features, but the extent that we need those is dictated by the design decisions we make at the architectural level of machine design. Using the concept of an inherently safe design from the top down, we can build more efficient, safer and more versatile machines.

Chris Stergiou is a manufacturing consultant with 25 years of experience. He provides custom automation and consulting services to clients, many of them Fortune 500 companies. He can be reached at chris@cstergiou.com.