When designing safeguarding systems for machines, one of the basic building blocks is the movable guard — doors, panels, gates or other physical barriers that can be opened without using tools. Every one of these guards needs to be interlocked with the machine so that the hazards covered by the guards are effectively controlled when the guard is opened. There are a number of important aspects to the design of movable guards. This article will focus on the selection of interlocking devices that are used with movable guards. The hierarchy of controls This article assumes that a risk assessment has been done as part of the design process. If you haven’t done a risk assessment, start there, and then come back to this point in the process.The hierarchy of controls describes levels of controls that a machine designer can use to control the assessed risks . Designers are required to apply every level of the hierarchy in order, starting at the top. Where a level cannot be applied, the designer moves to the next lower level.Though much emphasis is placed on the correct selection of these interlocking devices, they represent a very small portion of the hierarchy. It is their widespread use that makes them so important when it comes to safety system design. Electrical versus mechanical interlocksMost modern machines use electrical interlocks because the machine is fitted with an electrical control system, but it is entirely possible to interlock the power to the prime movers using mechanical means. This doesn’t affect the portion of the hierarchy involved, but it may affect the control reliability analysis that you need to do.CategoriesIn Canada, CSA Z432  and CSA Z434  provide four categories of control reliability: simple, single channel, single channel monitored and control reliable. In the U.S., the categories are very similar, with some differences in the definition for control reliable. In the EU, there are five levels of control reliability, defined as Performance Levels (PL) in ISO 13849-1: PL a, b, c, d and e . Underpinning these levels are five architectural categories: B, 1, 2, 3 and 4. To add to the confusion, IEC 62061  is another international control reliability standard that could be used. This standard defines reliability in terms of Safety Integrity Levels (SILs). These SILs do not line up exactly with the ISO 13849-1 PLs, but they are similar. IEC 62061 is based on IEC 61508 , a control reliability standard used in the process industries. IEC 62061 is not well suited to applications involving hydraulic or pneumatic elements.The North American architectures deal primarily with electrical or fluid-power controls, while the EU system can accommodate electrical, fluid-power and mechanical systems.From the single channel monitored or Category 2 level up, the systems are required to have testing built-in, enabling the detection of failures in the system. The level of fault tolerance increases as the category increases. Interlocking devicesInterlocking devices are the components that are used to create the interlock between the safeguarding device and the machine’s power and control systems. Interlocks can be purely mechanical, purely electrical or a combination of these.Most machinery has an electrical/electronic control system, and these systems are the most common way that machine hazards are controlled. Switches and sensors connected to these systems are the most common types of interlocking devices.Interlocking devices can be something as simple as a micro-switch or a reed switch, or as complex as a non-contact sensor with an electromagnetic locking device.Requirements for these devices are published in a number of standards, but the key ones for industrial machinery are ISO 14119 [7, 2], and ANSI B11.0 . These standards define the electrical and mechanical requirements, and in some cases the testing requirements, that devices intended for safety applications must meet before they can be classified as safety components.These devices are also integral to the reliability of the control systems into which they are integrated. Interlock devices, on their own, cannot meet a reliability rating above ISO 13849-1 Category 1, or CSA Z432-04 Single Channel. To understand this, consider that the definitions for Category 2, 3 and 4 all require the ability for the system to monitor and detect failures, and in Categories 3 and 4, to prevent the loss of the safety function. Similar requirements exist in CSA and ANSI’s “single-channel-monitored,” and “control-reliable” categories. Unless the interlock device has a monitoring system integrated into the device, these categories cannot be achieved. Environment, failure modes and fault exclusionEvery device has failure modes. The correct selection of the device starts with understanding the physical environment to which the device will be exposed. This means understanding the temperature, humidity, dust/abrasives exposure, chemical exposures, and mechanical shock and vibration. Selecting a delicate reed switch for use in a high-vibration, high-shock environment is a recipe for failure, just as selecting a mechanical switch in a dusty, corrosive environment will also lead to premature failure.The device standards do provide some guidance in making these selections, but it’s pretty general.Fault exclusion is another key concept that needs to be understood. Fault exclusion holds that failure modes that have an exceedingly low probability of occurring during the lifetime of the product can be excluded from consideration. This can apply to electrical or mechanical failures. Here’s the catch: Fault exclusion is not permitted under any North American standards at the moment. Designs based on the North American control reliability standards cannot take advantage of fault exclusions. Designs based on the international and EU standards can use fault exclusions, but significant documentation supporting the exclusion of each fault is needed. Defeat resistanceThe North American standards require that the devices chosen for safety-related interlocks be defeat-resistant, meaning they cannot be easily fooled with a cable-tie, a scrap of metal or a piece of tape.The International and EU standards do not require the devices to be inherently defeat-resistant, which means that you can use “safety-rated” limit switches with roller-cam actuators, for example. However, as a designer, you are required to consider all reasonably foreseeable failure modes, and that includes intentional defeat. If the interlocking devices are easily accessible, then you must select defeat-resistant devices and install them with tamper-resistant hardware to cover these failure modes.Almost any interlocking device can be bypassed by a knowledgeable person using wire and the right tools. This type of defeat is not generally considered, as the degree of knowledge required is greater than that possessed by “normal” users. Device selectionWhen selecting an interlocking device, start by looking at the environment in which the device will be located. Is it dry, wet or abrasive? Is it indoors or outdoors and subject to temperature variations?Is there a product standard that defines the type of interlock you are designing? An example of this is the interlock types in ANSI B151.1  for plastic injection moulding machines. There may be restrictions on the type of devices that are suitable based on the requirements in the standard.Consider integration requirements with the controls. Is the interlock purely mechanical? Is it integrated with the electrical system? Do you require guard locking capability? Do you require defeat resistance?Once you can answer these questions, you will have narrowed down your selections considerably. The final question is: What brand is preferred? Go to your preferred supplier’s catalogues and make a selection that fits with the answers to the previous questions.The next stage is to integrate the device(s) into the controls, using whichever control reliability standard you need to meet. That is the subject of another article!References Safety of machinery - General principles for design - Risk assessment and risk reduction, ISO Standard 12100, Edition 1, 2010 Safeguarding of Machinery, CSA Standard Z432, 2004 (R2009) Industrial Robots and Robot Systems - General Safety Requirements, CSA Standard Z434, 2003 (R2008) Safety of machinery — Safety-related parts of control systems — Part 1: General principles for design, ISO Standard 13849-1, 2006 Safety of machinery – Functional safety of safety-related electrical, electronic and programmable electronic control systems, IEC Standard 62061, Edition 1, 2005 Functional safety of electrical/electronic/programmable electronic safety-related systems (Seven Parts), IEC Standard 61508-X Safety of machinery – Interlocking devices associated with guards – Principles for design and selection, ISO Standard 14119, 1998 American National Standard for Machines, General Safety Requirements Common to ANSI B11 Machines, ANSI Standard B11.0, 2008 Douglas Nix, A.Sc.T., is managing director at Compliance InSight Consulting, Inc. (www.complianceinsight.ca) in Kitchener, Ont. He produces a blog and podcast called Machinery Safety 101, exploring a wide variety of machine safety topics. Check out his blog at www.machinerysafety101.com.This column originally appeared in the May 2012 issue of Manufacturing AUTOMATION.
In North America, about five to 10 arc flash events occur each day. Arc flashes are responsible for as many as 80 percent of all electrical-related injuries.
An increased focus to comply with regulations and the need to reduce safety injuries are driving organizations to adopt new strategies and technologies to ensure the safety of people, processes and products. A recent Aberdeen Group study, "Integrated Safety Systems: Ensuring Safety and Operational Productivity," surveyed more than 120 executives last Fall about the current state of their safety program and the technologies they use to support their safety initiative. The report provides a roadmap for organizations attempting to better understand how an integrated safety system and other enabling technologies can best be deployed in a plant environment.
Bill 160 shifts the responsibility for injury and illness prevention activities from the Workplace Safety and Insurance Board (WSIB) to the Ministry of Labour. This will have the Ministry of Labour carry out health and safety inspections at Ontario workplaces, as well as oversee the delivery of workplace injury and illness prevention services by Ontario's health and safety associations. I had a chance to speak with the Ministry of Labour's John Vander Doelen, director of the Occupational Health and Safety System Review Project Secretariat, about how this shift will impact the readers of Manufacturing AUTOMATION (MA).
Note to readers: This article focuses on item 2 of the table in section 7 of the regulations titled Pre-Start Health and Safety Review that deals with machinery. The guidelines from the Ministry of Labour are available at http://www.labour.gov.on.ca/english/hs/pdf/gl_psr.pdf.
As a controls integrator, I have had the opportunity to work in different facilities across the globe. The majority of these facilities have one thing in common - the concept of arc flash is largely an unknown. This is no surprise, as arc flash standards and awareness have only recently become publicized and enforced.
When a company is convicted of an offence under Ontario's Occupational Health and Safety Act, the normal penalty imposed by the court is a fine. The courts in Ontario consider a wide range of factors when sentencing a corporation under the Act, although these factors are not of even weight.
Most offences under occupational health and safety legislation are "strict liability offences." This means that if a person or company is charged with such an offence, the Crown only has to prove that a workplace accident or injury took place due to a prohibited act or omission. The Crown does not have to prove that the defendant was at fault or negligent. However, the defendant — usually the employer — can defend itself against a strict liability offence by establishing the defence of due diligence.
There are a number of myths that have grown up around emergency stops over the years. These myths can lead to injury or death, so it's time for a little myth busting.
Make IT Secure 2019: Cybersecurity in Manufacturing
April 25, 2019
Partners in Prevention 2019
April 30-1, 2019
Advanced Design & Manufacturing (ADM) Canada
June 4-6, 2019
PDTA Canadian Conference
June 5-7, 2019
APMA Annual Conference & Exhibition 2019
June 12, 2019
Avnet IoT Workshop
June 16, 2019