May 7, 2021
By Nuala Mullan, Business Development Lead for Safety Services, Rockwell Automation, & Troy Hoffman, Safety Manager, Rockwell Automation
With the increased demand on our industrial workforce, many facilities are expanding the “do more with less” approach when it comes to machine safety. Today, environmental, health and safety (EHS) and similar professionals are more likely to have their responsibilities expanded beyond programs such as Lockout/Tagout (LOTO) and Confined Space. They may now be expected to design and test functional safety devices such as light curtains, area scanners and guard gates that historically were the responsibility of the plant engineer or equipment manufacturer.
Although these safety controls can be a vital part of machine interaction and safety that can enable minor servicing tasks to be completed without lockout of the machine, there is still confusion on the application of LOTO and alternative protective measures (APM). When do we use LOTO and when do we use APMs?
OSHA’s Control of Hazardous Energy regulation (1910.147) allows for alternative methodologies to be used so long as they are “as effective as lockout/tagout” for the task. And that’s where many companies run into problems. Often we see cases of companies using the exception clause to allow the employee to “create their own” path to safety if lockout/tagout is impractical. But this alternative method to lockout should not increase risk to employees.
Following the five steps of the machine safety lifecycle as outlined will help you mitigate risk associated with potential hazards and document the process.
1. Risk Assessment
A clearly defined risk assessment process serves as an effective tool for properly identifying and assessing the real hazards that are involved with interacting with a particular machine. It provides a method for determining equivalent levels of protection when designing safeguards that allow the safe use of OSHA’s minor servicing exception.
The risk assessment process takes away the guesswork when estimating risk and prescribing safety system performance. The risk assessment is an active, documented process that can be filed and maintained for the entire life of the machine and serves as documented proof of “due diligence.” The risk assessment establishes the foundation and early framework for the design and implementation of an effective machine safety program.
2. Safety Functional Requirements Specification (SFRS)
The purpose for developing the safety functional requirements specification is to review the initial risk reduction recommendations from the risk assessment and confirm the ability to implement them as recommended. The specification contains existing and proposed safety functions and will serve as a basis for both the safety system design and the validation plan.
3. Design & Verification
Safety system design includes all aspects of the safety system, including guarding (fixed, perimeter, interlocked, etc.) and safety controls (emergency stops, light curtains, etc.) as defined in the SFRS. Documentation should include safety controls bill of materials, drawings for safety control panel layout, wiring diagrams, hardware interface diagrams, and any safety or HMI software (application code) development. Once the initial design is complete, the safety system should be verified and documented to demonstrate compliance with the safety circuit architecture and circuit performance requirements specified in the risk assessment.
4. Installation and Validation
After the safety system is designed and verified, you can install the approved safety control hardware and guarding. But you’re not done yet. Validation will demonstrate the designed system is correctly installed and functioning in accordance with the SFRS. The validation plan is a step-by-step documented process testing normal and abnormal operation of the safety system.
5. Maintenance and Improvement
Using the machine safety lifecycle’s iterative approach, changes to the equipment, process, and interaction with the machine are identified and any new risk to the employee can be mitigated appropriately.
Alternative De-energization Procedures (ADP)
Once the guarding is complete and the documentation proving its effectiveness is in place to protect employees performing the minor servicing tasks, what’s next? Be sure to document what tasks can be done safely using ADPs and instruct the machine users on what steps to take. These tasks and instructions are documented in an alternative de-energization procedure. These ADPs are vitally important to communicate acceptable use of the APMs put in place.
Complimentary Paths to Safety
Effective safety programs can reduce risk to employees performing various tasks and maximize efficiency through reduced downtime. For tasks requiring complete de-energization of a machine, companies will benefit by having a robust lockout/tagout program. Risk reduction to an acceptable level can be achieved for routine, repetitive, and integral tasks when the machine remains energized by following a set of good engineering principles as outlined in the machine safety lifecycle.