Welcome Guest! The IOSH forums are a free resource to both members and non-members. Login or register to use them

Postings made by forum users are personal opinions. IOSH is not responsible for the content or accuracy of any of the information contained in forum postings. Please carefully consider any advice you receive.

Notification

Icon
Error

Options
Go to last post Go to first unread
DaiJones  
#1 Posted : 06 April 2021 08:40:25(UTC)
Rank: New forum user
DaiJones

Looking for some help on when is isolation required. 

Firstly let me explain the equipment it is a small cup forming machine with hinged interlock doors on both sides. The interlocks are to a standard where a single fault would not lead to loss of the safety function. Operators running the machine would use the interlock doors to clear blockages and complete cleaning activities. Engineers feel they should be able to reply on the same interlocks to complete their engineering activities, these activities would be completing a tool change where they would need to unbolt and remove the mandrills from the machine, they would need to inch the machine around to remove each mandrill so they feel the need the leave the power on. There is no chance of the machine starting or parts moving with the interlock doors open. 

The PUWER regs and the guidance to this dont seem to leave a lot of room for work without isolation unless we interpert the wording on guarding as meaning fixed guarding only. 

Our risk assessment would deem the risk from contact with moving parts low if we rely on the interlocks to complete the work. 

Edited by user 06 April 2021 09:14:08(UTC)  | Reason: Not specified

paul.skyrme  
#2 Posted : 06 April 2021 09:36:10(UTC)
Rank: Super forum user
paul.skyrme

What performance level are the interlocks?

What category are they?

Is the machine relatively new?

Were the machine Safety Related Control Systems designed to EN954 or ISO13849?

If you had the machine new, did you request the ISO 13849-2 validation from the machine OEM?

It is possible that if the controls are correctly designed and validated that you may be looking at a very low hazard from machine parts moving with the functional safety active.

What do the OEM instructions say?

Is the functional safety for tooling changes?

Sorry more questions than answers, but machinery functional safety is my area.

thanks 2 users thanked paul.skyrme for this useful post.
CptBeaky on 06/04/2021(UTC), DaiJones on 08/04/2021(UTC)
CptBeaky  
#3 Posted : 06 April 2021 09:43:48(UTC)
Rank: Super forum user
CptBeaky

    Random fact: - I work in H&S due to me being injured by a machine that was "e-stopped" off but not isolated. I reached into a cog and the machine started up, taking my finger through it. I have lost all feeling in my right index finger from the last knuckle when it was stripped bare practically to the bone.. There was a fault in the machine that meant the machine tried to reset even though the e.stop button was in. When the company refused to believe me I sued. When they asked why I replied that unless I showed them liable they wouldn't repair the machine, and therefore it could happen again. The found the fault, repaired the machine and I dropped the case. They then put me in charge of H&S. (long story short)

    A few issues I foresee with not isolating, based on experience.

    1. Interlocks leave the machine live. There is an increased risk of electric shock should they be working near any exposed electrical parts.
    2. They may be tempted to "by-pass" interlocks so that they can jog the machine with the interlocks open. If this is a machine that a person can be inside whilst the doors are closed it is a huge risk
    3. The machine is less likely to be "tagged off" if it is not isolated, meaning that it could be restarted before the work is finished.

    However if the machine has been designed correctly, with the proper interlocks etc (as Paul expertly says) you may be ok.

    thanks 1 user thanked CptBeaky for this useful post.
    DaiJones on 08/04/2021(UTC)
    stevedm  
    #4 Posted : 06 April 2021 11:34:12(UTC)
    Rank: Super forum user
    stevedm

    This may help =- Safety professionals guide to LOTO....

    https://d37iyw84027v1q.cloudfront.net/common/safety_professionals_guide_to_lockout_tagout_ebook.pdf

    Gerry Knowles  
    #5 Posted : 06 April 2021 12:57:08(UTC)
    Rank: Forum user
    Gerry Knowles

    I for one consider that the only safe way to work on a machine is to isolate all sources of power to it then run a test system to ensure that it does not operate.  We can all look for excuses thats it ok to do minor works using the interlocks to prevent the machine operating, but you just have to look through a few court cases where people have been injured or killed whilst doing work on machines.  I personally have seen a number of cases where people have put themselves at risk "for the sake of speed or I was doing the right thing for the company".  In one case I was doing an insurance survey at a plastic box manufacturer where the moulding machine did not eject a box as part of the normal production cycle.  I was amazed that the operator opened the gate in the enclosure, walked in, pulled the box out and walked out again.  On questioning he said that he didn't have time to isolate the machine as this was a normal occurance and he wouldn't hit his target for the day.  In a second case, again on an insurance survey, we rounded a corner and found an operator laying inside a press used to form aluminum sections into curved panels, again he was working with only an interlock to protect him.  I was surprised that they both didn't appear to fully understand the consequences of their actions and that a helpful employee could have just closed the interlocked gate and the machine would have gone through a cycle with them in it.  

    So for me if a machine requires remedial work to clear a blockage or if minor maintainance work is required.  The machine should be fully isolated and tested to ensure that it cannot start.  Remember Try, Lock, Test and Try. Then proceed. 

    paul.skyrme  
    #6 Posted : 06 April 2021 15:15:19(UTC)
    Rank: Super forum user
    paul.skyrme

    If everything has to be done under LOTO, then the national standards bodies, and HSE have got it wrong.

    The £M that are spent each year on developing functional safety and implementing this, and all people have to do is LOTO.

    Shut the whole production line down to remove a box jammed in a machine, when the systems have been designed, implemented and maintained correctly such that they will fail once every 1M years.  Never mind that, it's safer to LOTO and cost £M to companies every year and cause loads of pollution and gobble up much more resources to stop and re-start equipment.

    Functional safety is there for a reason.  IF it is done correctly then it is safe and suitable for the purpose.

    Obviously none of you has equipment like this with guards and interlocks that are not designed, constructed and maintained in accordance with the relevant safety standards and legislation as that would be a breach of PUWER, Reg 10 for example if the interlocks or e-stops are inadequate.  None of you would allow that to happen would you.

    thanks 2 users thanked paul.skyrme for this useful post.
    Roundtuit on 07/04/2021(UTC), CptBeaky on 08/04/2021(UTC)
    Allan Jones  
    #7 Posted : 06 April 2021 20:09:13(UTC)
    Rank: Forum user
    Allan Jones

    How are the interlock doors controlled to prevent them being inadvertally closed and starting the machine up unexpectedly?

    BS EN 60204‑1:2018

    5.4 Devices for removal of power for prevention of unexpected start-up

    "Devices for removal of power for the prevention of unexpected start-up shall be provided where a start-up of the machine or part of the machine can create a hazard (for example during maintenance). Such devices shall be appropriate and convenient for the intended use, be suitably placed, and readily identifiable as to their function and purpose. Where their function and purpose is not otherwise obvious (e.g. by their location) these devices shall be marked to indicate the extent of removal of power."

    ISO 14118:2017 specifies requirements for designed-in means aimed at preventing unexpected machine start-up to allow safe human interventions in danger zones

    thanks 1 user thanked Allan Jones for this useful post.
    DaiJones on 08/04/2021(UTC)
    DaiJones  
    #8 Posted : 08 April 2021 11:54:52(UTC)
    Rank: New forum user
    DaiJones

    Originally Posted by: paul.skyrme Go to Quoted Post

    What performance level are the interlocks?   

    What category are they?

    Is the machine relatively new?

    Were the machine Safety Related Control Systems designed to EN954 or ISO13849?

    If you had the machine new, did you request the ISO 13849-2 validation from the machine OEM?

    It is possible that if the controls are correctly designed and validated that you may be looking at a very low hazard from machine parts moving with the functional safety active.

    What do the OEM instructions say?

    Is the functional safety for tooling changes?

    Sorry more questions than answers, but machinery functional safety is my area.

    Thanks for your response. 

    So we had an audit undertaken on the suitabiltiy of the interlocks for our machines and the machines in question they rated as a cat 2 and cat 3, performance rating  b for low and d for medium for the cat 3 machines and b for low c for medium for the cat 2 machines. 

    The audit said they are at the correct standard for the timeframe of their manufacture. 

    One machufacturer (american) says lotto for all engineering tasks and adjustments and the other German makes not mention of the need to isolate. 

    As far as the risk goes, the guys are literally opening an interlock door un bolting two bolts removing the mahcine peice then closing the door jogging to remove the next peice. 

    There is no chance them going to the machine with the door closed behind them as the machine is not big enough, they are blocking the door all the time. 

    Operators access the machine throught the shift to clear blockages access the same areas however they are not using tools. 

    I agree that its the point in having a safety circuit on the machine to allow short term interventions. The tool change is border line non intrusive, parts are easilly accessable and removed with a couple of bolts, there is no live electrics near. I'm stuggling to see the difference in the risk from what we allow our operators to do and there is no way we would lock the machine off to entre it to clear a blockage for them.  

    Any more serious works like removing the tooling tables would be completed under lock off. 

    peter gotch  
    #9 Posted : 08 April 2021 14:15:25(UTC)
    Rank: Super forum user
    peter gotch

    Dai - I would be inclined to follow the advice given by Paul Skyrme rather than that of an American manufacturer.

    OSHA Regulations in the US might tell you that any intervention must be done under LOTO, but in reality this probably doesn't happen much of the time, but OSHA Regulations do not recognise the concept of doing what is "reasonably practicable". If the legislation is impractical to comply with it is likely to be breached. That might help to explain why US reported accident rates are MUCH higher than those in most of Europe.

    This is NOT me arguing that isolation and lock off is not often necessary! UK legislation reflects this but recognises that there are exceptions.

    Acorns  
    #10 Posted : 08 April 2021 18:44:58(UTC)
    Rank: Super forum user
    Acorns

    Originally Posted by: DaiJones Go to Quoted Post
    Originally Posted by: paul.skyrme Go to Quoted Post

    As far as the risk goes, the guys are literally opening an interlock door un bolting two bolts removing the mahcine peice then closing the door jogging There is no chance them going to the machine with the door closed behind them as the machine is not big enough, they are blocking the door all the time. 

    Operators access the machine throught the shift to clear blockages access the same areas however they are not using tools. 

    I agree that its the point in having a safety circuit on the machine to allow short term interventions. The tool change is border line non intrusive, parts are easilly accessable and removed with a couple of bolts, there is no live electrics near. I'm stuggling to see the difference in the risk from what we allow our operators to do and there is no way we would lock the machine off to entre it to clear a blockage for them.  

    Any more serious works like removing the tooling tables would be completed under lock off.

    perhaps there is a subtle but potentially critical safety difference between 'operator" and a 'fitter/engineer".  The operator will only ever do that single task of dislodging the product.  Whilst the fitter might usually do a just job, but occasionally may stretch their luck and do more substantial job and rely on the interlock, when in truth they should be using loto, because it's easie, quickie or habit.    IMHO, that subtle difference would probably be enough to find one acceptable and the other not.

    Roundtuit  
    #11 Posted : 08 April 2021 19:36:29(UTC)
    Rank: Super forum user
    Roundtuit

    Where do the "multi-skilled" fit in to your vision of a workforce? As we have no legal differentiation within the UK an operator/fitter/engineer can be all of the above OR none of the above.

    In the old Trades Union days everyone hade their demarcated activity at an employer and woe betide the employer if anyone crossed the invisible lines. Nowadays we come back time and again to the concept of competence relative to the task being undertaken.

    In the main, just as beauty is in the eye of the beholder, so competence is in the eye of the employer.

    If I can point the open end of a spanner at a nut am I an engineer? At least four previous employers considered me so despite no apprenticeship, NVQ or degree.

    Roundtuit  
    #12 Posted : 08 April 2021 19:36:29(UTC)
    Rank: Super forum user
    Roundtuit

    Where do the "multi-skilled" fit in to your vision of a workforce? As we have no legal differentiation within the UK an operator/fitter/engineer can be all of the above OR none of the above.

    In the old Trades Union days everyone hade their demarcated activity at an employer and woe betide the employer if anyone crossed the invisible lines. Nowadays we come back time and again to the concept of competence relative to the task being undertaken.

    In the main, just as beauty is in the eye of the beholder, so competence is in the eye of the employer.

    If I can point the open end of a spanner at a nut am I an engineer? At least four previous employers considered me so despite no apprenticeship, NVQ or degree.

    paul.skyrme  
    #13 Posted : 08 April 2021 22:32:02(UTC)
    Rank: Super forum user
    paul.skyrme

    Originally Posted by: DaiJones Go to Quoted Post

    cat 2 and cat 3, performance rating  b for low and d for medium for the cat 3 machines and b for low c for medium for the cat 2 machines.

    I am not quite sure about the way you have used the terms here so I will interpret this as best as I can.

    Lets's say you have PLb (Performance Level b), I am guessing that the low relates to the diagnostic coverage?  Though that rolls into the PL.

    Category 2, (Cat 2) relates to the architecture of the safety function, i.e. circuit design (generally speaking).

    A Cat 2 architecture requires that the machine automatically checks the safety function operation upon start up, and if it is incorrect then the machine must fail to start.

    It also must be checked at every change of state (effectively).

    PLb is only suitable where a reversible injury could be sustained.

    The chance of a dangerous failure, that is a failure in the safety function, which goes undetected and may cause harm, must only be able to happen at the most frequent once every 10,000 hours.  The machine must also have a 20 year mission life on the safety functions, so it should fo 20 years without any manual interventions and not suffer one failure, after that it may suffer a failure in the next 10,000 hours that goes undetected.  So even the lowest level of functional safety on the machine is pretty damn safe.

    PLc is at worst one undetected dangerous failure every 33,333 hours.

    PLd is at worse one undetected dangerous failure every 100,000 hours.

    Category 3 requires that dangerous failures are detected prior to the demand on the safety function too.

    Pd Cat 3 is pretty damn safe.

    PLe Cat 4 would be the ultimate and that would be on a whole body access zone whereby a failure would result in a death or multiple deaths, and, would be completely unavoidable should the thing fail.

    Without knowing what the actual details of the interlocks on the guard protecting the area are, the details fo the circuit and having access to the 945/13849 checks and validations I would not be able to comment further on the suitability of the interlocks.

    The issue as has been suggested which stems from the USA is the insistence on LOTO, which in itself encourages the defeating of safety systems.  The motivation to defeat safety systems and functions such as guarding and guard interlocks is going to become a big topic soon as it is being looked at by the relevant standards bodies to roll into the product standards so manufacturers of equipment will have to design such that tasks can be undertaken safely without there being protracted procedures to get the machine into a safe state. So functional safety is likely to increase its role.

    Kate  
    #14 Posted : 09 April 2021 07:18:28(UTC)
    Rank: Super forum user
    Kate

    Paul

    I'm interested - why do you say the US insistence on LOTO encourages the defeating of safety systems?

    thanks 1 user thanked Kate for this useful post.
    Wailes900134 on 09/04/2021(UTC)
    paul.skyrme  
    #15 Posted : 09 April 2021 10:51:53(UTC)
    Rank: Super forum user
    paul.skyrme

    Because LOTO takes effort from the "operator", they have to get permission to LOTO, sort out any permits, get a lock, isolate the machine, lock it off, do the job and reverse the procedure, which takes time.

    Additionally, the act of shutting down the machine might have knock-on effects elsewhere in the plant/on the line, so this will be unpopular with management.

    Ergo, people take risks, it's easier to grab a hex key out of your pocket and remove a fixed guard with the power on and just do the job, stick the guard back on after with just one screw, loose.  Makes it easier for next time.

    Also, LOTO is procedural safety it is lower down the hierarchy of control than engineering controls which is what correctly implemented functional safety is.

    I find the issue is that unfortunately, and I don't think that this statement is going to be popular here.

    Many H&S practitioners do not understand the engineering behind functional safety and thus look at it as dangerous.  Whereas a safety engineer who designs, validates and advises on such things sees it as much safer than procedures because it happens without human intervention and is self-diagnosing.  It will prevent a machine from operating if it detects a failure.

    This, however, does rely on the functional safety being done correctly, which relies on the end-user ensuring that the machine OEM does this correctly, which I why I ALWAYS advise end-users to verify the existence of the Technical File for the machine they are buying and to insist, by means of the contract if necessary to have a copy of the ISO 13849-2 validation on paper and in the native software method used to do the validation if any software is used.

    The paper validation is great, but the software file can be sent to people like me to check if the validation is done correctly and advise you whether the safety functions have been designed correctly.

    Also, to insist on the safety matrix used to derive the safety functions so that this can be looked at with the physical machine to ensure that the appropriate devices are having their energy removed.

    Then the PLr needs to be checked to see that an appropriate PLr has been selected, this needs the PLr assessment to ISO 13849-1.

    This is an important part of compliance with PUWER Reg 10.  Without this, how can you be sure that the machine is safe?

    Functional safety is a fundamental part of the safety built into the machine, its correct operation and suitability need to be verified by a competent safety engineer because it is the end-user whose personnel will get injured, and it is the end-user who suffers the losses in downtime from injuries or protracted LOTO procedures if they don’t accept the machine design is fundamentally safe.

    We won’t even go into the controls over machinery electrical enclosures which are encroaching from the NEC world to the IEC world when the NEC designs are in my experience 20 years behind the IEC designs as far as safety and accessibility of exposed live parts.

    thanks 5 users thanked paul.skyrme for this useful post.
    Roundtuit on 09/04/2021(UTC), Kate on 09/04/2021(UTC), RVThompson on 09/04/2021(UTC), CptBeaky on 12/04/2021(UTC), John Murray on 13/04/2021(UTC)
    Wailes900134  
    #16 Posted : 09 April 2021 12:44:58(UTC)
    Rank: Forum user
    Wailes900134

    Agree with all of the above. I would always suggest a survey of all of the equipment to establish the extent of work required to provide local lockable isolation for the various hazardous energy sources as part of the effort to impliment LOTO. At least when it is relatively easy to do you have some hope of procedures being applied willingly. 

    Alabaster  
    #17 Posted : 10 April 2021 08:53:52(UTC)
    Rank: Forum user
    Alabaster

    Are you comfortable putting your body parts into the machine when it is not fully isolated? 

    How practical are your LOTO procedures?

    Regardless of what all the standards and regulations say, is there, in your opinion a significant risk of harm?

    Users browsing this topic
    You cannot post new topics in this forum.
    You cannot reply to topics in this forum.
    You cannot delete your posts in this forum.
    You cannot edit your posts in this forum.
    You cannot create polls in this forum.
    You cannot vote in polls in this forum.