Rank: Forum user 
|
Hi all, so before I start my query, I have read Reg 19 of L22, and I didn't clearly understand why the use of an interlocked guard or ES controls are not suitable means of isolation (so just want to get that out in the open before people start quoting that at me :)); the only thing I could think why (because unless I missed something, it didn't seem to expand upon why it wasn't) was the chance for machinery to be restarted (if guards are closed or if the ES button is taken out; hopefully someone can confirm this). Onto my main query.
So, as I'm no engineer and I'm sort of 'picking things up' as I go, what I'm trying to understand is whether or not it is acceptable to use emergency stops to carry out planned maintenance under certain conditions or service work (if say, there are 2 or more people working on a machine and ensure it remains in that positon) versus the use of an isolator? Again, I know what Reg 19 says about it not being suitable, but why? If the machine has an ES pulled out/used etc so the machine cannot run, and as long as one person is standing guard (to ensure it does not get restarted in error), is this an acceptable way of 'isolating' (I know it's not really considered isolating) the machine to work on it? I get this a lot where there seems to be much resistance to simply turning the power off at the isolator and using a lock-off device and what I want to understand is, where - and if - the use of an emergency stop can be considered a viable, safe alternative to the former or whether this is a complete no-no all the time. I'm assured by my maintenance team - and many contractors doing different types of work - that using an ES kills the power and as long as the ES is being prevented from being pushed back in again, then it is perfectly safe. However, I am sure there will most likely be limitations with - even if considered safe - where it won't be acceptable to use. Please advise? I would appreciate if you could keep it as least technical as possible (or if you are going to be technical, trying and explain it in layman's terms) as again, it's not the background I'm from, so if it's too technical, I most likely won't understand it. Thanks.
|
|
|
|
|
|
Rank: Forum user
|
PS - If someone can provide an example of a scenario where it doesn't work, that would be helpful, thanks.
|
|
|
|
|
|
Rank: Super forum user 
|
An emergency stop is functional safety and it is secondary protection. There is some conflict as certain EU documents call this function isolation, but it does not necessarily meet the requirements of EAWR89 for isolation. Then you have the potential for failure, any safety funciton can fail, and, in the absence of a specification requiring a higher level then an e-stop function only needs to meet PLc. For whole body access &/or potential ftaility we would be looking for PLe a much higher level of reliability from the safety function. An e-stop is only really suitable for routine tasks which do not involve the dismantling of parts of the machine.
It certainly does not isolate the machin electrically, it is only required to remove power/energy from actuators, not the rest of the machine. Just a start for you, got to dash off, sorry.
|
 1 user thanked paul.skyrme for this useful post.
|
|
|
|
Rank: Super forum user
|
Agree with Paul, the operation of an emergency stop does not mean the rest of the machine /plant / the circuit and equipment to be worked on is electrically dead and physically isolated. Equally, even if it was, it is far to easy to overide/re-energise the circuits under question.
While aimed at the petro-chemical sector, I would suggest that you read HSE publication HSG 253 The safe isolation of plant and equipment.
|
1 user thanked Ian Bell2 for this useful post.
|
|
|
|
Rank: Forum user
|
Thank you for the replies.
So, if the work is general maintenance and servicing (i.e. lubricating, greasing, visual checks of machinery etc) and doesn't involve any changing of parts/dismantling or doing any electrical work, would this then be an acceptable method? Would it be more acceptable to use multiple ES, if say, one were to fail, the other could act as a backup?
Again, thanks.
|
|
|
|
|
|
Rank: Super forum user 
|
With the machine still connected to the mains, you always have the potential of accidental start up - someone not connected with the process coming in and starting the machine while the engineer is inside or has his hands between rotating parts, etc.
If the machine is isolated at the mains and locked out, and any stored energy allowed to dissipate, then the machine cannot be accidentally started and it ensures the safety of the maintenance engineers.
There are maintenance tasks where the machine does need to be energised, on this occasion the machine should be tagged out at every start up point to ensure that the machine is not inadvertently started. I must admit that I have not heard of an e-stop being used for this purpose, normally the machine off switch would be used.
However, if you have a lockable e-stop, then this might be permissible as you cannot restart the machine without the key. However, bear in mind that an emergency stop button does exactly what is says on the tin, it is to stop the machine in an emergency and should not take the place of proper two handed start up controls.
|
1 user thanked hilary for this useful post.
|
|
|
|
Rank: Super forum user
|
ES May simply break the live supply rather than isolate the whole supply. For the sake of turning off and isolating versus the issues of it going wrong, why not isolate?
|
1 user thanked Acorns for this useful post.
|
|
|
|
Rank: Super forum user 
|
E-Stop activated whilst an employee worked inside a machine.
Supervisor walked past, released the E-stop and started the machine - one employee less. Corporate response was everyone sent Lock Out Tag Out procedue to immediately implement. Well designed machinery would have remote lubrication points otherwise isolate.
|
2 users thanked Roundtuit for this useful post.
|
|
|
|
Rank: Super forum user
|
E-Stop activated whilst an employee worked inside a machine.
Supervisor walked past, released the E-stop and started the machine - one employee less. Corporate response was everyone sent Lock Out Tag Out procedue to immediately implement. Well designed machinery would have remote lubrication points otherwise isolate.
|
2 users thanked Roundtuit for this useful post.
|
|
|
|
Rank: Super forum user
|
As a general principle 'isolation' should physically prevent accidental re-energisation, hence isolation/lockout devices. Whilst predominantly written for valve isolation of pipelines; para 150 of HSG253 states "Wherever practicable, use locking arrangements or barriers to physically prevent accidental or unauthorised removal of the isolation. The need for security is greatest where a sigle action could lead to the release of a hazardous fluid" (energy). I would suggest unless any kind of isolation device cannot be secured with a lock of some kind it is merely turned off not isolated.
|
1 user thanked Holliday42333 for this useful post.
|
|
|
|
Rank: Forum user
|
I agree with all of the people who have posted. The primary aim of isolating a machine is to prevent restart when it is under maintainance. I have however found that a lot of people do not understand the difference between switching off, relying on an interlock and isolating. The most extreme case I have come across was a few years ago when I was doing a liability survey for an insurance company. The company used injection presses to make plastic boxes. They had an issue where on occasion the the boxes would not eject from the mould. The standard practice was for the operator to open the access gate which stopped the machine as the interlock had been activated. The operator then enter the guarded area and reached between the mould heads and pulled the box out. On talking to the operator I asked why he did this. Firstly he hadn't considered that someone could come along ang just close the gate and that there was the possibility that the press could start and trap his arm and probably remove it. Secondly he said that to use the isolation process meant that he would not be able to make as many boxes during his shift and he wouldn't be able to beat his target and he would lose his bonus. The subsequent discussion with the MD was to say enlightening. As was the one with the underwriter. I see that the factory has now closed and has been replaced with a carpark To me it reinforced that need for isolation to carry out any work inside a machine and not to rely on a interlock or off switch. So for me its always isolation regadless of the machine downtime or a failure to reach a target or the loss of a bonus.
|
2 users thanked Gerry Knowles for this useful post.
|
|
|
|
Rank: Super forum user
|
Originally Posted by: Svick1984  PS - If someone can provide an example of a scenario where it doesn't work, that would be helpful, thanks.
I will give you, then, the story of how I got into H&S. I was working on a machine that manufactured polythene envelopes. It basically used a big reel of what looks like cling film through many rollers on a machine, before finally going through a hot knife. As glue was needed on the sealing edge there were occassions that the glue would get onto the rollers, causing the polythene to wrap around the roller. The polythene had to be kept to the correct tension throughout the process, and kept moving when the glue was on (to stop the hot melt glue from blobbing and causing the above mentioned wrap ups). I had suffered a wrap up on the differential bar that was powered to keep the tension and movement constant.
I pressed in the ES button to ensure the bar wouldn't power up. I knew the button stopped the machine as we tested them (on rotation) daily, and it had been tested that day. Whilst dealing with the wrap up I had to adjust a cog to put the roller on manual. When doing this the machine powered up drawing my right index finger through the cogs, crushing my finger tip, ripping out my nail and grinding away the skin down to the bone on that finger tip (from the first knuckle up). When recovering I asked that the machine be checked, but was told that there was nothing wrong with the machine and it had been my fault. I hadn't engaged the ES button. I knew I had so I started legal action. My MD asked why I was doing this, I replied that I would drop the case if the machine was looked at. It was checked over and the button was found to be faulty. It did stop the machine, but it didn't hold the machine in a stopped condition. The machine was resetting itself (due to the bar being raised) when I was working on it. I didn't know this because when I tested the button it was already in the reset position with the bar down. If I had isolated the machine instead I would have been fine. The would have been no power in the machine. (As a side note the MD then put me through NEBOSH and told me to take control of the H&S side of the site)
|
2 users thanked CptBeaky for this useful post.
|
|
|
|
Rank: Forum user
|
Originally Posted by: AcornsConsult ES May simply break the live supply rather than isolate the whole supply. For the sake of turning off and isolating versus the issues of it going wrong, why not isolate?
I ask this question myself, and from what I recall, it's primarily because some of the machines are so old, that trying to restart them (even after corretly shutting them down) can be a real problem. It's also an issue because some of the isolators are so old, that they can't have a lock-off device fitted. Lastly, because of time factors; complaints by production teams that if they constantly have to be isolated and locked-off, it can take lots of time to restart the machine to get back to running production (whereas with an ES, its just take it out and away you go; not saying that's right, but that's the issue).
I think we've agreed that where electrical work is done, absolutely has to be isolated and locked-off; same for work on anything hydraulic or pnuematic (and stored energy is dissipated as Hilary mentioned). Judgement call depending on other things depending on what work they are doing and the likelihood of something moving that could give way to an injury, how that machine has to run (not just like hitting a button, but a number of sequences involved by the operator), visibility in terms of the operative and worker respectively etc.
|
|
|
|
|
|
Rank: Super forum user
|
If the equipment is that old, then you shouldn't rely on the e-stop function. This is the reason functional safety has evolved the way it has, including for example to self-diagnose faults, this is what the Performance Level is there to do, so with modern, correctly implemented functional safety minor interventions for loading/unloading and rectification of small things like jams and misplaced product can be safely undertaken. This if implemented correctly would have prevented the failed e-stop. It would have been detected by the machine systems and flagged up as a fault to the user. Plus, entering a guard should trigger a second and separate functional safety system which would prevent & disable movements in a monitored manner, such that should they re-commenced then the machine control would then remove all power from its actuators. Removal of fixed guards is not acceptable except under full LOTO. The issue is ensuring that the functional safety is implemented correctly. Taking nonprogrammable devices, ISO 13849-1 outsells ISO 13849-2 by an awful lot, so there seems to be very few organisations (as in machinery builders) that are validating their functional safety is adequate. Which should be detected by the end user when they are doing their PUWER Reg 10 checks, but again this doesn't seem to be getting done either. Lubrication points are required to be external to guarding unless they are only to be accessed during major overhaul. These issues are often what we pickup when we do PUWER assessments from a safety engineering standpoint rather than a H&S standpoint.
|
2 users thanked paul.skyrme for this useful post.
|
|
|
|
Rank: Forum user
|
Just to add an example in to this very interesting discussion. I'm not an electrician. Came across this a few years back. A particular machine had a low voltage brake system on the main motor drive. In effect activating the e-stop removed the main drive circuit, but a lower voltage was still applied to the drive to act as a type of brake. The example was an inclined conveyor system. If "isolated" the weight of any product on the inclined conveyor, plus gravity, could in effect mean that the conveyor would move backwards. So, e-stop did not remove all power, it left the machine in a "static" and "safe" condition for the operator. Isolation left the machine in a "safe" condition for the maintenance team to get their spanners out. Maintenance team working on the machine with the e-stop activated, but not isolated, would be exposed to live electicals.
Hope this is one example of the difference. regards
James
|
1 user thanked James Robinson for this useful post.
|
|
|
|
Rank: Super forum user
|
Originally Posted by: James Robinson Just to add an example in to this very interesting discussion. I'm not an electrician. Came across this a few years back. A particular machine had a low voltage brake system on the main motor drive. In effect activating the e-stop removed the main drive circuit, but a lower voltage was still applied to the drive to act as a type of brake. The example was an inclined conveyor system. If "isolated" the weight of any product on the inclined conveyor, plus gravity, could in effect mean that the conveyor would move backwards. So, e-stop did not remove all power, it left the machine in a "static" and "safe" condition for the operator. Isolation left the machine in a "safe" condition for the maintenance team to get their spanners out. Maintenance team working on the machine with the e-stop activated, but not isolated, would be exposed to live electicals.
Hope this is one example of the difference. regards
James
Interesting example James, and I don't disbelive you for one minute, honestly, because I have seen similar myself.
However, such a system now would not be considered suitable as a safety function as it relies on power being present to be considerd safe, i.e it'snot failsafe. This just goes to show how functional safety has been developed, and how there is even the beginnings of a LOPA system even with machinery these days, if it is implemented in accordance with the HD's, unfortunately though this seems mostly not to be the case which is why PUWER Reg 10 inspecitons are so important. Edited by user 05 December 2019 12:34:57(UTC)
| Reason: Typo and re-wording.
|
|
|
|
|
|
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.