B11 LMSS Module 2 Rev 03 Secure PDF
Document Details
Uploaded by BravePoisson
Tags
Summary
This document provides an overview of B11 LMSS Module 2, covering topics such as safety services, responsibilities and risk assessment.
Full Transcript
DO DO NOT NOT COPY COPY –– DO DO NOT NOT SHARE SHARE B11 LMSS™ Welcome to B11 LMSS Module 2 DO NOT COPY – DO NOT SHARE...
DO DO NOT NOT COPY COPY –– DO DO NOT NOT SHARE SHARE B11 LMSS™ Welcome to B11 LMSS Module 2 DO NOT COPY – DO NOT SHARE Safety Services UK and EU Lead– Matt Chandy 3 years experience supporting Safety Interlocks Customer Application Support Manager VP Technical Safety – Jenny Tuertscher Expert member of ISO TC199 WG3, WG5, WG6, WG7, WG8 & ISO TC313 WG1 Member of ANSI B11 committees FS Engineer (TÜV Rheinland) #14247 / 17 – Machinery B11 LMSSTM Certification #AA311265118 B11 LMSS™ Welcome to B11 LMSS Module 2 DO NOT COPY – DO NOT SHARE Join in! Time Session Ask questions at any time 15 Mins Welcome and intro Breaks 15 Mins Responsibilities and risk We will aim for a break every hour or assessment recap so with one longer break in the 15 Mins Inherently safe by design middle 30 Mins Engineering controls – Mute Guards When you’re not talking please use 90 Mins Engineering controls – the mute button Control functions Reactions 75 Mins Engineering controls – Devices Please make use of the “reaction” buttons 15 Mins Administrative controls Lower your hand by pressing it again B11 LMSS™ Overview B11 LMSS DO NOT COPY – DO NOT SHARE Module 1 Module 2 Module 3 Module 4 Module 5 Examination Introduction to B11.19 Risk B11.26 Integrating LOTO and 50 Multiple Standards and Reduction Functional Machines and electrical safety choice questions Regulations Measures Safety Robotics ANSI Z244.1 and 90 Mins B11.0 Safety of Inherently Safe Performance B11.20 and RIA NFPA 79 Machinery By Design Levels R15.06 Risk Engineering Categories Assessment Controls Control General Administrative Reliability Requirements Controls Fault considerations B11 LMSS™ B11 LMSS Scope DO NOT COPY – DO NOT SHARE This course will instruct you on: Standards and Regulations What are machinery safety standards Why are they useful How do you use them Overview of the key standards This course does not: Cover specific machinery/industry details Cover every single requirement laid out in the standards and regulations (But it will show you how to find them!) B11 LMSS™ DO NOT COPY – DO NOT SHARE B11.19 2019 Performance Requirements for Risk Reduction Measures The primary objective of this standard is to establish the requirements for the design, construction, installation, operation and maintenance of the risk reduction measures used to eliminate or control hazards to individuals associated with machines. B11 LMSS™ Learning Objectives DO NOT COPY – DO NOT SHARE Introduction to B11.19 Risk reduction measures requirements and responsibilities Recap of risk assessment B11 LMSS™ B11.19 History DO NOT COPY – DO NOT SHARE to try to consolidate widely scattered information about safeguarding; Begun in 1980 (Performance Criteria for Safeguarding) approved in 1990; 1st edition approved in 2003 and included the updated Liberty Mutual anthropometric data and a new safety distance annex; 2nd edition 2010, incorporated new requirements and information (Protective Stops, Perimeter Guarding, Muting, Manual Suspension (Bypass), Emergency Stop including rope/cable pulls, three-position Enabling Devices, Hold-to-run Control, Guard Interlocking Switches with guard locking, and PSDI). The 3rd edition requirements for ANSI B15.1 (Mechanical Power Transmission Apparatus) were also incorporated. 2019, contains substantial and significant changes from the 2010 edition, including a major reorganization of flow consistent with the hierarchy of controls – this is the edition we will focus on in Current this module. edition B11 LMSS™ B11.19 Sub Committee DO NOT COPY – DO NOT SHARE B11 LMSS™ B11 SDC Members DO NOT COPY – DO NOT SHARE Alan Metelsky, FS Eng., Chair / Anne Matthias, PE,Vice-Chair / David Felinski, Secretary Organizations Represented Names of Representatives Organizations Represented Names of Representatives (Delegates and Alternates) (Delegates and Alternates) A3 – Association for Advancing Automation Carole Franklin Jeff Fryman LM - Liberty Mutual Craig Karasack, CSP Julie Thompson, CSP AEC - Aluminum Extruders Council Mel Mitchell, CSP Bradley Wyatt, CSP, CMSE MAG - MAG Automotive LLC Erik Carrier Doug Watts Amazon Robotics Jeread Sines, FS Eng, B11 LMSS Pat Barry MPIF - Metal Powder Industries Federation Bill Edwards James P. Adams ASSP - American Society of Safety Professionals Ted Sberna, Sr. Anne Matthias, PE NIOSH - National Institute for Occupational Safety & Health Richard Current, PE AMT - Association for Manufacturing Technology Russ Bensman Alan Metelsky, FS Eng. Omron Tina Hull, FS Exp. Frank Webster BOEING - The Boeing Company Rhiannon McPherson Mark Ellington & Stephen Thomas OSHA - Occupational Safety and Health Administration Ken Stevanus Mary Bauer, CSP, CIH, B11 LMSS Bridgestone Kenji Furukawa, FS Eng. Joey Hinson, FS Eng. PILZ - Pilz Automation Safety, LP Mike Beerman Dino Mariuz CSA - Canadian Standards Association Andrea Holbeche, P. Eng. Walter Veugen PLASTICS - Plastics Industry Association Jeff Linder Dale Bartholomew Deere & Co. Tony Beeth Scott Winter PMA - Precision Metalforming Association James G. Barrett, Jr. PhD David Klotz Euchner Ron Yemmens Jilani Bouchane PMMI, Assoc. of Packaging and Processing Technology Bruce Main, PE, CSP Tom Egan Exponent, Inc. Stephen Andrew, PE, CSM Alex Zelhofer, PhD, PE PSDMA - Presence Sensing Device Manufacturers Association Jim Kirton Mike Carlson FDR – FDR Safety, LLC Mike Taubitz Joe Wolfsberger, CIH & Luke Contos Rockford Systems Brian Boes Matt Brenner Fortress Safety Jenny Tuertscher, FS Eng., B11 LMSS Joshua Hill Rockwell Automation Darin Magnuson, FS Eng Jonathan Barrett, FS Eng GM - General Motors Corporation Mike Douglas Tony Ross Safe-T-Sense Mike Poynter, FS Eng Federico Badillo Honda Development & Manufacturing of America Todd Dickey Doug Titus SMACHA - Sheet Metal & Air Conditioning Justin Crandol, CSP Rick Di Ioli Contractors National Association IDEM Safety Mark Witherspoon Amir Mohtasham SICK, Inc. Chris Soranno, FS Exp. Nate Gose, FS Exp. Komatsu America Industries, LLC George Schreck James Landowski TMMNA - Toyota Motor Manufacturing North America Chip Boertlein Michael Collier, B11 LMSS B11 LMSS™ Why Participate in B11 Standards? DO NOT COPY – DO NOT SHARE Help your organization or clients achieve acceptable risk with feasible risk mitigation Reflect your company’s voice into future standards Gain a deeper understanding of future standards Great networking opportunity with leading safety specialists in a variety of sectors Exceptional cross educational opportunities B11 LMSS™ B11.19 Scope DO NOT COPY – DO NOT SHARE This standard provides performance requirements for the design, construction, installation, operation, and maintenance of the risk reduction measures listed below when applied to machines. inherently safe by design (see clause 7); engineering controls – guards (see clause 8); engineering controls – control functions (see clause 9); engineering controls – devices (see clause 10); administrative controls (see clause 11). This standard does not provide the requirements for the selection of the risk reduction measure for a specific application. B11 LMSS™ Risk Reduction Terminology DO NOT COPY – DO NOT SHARE Risk reduction measure(s) An action or means used to eliminate hazards and/or reduce risks Safeguarding A subset of the more comprehensive term “risk reduction measures” including guards, safeguarding devices, awareness devices, and safeguarding methods Complementary equipment and measures Removed in the current 2019 edition from the previous 2010 standard in order to standardize on risk reduction measures B11 LMSS™ General Requirements DO NOT COPY – DO NOT SHARE Clause 6.1 General requirements for risk reduction measures A risk reduction measure shall not create a hazard in or of itself Risk reduction measures shall not be affected by: Environmental conditions Common cause failures Operation influences Risk reduction measures shall be installed, maintained and adjusted by authorized personnel B11 LMSS™ General Requirements DO NOT COPY – DO NOT SHARE Clause 6.1 More general requirements Inspection, check, test or adjustment shall be carried out regularly according to supplier’s recommendation (this is the subject of the new B11.TR8 document) When a risk reduction measure is removed or circumvented for a task, other risk reduction measures shall be provided When a machine is modified or relocated the risk reduction measures shall be re-evaluated B11 LMSS™ Responsibilities Supplier DO NOT COPY – DO NOT SHARE Clause 4.1 Note: If the user designs, constructs, installs, modifies or reconstructs the risk reduction measures then they are considered a supplier Risk reduction measures Supplier shall make sure that risk reduction measures meet all requirements of this standard Documentation Supply documentation as required for the risk reduction measure(s) including installation requirements, operating instructions, and maintenance requirements B11 LMSS™ Responsibilities Machine User DO NOT COPY – DO NOT SHARE Clause 4.2 Risk Reduction Measures Make sure risk reduction measures are provided, integrated, installed, maintained, and used in accordance with this standard If not supplied with the machine, then use B11.0 to complete a risk assessment and B11.19 and Type C standards to choose risk reduction measures B11 LMSS™ Responsibilities Machine User DO NOT COPY – DO NOT SHARE Clause 4.2 Training All personnel working on or around the machine (e.g., supervisors, operators, maintenance and service personnel) trained in proper use and maintenance of the risk reduction measures within the scope of their work activity Use Changes After any changes to tooling, process or procedure make sure the risk reduction measures continue to meet this standard and the level of risk remains acceptable Any changes to adjustments or configurations should be included in a local change management process and documented B11 LMSS™ Responsibilities Integrator/Modifier/Rebuilder Clause 4.3 DO NOT COPY – DO NOT SHARE Within the scope of their work activity: Identify and Mitigate Responsible for identifying and mitigating sources of hazards Non-standard uses or modifications If they can create additional hazards, use a risk assessment to reduce risks to an acceptable level Consult the original supplier’s recommendations before making any such changes B11 LMSS™ Responsibilities Personnel DO NOT COPY – DO NOT SHARE Clause 4.4 Defeat of risk reduction measures Personnel shall not circumvent, remove or otherwise disable any risk reduction measures (unless as a task identified in the risk assessment) Follow instructions! Personnel must follow all policies, procedures, training and instructions given by the machine user B11 LMSS™ Risk Assessment Process DO NOT COPY – DO NOT SHARE Clause 5 1. Prepare for and Set Limits of the Assessment 2. Identify Tasks and Hazards 3. Assess Initial Risk 4. Reduce Risk 5. Assess Residual Risk 6. Residual No Risk Acceptable? New/Next Hazard Yes 7. Validate Solutions 8. Results/Documentation Assessment Complete B11 LMSS™ What is Risk Reduction? DO NOT COPY – DO NOT SHARE Clause 5 The objective of risk reduction can be achieved by the elimination of hazards, or by separately or simultaneously reducing each of the two elements that determine the associated risk Probability of Severity of occurrence Risk = harm X (Exposure x occurrence x avoidance) Risks can Reducing the potential severity of harm presented by be reduced the hazard by: Improving the possibility of avoiding the harm Reducing the need for access to the hazard zone B11 LMSS™ B11.19 2019 Structure (NEW) DO NOT COPY – DO NOT SHARE B11 LMSS™ Standards Pop Quiz DO NOT COPY – DO NOT SHARE “Risk reduction measures” is a subset of the False term “Safeguarding”? Safeguarding is a subset of the 1 term Risk Reduction Measures When a risk reduction measure is removed for a task, other risk reduction measures True 2 must be provided? When the use of the machine is changed, the False original supplier is responsible for identifying The user or modifier is 3 and mitigating hazards responsible B11 LMSS™ What did you Learn DO NOT COPY – DO NOT SHARE Introduction to B11.19 History and scope Risk reduction measures requirements and responsibilities Supplier, integrator, user and personnel Recap of risk assessment Risk assessment process and the hazard control hierarchy for choosing risk reduction measures B11 LMSS™ DO NOT COPY – DO NOT SHARE Inherently Safe by Design A design measure that reduces risk, which is not susceptible to a malfunction that will increase the risk of harm B11 LMSS™ Learning Objectives DO NOT COPY – DO NOT SHARE Inherently safe design measures B11 LMSS™ Prevention through Design DO NOT COPY – DO NOT SHARE Clause 7.1 Design changes to how a task is performed or the nature of a hazard (shape, force, energy) shall be identified and implemented to reduce risk by eliminating or reducing exposure to a hazard where feasible. Remove a hazard Sharp edges Pinch points Hazardous materials Make the hazard inaccessible Inside a section of machine Elevated or out of reach Reduce energy available or accumulated Also change how/where energy is released Change the task Use automated handling Reroute processes B11 LMSS™ Prevention through Design DO NOT COPY – DO NOT SHARE Clause 7.3 Safe-opening safeguarding method With the workpiece in place, remaining opening must prevent any part of the operator entering the hazard zone Where absence of the workpiece provides access to the hazard the machine must be prevented from cycling For different piece parts the guard, with the opening shall be changed to achieve the permissible opening B11 LMSS™ Prevention through Design DO NOT COPY – DO NOT SHARE Clause 7.4 Safe-location Safeguarding Method Access to hazard zones prevented by ensuring they cannot be reached or enclosing them in a restricted vault or room ≥2.7m (8’8”) B11 LMSS™ Prevention through Design DO NOT COPY – DO NOT SHARE Clause 7.5, 7.6 Minimum gaps to avoid crushing parts of the human body the gap between the crushing surfaces shall be measured at its narrowest point; the minimum gap shall be of sufficient size to prevent harm to the exposed part of the body; where it is reasonably foreseeable that the risk from a crushing hazard involves different parts of the body, the largest dimension of the body shall be used to determine the minimum gap. Maximum gaps to avoid exposure to hazards the gap between the adjacent surfaces shall be measured at its widest point; the maximum gap shall not exceed 6.35 mm (0.25"). B11 LMSS™ Safe by Design Examples DO NOT COPY – DO NOT SHARE B11 LMSS™ Standards Pop Quiz DO NOT COPY – DO NOT SHARE Rerouting processes or hazards away from people is an example of prevention through True 1 design? An interlocked guard is an example of False prevention through design? Interlocks and guards are 2 engineering controls Removing a sharp edge from a machine is an True example of prevention through design? 3 B11 LMSS™ What did you Learn DO NOT COPY – DO NOT SHARE Inherently safe design measures Prevention through design Safe opening and safe location Minimum and maximum gaps to remove hazards B11 LMSS™ DO NOT COPY – DO NOT SHARE Engineering Controls - Guards Self- Fixed Moveable Interlocked Adjustable Partial Perimeter Nip Adjusting B11 LMSS™ Learning Objectives DO NOT COPY – DO NOT SHARE Types of guards and their requirements Safety distances for guard locations B11 LMSS™ Guards General Requirements DO NOT COPY – DO NOT SHARE Clause 8.1 Purpose of guards Prevent or reduce access to the hazard zone Address intended access to the hazard zone Prevent inadvertent contact with the hazard Including keeping hazard contained Other potential exposure modalities Design/install/maintain to protect against: Unauthorized adjustment or circumvention Hazards between the guard and moving machine or tooling parts Environmental and operational influences B11 LMSS™ Guards General Requirements DO NOT COPY – DO NOT SHARE Clause 8.1 Material Sufficient strength to protect from identified hazards and resist environmental factors Ease of use Guards that are burdensome to personnel can discourage proper use Visibility Where viewing of machine operation is required through the guard, materials shall be selected with suitable properties. Location Prevent or reduce access to a hazard zone, or prevent or reduce contact with a hazard Training Hazards, use of guards and residual risks shall be included in training for operators and maintenance personnel B11 LMSS™ Guards Fixed and Moveable DO NOT COPY – DO NOT SHARE Clause 8.2, 8.3 Fixed guards Moveable Guards Install before Moveable part shall operation and be interlocked or occurrence of securely fastened hazards Shall not open Considerations for towards the hazard fasteners Vs. or hazard zone Removable only with a tool Retained/Captive fasteners to avoid loss of parts B11 LMSS™ Guards Interlocked Guards DO NOT COPY – DO NOT SHARE Clause 8.4 Shall not be able to close by itself and allow activation of the interlocking circuitry Spring loaded hinges, interlock blocking, manual reset Closed guard should not cause the re-initiation of the hazard Restarting requires a deliberate action (NFPA 79) Opening the guard shall initiate an immediate stop command Preventing the hazardous situation until the guard is closed The hazard must cease before it can be reached Consider safety distances or guard locking if cessation is not immediate Each guard shall have at least one interlock mounted in positive mode B11 LMSS™ Guards Adjustable and Self Adjusting Guards DO NOT COPY – DO NOT SHARE Clause 8.5, 8.6 Manual adjustment shall be: Easy to do – consider tools or not Properly installed and adjusted before operation and stay in place during operation Done only by qualified personnel Self adjustment shall be: Properly installed and set up before operation and remain during operation B11 LMSS™ Guards Partial Guards DO NOT COPY – DO NOT SHARE Clause 8.7 Partial Guards Partial guards may be fixed, adjustable or interlocked Limit access to the hazard without completely guarding it, used when a full guard is not feasible Shall be properly installed before and remain in position during machine operation and associated hazards B11 LMSS™ Guards Nip Guards DO NOT COPY – DO NOT SHARE Clause 8.9 Nip Guards Nip guards prevent unintended contact with the in running side of a nip Nip guards should cover the entire frontal plane and fill the nip point Make sure placement prevents contact with the hazard but does not create an entrapment hazard itself Annex F gives details on required dimensions of clearances for different body parts B11 LMSS™ Guards Shields and Perimeter Guards DO NOT COPY – DO NOT SHARE Clause 8.10, 8.8 Shields Perimeter guards Keep fluids, chips, Prevent access to swarf and/or noise single or multiple inside to prevent hazards contact by Combination of individuals fixed and moveable guards Minimum height 1400mm (55.12”) Maximum gap at bottom 180mm (7.09”) Whole body access requirements to be considered B11 LMSS™ Guards Which to use? DO NOT COPY – DO NOT SHARE No Is regular access to Yes the safeguarded space required? Is a full, fixed guard feasible Yes No Fixed guard Partial guard (Nip guards, shields, Interlocked guard adjustable, etc.) B11 LMSS™ Guards Gaps and distances DO NOT COPY – DO NOT SHARE Annex E B11 LMSS™ Guards Gaps and distances DO NOT COPY – DO NOT SHARE Annex E Reaching over a protective structure Lower than 1000mm (39.5”) not suitable Lower than 1400mm (55.1”) need additional engineering controls Hazard above 2700mm (106.3”) considered safe-location safeguarding B11 LMSS™ Guards Gaps and distances DO NOT COPY – DO NOT SHARE Annex E Reaching through a protective structure Use smallest dimension out of: Slot, square, round opening width Limitation of movement can reduce access to hazardous zones 5cm / 2” 2cm / 1cm / 0.8” 0.39” B11 LMSS™ Guards Gaps and distances DO NOT COPY – DO NOT SHARE Annex E Reaching under a protective structure Consider as a reach through opening for gaps ≤ 120mm (4.72”) Use table for 120-180mm gaps only Maximum opening under a perimeter guard should not exceed 180mm (7”) B11 LMSS™ Standards Pop Quiz DO NOT COPY – DO NOT SHARE A hinged, moveable guard should always False open inwards towards the hazard Moveable guards should open 1 away from the hazard All required guarding should be in place and correctly adjusted before operation takes True 2 place A shield is used to keep fluids, swarf or chips True inside the safeguarded space 3 B11 LMSS™ What did you Learn DO NOT COPY – DO NOT SHARE Types of guards and their requirements Including fixed, interlocked, partial, adjustable and nip guards Safety distances for guards Consider reaching over, reaching through and reaching under guards when determining required distance from the hazard B11 LMSS™ DO NOT COPY – DO NOT SHARE Engineering Controls – Control Functions Safety functions associated with engineering controls (guards or devices) intended to reduce risk B11 LMSS™ Learning Objectives DO NOT COPY – DO NOT SHARE Safety Functions Safety Distances Suspension/muting of safety functions Whole Body Access Span of Control B11 LMSS™ Control Functions Safety Functions DO NOT COPY – DO NOT SHARE Clause 9.2 When a failure occurs such that it or a subsequent failure would lead to the inability of the safety function(s) to respond to a normal or immediate stop command, the safety function shall: Prevent initiation of the hazardous situation; or Initiate an immediate stop command and prevent re-initiation of the hazardous situation; or Prevent re-initiation of the hazardous situation at the next stop command Until the failure is corrected or until the control system is manually reset Implement procedures that prohibit repetitive manual reset of the system or device Safety function I/O shall be identified in design documentation and tested with logic element as part of the documented validation process B11 LMSS™ Control Functions Software DO NOT COPY – DO NOT SHARE Clause 9.2.3 SRASW = Safety-related application software Sequence and labelling Sequence in a logical order e.g., input, logic, output Label in an understandable manner e.g., function, device, location Safety function blocks Use certified blocks when provided for the safety-related controller Inputs and outputs Use certified I/O when they are part of the safety function Use dedicated safety variables for certified safety I/O Non-safety I/O variables shall not be used as safety variables if their manipulation can compromise the safety function B11 LMSS™ Control Functions Monitoring DO NOT COPY – DO NOT SHARE Clause 9.3 This includes monitoring of safety-related process Annex L5 malfunction, detection, and machinery conditions. Parameters to monitor Where a safety function relies on limit value(s) for any parameter(s), the maximum tolerance(s) for the limit value(s) shall be defined as part of the safety function If conditions are outside established parameters Machine motion or cycles shall be prevented from continuing Continuation of machine motion shall require manual intervention at the operating station Component requirements Monitoring function components shall meet the level of safety performance as determined by the risk assessment B11 LMSS™ Control Functions Monitoring DO NOT COPY – DO NOT SHARE Clause 9.3 Safe Condition (stopping performance) monitoring If performance is outside established parameters: o provide indication of the exceeded parameter(s); and o prevent the initiation of a successive normal machine cycle. Safety distance is then recalculated with new time and engineering controls moved or adjusted Speed monitoring requirements: monitoring of the drive motor shall only be used when de- coupling of a directly driven load can be reasonably excluded; monitoring the load side shall be used on belt or chain driven loads. B11 LMSS™ Control Functions Stop Categories DO NOT COPY – DO NOT SHARE Clause 9.4 0 Uncontrolled stop by immediately removing power to machine actuators 1 Controlled stop with power to machine actuators available then power removed when stop is achieved 2 Controlled stop with power left available to the machine actuators B11 LMSS™ Control Functions Stop Types DO NOT COPY – DO NOT SHARE Clause 9.4 Normal Stop Emergency Stop Protective Stop Definition The stopping of a The stopping of a The stopping of a machine, initiated by machine, manually machine initiated by an the control system, at initiated, for emergency engineering control the completion of a purposes device for risk reduction cycle purposes Initiation of stop signal Manual or automatic Manual Only Manual or Automatic Stop Category 0, 1 or 2 0 or 1 0, 1 or 2 Circuit performance Typically N/A Minimum single Typically control (Non safety-rated) channel, higher if reliable, dependent on required by risk risk assessment assessment B11 LMSS™ Control Functions Emergency Stop DO NOT COPY – DO NOT SHARE Clause 9.4.2 The stopping of a machine, manually initiated, for emergency purposes. Emergency Stop Function: Category 0 or 1 stop only De-energize relevant circuit and override the related start functions. Machine actuators shall have a holding or braking function if Cat 0 or 1 stop results in uncontrolled motion or hazards Machine cannot be restarted until all emergency stop devices and functions have been reset (NFPA 79, ISO 13850) B11 LMSS™ Control Functions Emergency Stop DO NOT COPY – DO NOT SHARE Clause 9.4.2 The emergency stop function shall: override all other functions and operations not impair other risk reduction measures (e.g., release of trapped individuals, fire suppression) remove power to the machine actuators, which cause a hazardous situation, as quickly as possible without creating other hazards Be sustained until it is reset Reset of an emergency stop shall: Be a safety-related manual reset function if the device does not have a latching function Not initiate a restart of a hazardous situation Be possible only at that location where the command has been initiated. The reset of the command shall not restart the machinery but only permit restarting. B11 LMSS™ Control Functions Protective Stop DO NOT COPY – DO NOT SHARE Clause 9.4.3 The stopping of a machine initiated by an engineering controls – device for risk reduction purposes. Initiation and reset Can be initiated automatically or manually Must issue stop command to all hazards in span of control Can be reset automatically or manually (a reset does not start or restart the machine) Cessation or reset of a protective stop shall not initiate hazardous motion(s) except under specifically controlled design conditions (e.g., PSDI) Relation to Emergency Stop Usually a separate function to emergency stop Performance of a protective stop circuit shall not be reduced when combined with a circuit of lower safety performance If a category 2 stop then cannot be combined in the same circuit as an emergency stop Restart of machine function Once the stop condition is removed, the use of normal machine initiation (e.g., operator controls) to start or initiate a machine operation shall be required B11 LMSS™ Control Functions Safety-related Reset DO NOT COPY – DO NOT SHARE Clause 9.5 Reset is not a restart, it allows the machine control to accept a separate start command, only once all safety functions in the span of control are in the safe state. Without additional manual operation(s), reset shall not: restart the machine or equipment; initiate a hazardous situation. Automatic reset Only for situations with continuous presence detection Manual Reset Requires intentional human action Location of manual reset devices: Pic: multiple resets? All areas of the safeguarded space must be visible – or use multiple devices, mirrors, cameras, etc. Final (or only) reset device must be outside the safeguarded space – and not reachable from inside! B11 LMSS™ Standards Pop Quiz DO NOT COPY – DO NOT SHARE An Emergency stop can be a False 1 category 0, 1 or 2 stop? It can only be Category 0 or 1 Safety function I/O shall be True 2 included in design documentation? When available certified safety True 3 software blocks shall be used? B11 LMSS™ Control Functions Safety distance DO NOT COPY – DO NOT SHARE Clause 9.6 Engineering controls shall be located at a distance from any associated hazard(s) within the span of control such that individuals will not be exposed to a hazard(s) Correct calculation and implementation of a safety distance will: Make sure a guard is effective Avoid reaching or gaining access over/under/around/through a guard Make sure a safe state is achieved before the hazard is reached This must be monitored either automatically (safe condition monitoring) or periodically depending on risk assessment Procedure, information and calculations to determine safety distance shall be documented. B11 LMSS™ Control Functions Safety distance DO NOT COPY – DO NOT SHARE Clause 9.6 Annex E - Reaching Distance Considerations for Protective Structures Annex I - Reaching Distance Considerations for Engineering Controls B11 LMSS™ Control Functions Safety distance DO NOT COPY – DO NOT SHARE Clause 9.6 Annex H – Safety Distance Calculations for Engineering Controls – Devices Safety Distance D = = ( Approach Speed K X X Time for Hazard to achieve safe condition T ) + Reaching + + Distance dds + Supplemental Distance Factors Z Safety distance (D) = (Approach speed of the individual (K) × the total time for a hazard to achieve a safe condition (T)) + reaching distance associated with devices (dds) + supplemental distance factors (Z) Devices that require location at a safety distance include, but are not limited to: interlocked guards (see also, 8.4 and 10.2) or movable barrier devices (see also, 10.5); electro-optical presence-sensing devices (see also, 10.7.2, 10.7.3, 10.7.4 and 10.7.5); safety mat devices (see also, 10.7.6); safety edge / bumper devices (see also, 10.7.7); RF presence-sensing devices (see also, 10.7.9); two-hand actuating controls (see also,10.8); single actuating controls (see also, 10.9). B11 LMSS™ Control Functions Safety distance DO NOT COPY – DO NOT SHARE Clause 9.6 Annex I - Reaching Distance Considerations for Engineering Controls 550 800 D = ( K x T )+ dds + Z 1350 = ( 1600 x 0.5 )+ 550 + 0 Workings Approach Speed 1.6m/s (See Annex H, H.3) Stopping time 0.5 Seconds Reach 550mm (See Annex I, I.6) B11 LMSS™ Control Functions Safety distance DO NOT COPY – DO NOT SHARE Clause 9.6 Annex I - Reaching Distance Considerations for Engineering Controls 550 3200 D = ( K x T )+ dds + Z 3750 = ( 1600 x 2 )+ 550 + 0 Workings Approach Speed 1.6m/s (See Annex H, H.3) Stopping time 2 Seconds Reach 550mm (See Annex I, I.6) B11 LMSS™ Control Functions Safety distance DO NOT COPY – DO NOT SHARE Clause 9.6 Stopping time of Safety distance (with machine: 550mm reach, dds) 0.5s 1.35m (53”) 1s 2.15m (85”) 2s 3.75m (12’ 3”) 5s 8.55m (28’) 10s 16.55m (54’ 4”) B11 LMSS™ Control Functions Suspension of Safety Function DO NOT COPY – DO NOT SHARE Suspension - When the function of one or more engineering controls or safety Clause 9.7 functions are disabled or rendered ineffective in order to perform a task Manual Automatic suspension Suspension Bypassing Muting A suspension that is actuated or The automatic temporary suspension of a safety selected by an individual that disables function(s) or renders ineffective, one or more safety function(s) Safety-related sensing field switching Selection/deselection of active safety-related sensing field(s) of or between one or more presence sensing devices Blanking Rendering a portion of the safety-related sensing field of a presence sensing device ineffective without issuing a stop command B11 LMSS™ Control Functions Suspension of Safety Function DO NOT COPY – DO NOT SHARE Clause 9.7 Manual Suspension (Bypassing) Other risk reduction measures must be provided and used Emergency stop functions shall remain active at all times Manual suspension must meet or exceed the safety performance level of the suspended safety function The means to bypass should be supervised (e.g., need a key, tool or password) Indication should be provided when the suspension is active B11 LMSS™ Control Functions Suspension of Safety Function DO NOT COPY – DO NOT SHARE Automatic Suspension: Muting Clause 9.7 Muting of a safety function(s) permitted when individuals are not exposed to the hazard the hazard(s) within the span of control cannot be accessed or otherwise protected Possibility of an individual entering with the material has been considered Common cause failures, power interruption and environmental conditions can not initiate a mute condition Muting not permitted if: Whole body An individual can pass through the detection plane access! unless: Additional risk reduction measures are in place The engineering control has a manual reset B11 LMSS™ Control Functions Suspension of Safety Function 9 DO NOT COPY – DO NOT SHARE Automatic Suspension: Muting Clause 9.7 Requirements Emergency stop functions must remain active Muting function shall be monitored by the SRP/CS and at the same safety performance or higher than the safety function Single fault must not initiate or extend muting, if one or more faults can initiate a mute, a protective stop shall be initiated A single source initiating or continuing the mute condition must comply with the safety performance requirements If two independent sources, only one can pass through a non-safety logic controller Installation, maintenance and adjustment of means to initiate or continue a mute shall only be by authorized personnel Indication of the mute condition may be required in Type C standards and should be considered B11 LMSS™ Control Functions Variable Sensing Functions DO NOT COPY – DO NOT SHARE Clause 9.8 Safety-related sensing field switching B11 LMSS™ Control Functions Variable Sensing Functions DO NOT COPY – DO NOT SHARE Clause 9.8 Automatic Suspension: Safety-related sensing field switching Switching the active safety-related sensing fields of presence sensing devices permitted when individuals are not exposed to the hazard the hazard(s) within the deselected zone cannot be accessed or is otherwise protected Possibility of an individual entering with the material has been considered Common cause failures, power interruption and environmental conditions can not switch the safety-related sensing field Me Switching safety-related sensing fields not permitted if: Whole again! body An individual can pass through the detection plane access! unless: Additional risk reduction measures are in place The engineering control has a manual reset B11 LMSS™ Control Functions Variable Sensing Functions DO NOT COPY – DO NOT SHARE Clause 9.8 Automatic Suspension: Safety-related sensing field switching Requirements Emergency Stop functions remain active at all times Safety-related switching fields monitored by SRP/CS and at the same safety performance or higher than the safety function Single fault must not lead to unintended switching from one safety-related field to another One or more faults preventing change from one safety-related sensing field to another must initiate a protective stop A single source initiating the switching condition must comply with the safety performance requirements If two independent sources, only one can pass through a non-safety logic controller Installation, maintenance and adjustment of means to initiate or continue a mute shall only be by authorized personnel Indication of the active sensing field may be required in Type C standards and should be considered B11 LMSS™ Control Functions Variable Sensing Functions DO NOT COPY – DO NOT SHARE Clause 9.8 Automatic Suspension: Safety-related sensing field switching Further requirements Devices used for switching must not be used for delay or other timing functions If the hazard zone changes due to machine function any associated safety-related sensing field shall be switched before the machine function can occur If switching is initiated by a machine function, where the hazard travels from one zone to another, the associated safety-rated sensing field(s) shall: a) be selected before machine motion can occur; b) have selected both the safety-related sensing field to be deselected as well as the safety-related sensing field just selected (or a new combined safety-related sensing field) during the machine motion; c) have both safety-related sensing fields (or a new combined safety- related sensing field) be selected until the previous zone is no longer hazardous;. d) not allow access to either hazard zone during the machine motion; and e) initiate a stop if the safety-related sensing field selection sequence E.g bottom half of light curtain could be switched when full pallet cannot be correctly executed. passes through B11 LMSS™ Control Functions Variable Sensing Functions DO NOT COPY – DO NOT SHARE Clause 9.8 Allows materials of a certain size to pass through the sensing field without initiating a stop function Safety-related sensing field blanking Permitted when individuals not exposed to the hazard When the sensing field is not completely filled by Blanking changes the de to allow larger materials workpiece, guards or protective structures, the effective to pass through undetected, this allows a longer detection capability (de) shall be used to determine the reach through so the safety distance will increase safety distance of the sensing field Indication that the sensing field is being blanked shall be given Automatic switching of the blanked area must comply with applicable requirements of safety-related sensing field switching The desensitized areas does not For fixed blanking the blanked area shall be identified move or change once configured For floating blanking the effective detection capability shall be configured to the smallest area that allows for the The blanked area can move blanked object to be reliably ignored within the sensing field B11 LMSS™ Control Functions Presence-Sensing Device Initiation DO NOT COPY – DO NOT SHARE Clause 9.9 Can only be used to initiate a single machine cycle for normal production operation on machines which can be stopped anywhere in the cycle Requirements: Minimum object sensitivity 1000 possible variations) B11 LMSS™ Engineering Controls Interlock Devices DO NOT COPY – DO NOT SHARE Clause 10.2 Type 3 – Non-contact actuated device with un-coded actuator Actuated by an object, metal or magnet in a defined proximity to the switch Type 4 – Non-contact actuated device with a coded actuator Switch and actuator mounted separately. Output signal when actuator is within proximity of switch Actuator coding ranges from low (same actuator for all switches) to high (>1000 possible codes) B11 LMSS™ Interlock Devices Guard Locking DO NOT COPY – DO NOT SHARE Clause 10.2 Guard locking devices, when used, shall prevent access to the hazard until the command has been initiated to release the locking element Examples to generate an unlock signal: Zero speed switch Safe condition monitoring Signal from safe stop/drive control Timer Time should be based on Total Time, T, from safety distance calculations B11 LMSS™ Interlock Devices Guard Locking DO NOT COPY – DO NOT SHARE Clause 10.2 Figure from ISO 14119 Overall system stopping performance: Time from stop command to termination of hazardous machine function Access time Time taken by a person to reach the hazard zone after initiation of the stop command B11 LMSS™ Interlock Devices Guard Locking DO NOT COPY – DO NOT SHARE Clause 10.2 Power-to-release Loss of power would prevent opening of guards Emergency or auxiliary release method may be required to manually gain entry in the Reminder – if whole event of power loss body access is possible then consider escape release and inhibit Power-to-lock functions! Loss of power allows immediate entry May not be suitable if hazard is not immediately eliminated with loss of power B11 LMSS™ Engineering Controls Interlock Devices DO NOT COPY – DO NOT SHARE Clause 10.2 Fault Masking When interlock devices are wired in series, the detection of a single fault can be masked by the actuation of any interlock device in series with a defective interlock device Foreseeable that during fault finding by the operator, one of the guards whose interlock devices are logically connected in series with the defective interlock device will be actuated, masking the fault ISO/TR 24119 Safety of machinery — Evaluation of fault masking serial connection of interlocking devices associated with guards with potential free contacts B11 LMSS™ Interlock Devices Trapped Key Systems DO NOT COPY – DO NOT SHARE Clause 10.3 Trapped Key Interlocking utilizes locks and keys for 1 control of equipment. Power to the machine is controlled by 1 turning the key in the switch Key is released and inserted into the door 2 module 3 Gate opens and key is trapped 3 When the gate is open, the power cannot be turned on – the key is trapped in the door module. 2 When the power is on, the gate cannot be opened – the key is trapped in the key switch and the gate is locked closed. B11 LMSS™ Interlock Devices Trapped Key Systems DO NOT COPY – DO NOT SHARE Clause 10.3 Gate Switches (Type 2 devices) v Trapped Key systems (Type 5) 3 ISO/DIS 14119 B11 LMSS™ Interlock Devices Trapped Key Systems DO NOT COPY – DO NOT SHARE Clause 10.3 How trapped key systems work. Removal releases guard actuator Can’t lock the guard closed until personnel (safety) key(s) returned Personnel (safety) keys do not prevent unauthorized or inadvertent resets if the key is not removed or if Trapped by the lock extra personnel enter Can’t be released until the without a personnel key guard is closed and personnel (safety) key(s) returned B11 LMSS™ Trapped Key Systems Trapped Key Devices DO NOT COPY – DO NOT SHARE Clause 10.3 Incorporate monitoring Control of hazardous and control Key exchange Time delay units energy – electrical or functionality fluid B11 LMSS™ Trapped Key Systems Design DO NOT COPY – DO NOT SHARE Clause 10.3 When controlling hazardous energy: Do not rely on springs – force open normally closed dual contacts Electrically interlocked guard: Initiate a protective stop when guard is unlocked Safe position has normally closed contacts, forced open when lock not in “safe” position Trapped key system installation: Shall be securely mounted so their physical position cannot shift B11 LMSS™ Trapped Key Systems Keys/Locks Requirements Clause 10.3 DO NOT COPY – DO NOT SHARE Keys shall be difficult to reproduce Duplicate keys only if the same function is repeated at multiple locations Coding must be controlled and designed to prevent a key from one application from altering the status of another Master keys must be controlled and supervised They should be locked and a written procedure of when and how they may be used, including procurement of replacements for lost keys Providing a safety key for each individual entering should be considered for whole body access applications B11 LMSS™ Interlock Devices Interlock Blocking DO NOT COPY – DO NOT SHARE Clause 10.4 Lock a guard interlock device in the open position – thereby preventing reset of the safety-related circuit Each individual should have their own means of control that only they can remove – e.g., a padlock Must not be possible to lock the guard into a closed position Interlock blocking devices are not lockout B11 LMSS™ Engineering Controls Interlock Devices DO NOT COPY – DO NOT SHARE Location of controls Control panel or At opening isolation point Open guard immediately? Trapped Key Interlocking + Mechanical devices easy to install and No retrofit Yes + Complex sequences without programming + Can be incorporated with energy isolation Interlock (Gate switch) Interlock with guard locking (e.g., LOTO) procedures + Stop command as gate opens + Gate held locked until safe + Quick and easy access + Request to enter and - Necessary to travel from control panel to additional control from gate gate - Wiring to gate - No control functions at the gate - Gate can be opened at any - Wiring to gate - Escape release not possible without time - Programming required wiring B11 LMSS™ Standards Pop Quiz DO NOT COPY – DO NOT SHARE Interlocks shall be maintained True 1 to ensure proper operation Using a padlock on an False interlock is Lockout Tagout LOTO is physical separation of 2 source from where used Non-contact interlocks can be True 3 coded or uncoded B11 LMSS™ Movable Barrier & Pull Back (out) DO NOT COPY – DO NOT SHARE & hold out (restraint) Devices Movable Barrier Type A Encloses the hazard zone prior to the start of the hazardous Clause 10.6 portion of the machine cycle, and shall be held closed until the machine has ceased motion and is at its initial starting position or other safe condition Movable Barrier Type B Encloses the hazard zone prior to the start of the hazardous portion of the machine cycle and shall be held closed until completion of the hazardous portion of the machine cycle. Pull back (pull out) and hold out (restraint) devices The pull back device shall be designed to protect the machine operator by keeping the operator's hands out of the hazard zone(s) during the hazardous portion of the machine cycle. The hold out device shall protect the operator by holding the operator's hands away from the hazard zone(s) at all times. B11 LMSS™ Presence-Sensing Devices DO NOT COPY – DO NOT SHARE Clause 10.7 Benefits of Presence Sensing Devices Benefits Fast & Frequent Access Improved visibility for personnel Flexibility Whole Body Access (Light Scanners/mats) Where workpieces enter and depart the safeguarded space Provide "warning zones" Limitations Ejected material not contained Long safety distance/run down times require large areas Large and complex areas are difficult to guarantee detection Environmental limitations (dust, ambient light, etc.) Doesn’t protect against thermal and radiation hazards B11 LMSS™ Presence-Sensing Devices DO NOT COPY – DO NOT SHARE Clause 10.7 Light Curtains, Single/Multiple Beam Devices, Area Scanners, Vision-Based Protective Devices, Safety Mats and Edges General considerations for installation of presence sensing devices Make sure individuals cannot reach the hazard zone(s) by reaching over, under, around or through the effective sensing field of the device before a safe condition is achieved Minimum safety distance is always >100mm Make sure it is not possible to climb around sensing field If possible to pass through the field consider whole body access Make sure reflective surfaces/objects and ambient light do not interfere or alter the response time or sensitivity Consider and minimize incentive and means to defeat the devices B11 LMSS™ Presence-Sensing Devices DO NOT COPY – DO NOT SHARE Clause 10.7 Light Curtains, Single/Multiple Beam Devices, Area Scanners, Vision-Based Protective Devices, Safety Mats and Edges General requirements for use of presence sensing devices Devices shall initiate a protective stop if an individual is detected during the hazard portion of the machine cycle Devices shall have a visual means to indicate individual detection Manual reset required if an individual can pass through the sensing field Functional check required prior to machine use for production purposes Reset must comply with the safety-related reset requirements B11 LMSS™ Presence Sensing Devices DO NOT COPY – DO NOT SHARE Clause 10.7 Requirements for Light curtains and single/multiple beam Devices Reflective surfaces must not make detection ineffective Minimum detection capability to be stated by manufacturer Perpendicular approach (e.g., vertical light curtain) de ≤ 64mm (2.52”) for finger or hand 64mm < de ≤ 600mm (23.62”) for arm/body Parallel approach (e.g., horizontal light curtain) de ≤117mm (4.61”) for torso detection Single beam devices usually need additional engineering controls to reliably sense presence of an individual Make sure not affected by ambient light or changes to light source B11 LMSS™ Presence Sensing Devices Light and vision devices DO NOT COPY – DO NOT SHARE Type 2 Type 4 A simple optical safety device Offer highest level of safety Safety function is monitored Safety function is continuously periodically monitored Faults can develop between tests. Shorter response time.. …. Available for hand and body Available for finger, hand and body detection detection Maximum allowed scattering angle Maximum allowed scattering angle is ±5˚ is ±2.5˚ Used in Category 2/PLc Used in Category 4/Ple applications applications B11 LMSS™ Presence Sensing Devices DO NOT COPY – DO NOT SHARE Clause 10.7 Area Scanning and Vision-Based Devices Information to be provided by the manufacturer: Maximum detection zone range Minimum object sensitivity Maximum field of view Tolerance in range measurement Detection capabilities with respect to the reflectivity of the object vs the distance to the object Must provide means to verify size, shape and detection capabilities of the detection area or zone Reflective surfaces shall not render the detection capability ineffective Use the total tolerance in the range measurement to determine distance from the nearest recognized hazard, test and verify that the device is able to detect individuals entering the detection area In vertical mode for Whole Body Access devices must be installed, maintained and adjusted by authorized personnel to prevent unauthorized changes B11 LMSS™ Presence Sensing Devices DO NOT COPY – DO NOT SHARE Clause 10.7 Area Scanning Devices and Vision-based Devices Minimum detection capability de Perpendicular approach (e.g., vertical light curtain) de ≤ 64mm (2.52”) for finger or hand 64mm < de ≤ 600mm (23.62”) for arm/body Parallel approach (e.g., horizontal light curtain) de ≤117mm (4.61”) for torso detection Distance between reference plane and the bottom edge of a presence sensing device (Hdb) a) Perpendicular approach ≤ 300 mm 11.81”) b) Parallel approach ≤ 1000 mm (39.37”) > 0 mm B11 LMSS™ Presence Sensing Devices Light and vision devices DO NOT COPY – DO NOT SHARE Safety Distance Safety Distance D = = ( Approach Speed K X X Time for Hazard