The last time Ron Bocian visited a manufacturer’s facility to investigate a safety incident involving an Urschel slicer, he found that someone had miswired the machine so that it didn’t provide the level of protection required. It certainly wasn’t the first time something like that had happened.
Bocian, the electrical engineer and risk manager at Urschel Laboratories, a Chesterton, Ind.-based OEM of food cutting technology, knows you can design a machine that is as safe as it can possibly be, but there will always be the fear of the unknown. It’s what Bocian calls reasonable foreseeable misuse. “What’s an operator going to do to get injured that you couldn’t foresee them doing?” he asks.
Urschel has been making slicers and dicers since the 1950s, so the company has an in-depth understanding of how operators will use the product and, therefore, how to safeguard it. But as end users ask for more machine flexibility to deal with changing consumer demands, and as Industry 4.0 initiatives connect more equipment, robots, and devices—thereby creating more moving parts on the manufacturing floor—there are new, unexpected safety risks.
“When someone reinvents the wheel, you don’t know what to expect and how people will misuse the product,” Bocian says.
Making a machine safe is a priority for OEMs and manufacturers alike, as they want to protect employees and they need to comply with the safety regulations of the Occupational Safety and Health Administration (OSHA). But safety measures have not always been executed well because safety is not always easy.
“Safety can be intimidating because the technology can be complicated and challenging to commission, operate, and troubleshoot,” says John Klesk, senior technical marketing manager for safety at Banner Engineering.
And technical troubles aren’t the only cause of safety snafus, of course. The people involved in the process often contribute as well.
“Many machine builders and manufacturers are struggling with the mental hurdle—the mental hurdle being [the assumption] that safety applied to a manufacturing process has the outcome of reducing the efficiency or productivity of the process,” says George Schuster, TÜV-certified functional safety expert and certified functional safety engineer for Rockwell Automation. “That is something that I think is ingrained in manufacturing. It was for me in my manufacturing experience. [I thought] the more safety [that was] put on something, the more downtime and less productivity I’d have. But I learned as a system designer that it is absolutely untrue. Like any tool, it is how you use it and how well it is integrated into the control system and the processes that make the difference.”
Safety steps
Once they’ve overcome that mental hurdle, manufacturers must identify where to start implementing safety technology on machines. In an effort to demystify what can be a confusing endeavor, industry experts recommend starting with a risk assessment comprised of multiple steps: identifying hazards, assessing the risk, reducing risk to an acceptable level, documenting the results, and following up to ensure the machine does what it’s supposed to do.
“Risk assessment is paramount,” says Zachary Stank, associate product marketing manager, safety and light, at Phoenix Contact USA. “You have to know what you are protecting in order to protect it.”
In addition, a risk assessment adds some order to the process. Without it, Stank says, “you are going in blind and you’ll miss something or you’ll overprotect the machine, spend way too much [on it], and price yourself out of the competition.”
This risk mitigation is not just an exercise to understand what safety technology to apply to the machine, it is also a way to address the application and the industry regulations. For example, if a machine is to be used in the food industry, there are hygiene requirements to consider.
“Unfortunately, food safety is contradictory to machine safety,” Urschel’s Bocian says. “Machine safety is about adding interlocks that are creating crevices for bacteria to harbor. They are two competing safety issues. It’s a balancing act.”
On top of that, there are many safety standards and equipment requirements that can leave even savvy machine builders scratching their heads. For example, a robot integrated as part of a packaging machine used in a manufacturing facility will have to follow at least nine standards from the International Organization for Standardization (ISO), the American National Standards Institute (ANSI) and the National Fire Protection Association (NFPA) (see “Complying With the Many Safety Standards,” below).
Keeping up with these ever-evolving standards—which are refreshed every five years to keep up with technology changes and data requirements—can be a challenge. In addition, despite the harmonizing efforts underway to align ANSI, ISO, and the International Electrotechnical Commission (IEC), an OEM selling equipment in other countries could encounter additional legal requirements.
“You have to consider the difference between standards and regulations,” explains Fred Hayes, director of technical services at PMMI, the Association for Packaging and Processing Technologies. “In the U.S., there is no regulation that tells an OEM how to build a machine. In Europe, there’s a different attitude. They have a machinery directive that tells builders what they must comply with to meet the law.”
But even when everything is done in compliance, there’s still the issue of operator error, which is uncontrollable. In fact, an ANSI standard states “there is no such thing as being absolutely safe, that is, a complete absence of risk. Therefore, there is no machinery that is absolutely safe in the sense of being completely devoid of all conceivable risks.”
And when something happens, who is liable? “In the U.S., the machine owner is responsible for the safety of the machine from a pure OSHA standpoint,” Phoenix Contact’s Stank says, explaining that, once a manufacturer buys the machine, they are responsible for keeping it safe. “But from a civil standpoint, lawyers can go after whoever they want.” That includes the machine builder.
But the standards and the regulations are just one piece of the puzzle, as they are only providing direction for compliance. The second important tool is the technology, Rockwell’s Schuster says. This includes things such as safety programmable logic controllers (PLCs), drives, servos, and light screens. “Standards by themselves don’t make a safe system,” he says. “Components by themselves don’t make a safe system. They need to be considered together and in the context of the safety plan.”
Before building an Urschel machine, a team of engineers conducts a risk assessment to understand how it will be used by the manufacturer, and the required safety measures.
An integrated effort
Traditionally, safety has been treated separately from the machine controller, the most basic form of safety being hardwired safety relays. But today, with faster, more reliable networks and more processing power, technology suppliers are integrating safety directly into the main PLC.
“In the past, safety has been done with separate controllers,” says Robert Miller, senior PLC/HMI product marketing manager at Mitsubishi Electric Automation. “Now, with safety being so much a part of machine building, it is starting to be integrated directly into the controller.”
Plus, having one software package to program and troubleshoot makes it easier to monitor and maintain the system. Mitsubishi’s Melsec iQ-R controller has safety built-in, as do the company’s servos, variable-frequency drives (VFDs), and robots. “Building all products to have safety integrated in takes out the complex programming, extra wiring, and extra requirements that safety in the past needed,” Miller says.
Similarly, Beckhoff Automation’s TwinSafe integrated safety technology, including I/O terminals and software, can transfer safe and non-safe data in the same frame on the EtherCAT network. The safety-relevant application is configured with Beckhoff’s TwinCAT software to be transmitted over the bus system to a TwinSAFE logic terminal where the program runs. When data passes through the terminals, only the safety terminals pick up on the safety data. “You don’t have to have a separate safety network,” says Sree Swarna Gutta, I/O product manager for Beckhoff USA. “And you don’t have to worry about two control panels and controller and trying to communicate data for safe and standard PLCs.”
The overall goal is to make safety easy and intuitive. For example, Banner’s SC10 safety controller provides the intelligence of a safety controller in a compact, cost-effective device that replaces the functionality of two safety relays. The SC10 uses an icon-based drag-and-drop user interface that allows users to quickly simulate configurations and ensure functionality prior to implementation. “The software also automatically generates wiring diagrams for rapid commissioning,” Klesk says. “Configurations can be saved to a memory card for quick replication across multiple machines without requiring a PC.”
The SC10 Safety Controller from Banner Engineering combines the functionality of two relays with the smarts of a safety controller for an intuitive, cost-effective solution for smaller machines.
Safety by design
On its machines, Urschel uses IDEM safety switches, Rockwell’s Allen-Bradley guard locking switches, and non-contact switches and safety relays from Pepperl+Fuchs, IDEM, and Pilz.
When designing a machine, Bocian applies the ISO 13849 standard that provides guidance on the principles for the design and integration of safety-related parts as it pertains to the circuitry and the control system. His next step in the safety-by-design process is to research standards that meet the category 3 performance level D.
Safety categories range from 1 to 4, with four representing the highest level of safety achieved by the safety function. Categories are about architecture or how the components are put together for a safety function. The performance level (PL), on the other hand, is a technology-neutral concept that can be used for electrical, mechanical, pneumatic, and hydraulic safety. PL is used as a measure of the reliability of the components that make up a safety function and is divided into five levels, A through E, with E giving the best reliability, making it required at the highest level of risk.
“There is a lot of confusion around these designations,” notes PMMI’s Hayes. “A lot of OEMs and end users spend time and money to come up with a control system solution that performs at category 3, level D. But then, I say, look past the end of the wire, because past that, the control system will control a brake on a shaft, which will never be better than category 2.”
The devil is in the details, Hayes says, and that requires that a machine builder use a risk assessment process—even before quoting a job. “First an OEM must understand what a customer wants and how the machine will be used in order to figure out hazards and define safety functions.”
Urschel always conducts a risk assessment before building, Bocian says. The engineering group will analyze safeguarding aspects and, after the first prototype is built, they will assemble a team to test the system and go through a formal risk assessment using designsafe software from Design Safety Engineering, a software and engineering services company that helps OEMs improve the safety of their equipment.
Designsafe is a tool that walks the user through the process by identifying hazards and then assessing and reducing risk. It identifies who the users are and comes up with built-in checklists. Following that step, the software looks at operator tasks and then the hazards associated with specific tasks from mechanical, electrical to ergonomics, material handling, environmental and more. As builders work through the task list, they can assess the severity of each hazard and how to reduce the risk.
“The software doesn’t tell you what to think, but it helps you on what to think about,” says Bruce Main, president of Design Safety Engineering.
Assessing the situation
The safety assessment shouldn’t stop once the machine is built. That’s why Rockwell Automation offers a Safety Maturity Index (SMI) for end users and machine builders. This self-guided online assessment tool measures performance as it relates to culture (behavior), compliance (procedure), and capital (investment in contemporary technology). These measurements can help minimize costs, as well as enhance legal compliance, operator safety, and customer value—which not only optimizes machine design, but can help differentiate machines from the competition, especially with regard to safety and the connected enterprise via the Industrial Internet of Things (IIoT).
“The network investment that customers have made over the last couple of decades—putting in industrial Ethernet, for example—provides a pipeline for data flow,” says Rockwell Automation’s Schuster. “Now you can have access to data and have analytic tools to make sense of it.”
For example, an operator in the plant might have found a better way to perform a task that was never anticipated and that could improve productivity. Alternatively, the misuse of a safety system on the plant floor might be a compliance issue. Collecting information from the machines allows a broader assessment of the situation as it relates to safety functions. Learning that a door is being accessed 40 times per shift when it was only designed for access four times per shift, for example, could indicate that someone is using that door for something they are not supposed to. This might represent a compliance issue, or an opportunity for continuous improvement.
And, while the connectivity and analytics associated with IIoT and Industry 4.0 initiatives might alter the safety processes in place, ultimately, they are providing the kind of diagnostics that will create a safer environment.
“Safety is emerging as a perfectly crafted application space where the connected enterprise or Industry 4.0 can bring people real value,” Schuster says.