Risk assessment and risk reduction of machines

Figure 1: Detailed view of the risk assessment mask in Safexpert
 

Identifying hazards

The hazards list according to Annex B of EN ISO 12100 (1), which is supplied with Safexpert, helps to identify hazards. It indicates where on the machine (2) a hazard or hazard event occurs and in which phase of the machinery life (3). Finally, a clear description of the hazard is provided in the ‘Hazard description’ field (4).

Safexpert offers the option of defining the phases of the machinery life and hazard zones in advance:

Figure 2: Define the phases of the machinery life and/or hazard zones in advance
 

Risk reduction measures

Once a hazard has been identified, the most important task is to find the most cost-effective yet legally compliant solutions for risk reduction using the latest technology for each individual hazard identified.

Harmonised European standards provide particularly useful input here. In addition to the usual research options, Safexpert offers special cross-references to important sections of standards and guidelines or regulations for each individual hazard, which can help in finding solutions (5).
The ‘Measures’ section (6) describes the individual solutions for risk reduction. The measure type, the risk before and after the measure taken and other useful details can be stored here for each measure:
 

Measure type

On the basis of the measure type, it is possible to filter out all the information for the operating instructions from the entire risk assessment, for example. This supports the technical editors in describing residual hazards in the operating instructions.

Likewise, it is possible, for example, to display only those hazards whose safety-related solutions depend on a control system.

Figure 3: Risk estimation before and after a risk reduction measure

The colour coding of the input risk is based on EN IEC/IEEE 82079-1 - Preparation of information for use (instructions for use) of products - Part 1: Principles and general requirements. As required by EN IEC/IEEE 82079-1, there are four different signal words to choose from:

• Note
• Caution
• Warning
• Danger

A signal word is automatically assigned according to the risk assessment. When creating information for use, the selected signal word can thus be directly adopted into the operating instructions.

In addition to selecting signal words, risk assessment is useful in any case when the subsequent measure depends on a control. In this case, Safexpert offers the option of evaluating the required performance level according to EN ISO 13849-1 and/or the required SIL according to EN IEC 62061:

Figure 4: Determining the required performance level and the interface for designing the control system

Figure 5: Determining the required SIL and defining the achieved SIL

The values previously defined in the risk assessment, if applicable, are automatically adopted as a suggestion for determining the required performance level or SIL.
 

Interface with SISTEMA

Various software tools are available on the market for the safety-related design of control systems. For example, the Institute for Occupational Safety and Health (IFA) offers the free SISTEMA tool for design in accordance with EN ISO 13849-1.

Safexpert has an interface to SISTEMA. When the ‘Calculate PL’ button shown in Figure 4 is clicked, a project is automatically created in SISTEMA, already available project data is transferred and SISTEMA is opened. The safety function is designed in SISTEMA. When the project is saved and closed in SISTEMA, the value for the achieved performance level is transferred to Safexpert. The evaluation of whether the achieved PL is sufficient is done in Safexpert.

The SISTEMA data is stored in the Safexpert database so that this data is also available when the project is exported and the project is imported into another system.

Figure 6: Transfer of residual hazards from the risk assessment to the operating instructions

In the ‘Instructions-Assistant’ tab, the structure of an operating instructions template is read in from Word, as are the bookmarks defined in the template. A sample operating instructions template is supplied with Safexpert, but you can also create your own templates.

The text of the risk reduction measure can now be assigned to a specific bookmark.

When the risk assessment and risk reduction are complete, the operating instructions can be generated based on the operating instructions template. The text from the risk reduction measure is inserted at the respective bookmark in the Word file:

Figure 7: Transfer of texts from the documentation in the risk reduction of Safexpert to Word

If the Word function ‘Track Changes’ is activated in the operating instructions template, the texts entered by Safexpert are highlighted in colour and a line is displayed on the left-hand side indicating that this text has been inserted. The Word functions ‘Previous’ and ‘Next’ in the ‘Tracking’ function group help to quickly find the changed locations.

In addition to the risk reduction documentation, defined project data in Safexpert, such as the intended use, is also transferred to the operating instructions. This is to prevent important information from being missing from the operating instructions.

Note: Usually, technical writers will revise the texts documented by the designers during the planning in the operating instructions. Thus, it is sufficient for designers to document in such a way that the technical writers understand the facts and can use them to create the correct references to residual hazards.
 

Attaching pictograms

Both the Machinery Directive and the Machinery Regulation require that information and warnings on the machine should preferably be provided in the form of easily understandable symbols or pictograms.

Therefore, Safexpert offers the option of defining for each risk reduction measure that a pictogram is to be affixed on the machine for this purpose:

Figure 8: Management of pictograms to be affixed on the machine

Safexpert contains a pictogram library for selecting pictograms:

Figure 9: Safexpert pictogram library for selecting standardised symbols

You can also create your own pictograms or pictogram libraries.

Risk adequately reduced

It is crucial that the risk is eliminated or adequately reduced for each hazard identified. To do this, the ‘Risk adequately reduced’ checkbox (8) is activated. As proof of quality, Safexpert records who set this flag and when.
 

Risk assessment and risk reduction completed

The risk assessment in Safexpert can only be completed when all hazards and hazard events have been assessed and the ‘risk adequately reduced’ flag has been set for all applicable hazards. All completed points are displayed in green, all hazards that have not been completed are displayed in red, and all hazards that do not occur on the machine are displayed in grey. Various filter functions provide a maximum overview in risk assessment and risk reduction:

Figure 10: Filter functions, colours and symbols help you to keep an overview.

Risk assessment is always performed for clearly defined limits of the machinery. The image on the right shows that all hazards are assigned to the defined limits of the machine. When everything has been completed, a check mark is added to the name of the limits of the machinery and it is displayed in green.
 

Overview in various project phases

Hazards and hazardous events can be identified using the hazards list in accordance with EN ISO 12100, Appendix B. Many designers are satisfied with this approach as a first step.

However, it soon becomes apparent in practice, especially with somewhat larger projects, that it is not logical in the design process to search for the hazard zones and phases of the machinery life in which the respective hazard occurs based on the hazards list. Different methods are advantageous for identifying hazards. Safexpert offers the possibility to switch the risk assessment to the preferred method:

Figure 11: Four views of the risk assessment facilitate the design

Notes:

• The view of hazard zones is particularly useful during the detailed design and when planning conversions. Here you can see which hazard zones have been defined on the machine and which hazards have been identified at the respective hazard zones.
• The views by phase of the machinery life provide an overview of the hazards that occur during certain actions, e.g. hazards exist when cleaning the machine.