The critical moment for a safety function mostly occurs while a Risk Assessment is being fleshed out according to the Machinery Directive.This is where the quality-level is decided that the safety components must meet. The measure of quality required, and the resulting cost of the safety components to be used, is the required performance level Plr. As a rule, these costs rise from PLr = a to PLr = e. So the aim is to find the right way to sufficiently reduce risk, achieve an appropriate safety level, and at the same time keep the cost of using safety components under control. You would not believe me if I told you that compliance with formalities can go hand-in-hand with opportunities to lower costs. And certainly not if directives and standards come into play, which are usually assumed to have more of a cost-increasing effect. Using an example calculation for the required performance level Plr in a risk assessment according to the Machinery Directive, I want to demonstrate to you that we can do exactly that. What is the iterative process?
Both the Machinery Directive and DIN EN ISO 12100 mention an iterative process with various principles of risk reduction. This procedure first calls for the principle of inherently safe design, then for use of protective measures such as separating guards and other contactless protective measures, for example. Finally, reference is made to the residual risks, and personnel qualifications and the wearing of personal protective equipment are specified. But how can this process help me cut costs? First, we estimate the risk before getting to the exciting solution.
Risk estimation (for risk parameters, see Table 1 at the end of the article)
Let’s look at a dangerous area that poses the risk of serious irreversible injury S2 (for explanations of the abbreviations used see the end of this blog), for example an openly rotating machine movement that transitions into an oscillating movement by means of a piston rod. Such dangerous areas can be found in large piston compressors, for example. Due to their open design, which is necessary for thermal reasons, and due to their accessibility, you can assume that people are frequently exposed to risk F2 for extended periods. If a person near the machine is caught by such a movement, it is no longer possible to avoid the risk and limit the damage. This yields an estimate of P2. It doesn’t really get worse than this.
Risk reduction without the iterative process
Now we need to minimise the risk. Instead of going through the iterative process, I “only” apply a risk reduction. This process is currently used by many of our customers. A design measure is not possible for thermal reasons. However, as only a design measure would be able to reduce the seriousness of the injury, the value remains at S2. Our only risk reduction is a separating guard with access and a control technology solution of access monitoring and a tumbler. This risk reduction reduces the value from F2 to F1 as personal accessibility has been reduced, which means that individuals are exposed to the risk rarely and for a short period. I can see no way to limit the damage here, so the value remains P2.
In summary, our estimate is S2, F1 and P2. However, the initial situation, in this case S2, F2 and P2, call for the required performance level PLr = e. We have thereby determined the highest required performance level whose implementation involves the highest cost.
Risk reduction with the iterative process
This is where it gets interesting. Let’s look at the initial situation again: S2, F2 and P2. We now apply the formalities of the iterative process by working through multiple risk reductions individually and according to various principles. As the design measure is once again not an option, the value remains S2. Now we split the risk reduction that we performed in a single step above into 2 individual steps. First we examine the separating guard with access. The spatial separation of individuals from machines achieves a reduction from F2 to F1 . The result after this risk reduction is S2, F1 and P2 and is therefore the starting point for the second individual step: the next risk reduction using the control technology measure with monitoring and a tumbler. Whether risk parameter P regarding the ability to avoid the risk or limit the damage could be reduced further is a matter for discussion. Let’s just assume that it stays constant at P2 . For the initial situation S2, F1 and P2 a required performance level PLr = d would result, which reduces the cost of implementing this control technology measure.
Quote from DIN EN ISO 13849-1 (translated from German): "The determination of the required performance level is the result of the risk assessment, related to the share of risk reduction achieved by the safety-related parts of the control" Exactly this part was examined during this second step.
Complying with formalities specified by directives and guidelines as shown with this iterative process can also offer potential savings – and all while ensuring an adequate reduction in risk. From my many years of practical experience I know that this option is not used everywhere or all the time.
So anyone who knows how to apply formal rules can gain an advantage without compensating for safety-related flaws.
Table 1: Risk parameter
S Seriousness of injury
S1 slight (usually reversible injury)
S2 serious (usually irreversible injury or death)
F frequency and/or duration of exposure to risk
F1 rare to infrequent and/or exposure to risk lasts a short time
F2 frequent to constant and/or exposure to risk lasts a long time
P option for avoiding the risk or limiting the damage
P1 possible in certain conditions
P2 almost impossible