addition, a machine should be reasonably safe for reasonably foreseeable misuse as well. The following foreseeable behavior of operators, maintenance personnel, and by-standers must be considered:
•Normal carelessness, inattention, or zeal (but not including deliberate and calculated misuse of the machine)
•Reflex behavior in cases of malfunction, disrupting incidents, failures, jams, etc., during use of the machine
•For some machines, particularly those foreseeably used by non-professionals, the foreseeable behavior of certain innocent, untrained, or unknowledgeable persons, such as children or disabled individuals.
To design a reasonably safe machine, the designer must understand the hazards and risks associated with the machine, and how to effectively reduce them to an acceptable level. Industry standards ISO 12100 and EN 1050 approach this task by working through two basic activities: Risk Assessment and Risk Reduction.
•A list of books and industry standards is provided in Section 2.5 of this chapter.
RISK ASSESSMENT
Risk Assessment is a series of systematic steps to enable the examination of the various hazards associated with the machine. Risk Assessment is followed, when necessary, by Risk Reduction. It must be assumed that a hazard will sooner or later lead to an injury or damage to health (or property) if no Risk Reduction safety measure is taken. This process is a repeating iterative one to eliminate or reduce hazards as far as possible. Risk Assessment steps include:
1.Risk Analysis
(a)Understand the machine, its function, requirements, and limits:
-Understand the machine’s space requirements, power requirements, operator requirements, maintenance requirements, intended use, and foreseeable misuse throughout all phases of the machine’s life cycles.
(b)Identify hazards and perform analysis:
-Identify and describe all reasonably foreseeable hazards associated with the machine.
-Identify all individuals who will be operating or maintaining or in the general area of the machine. Consider their skill levels and likely training.
-Understand the frequency and duration of each hazard’s exposure, as well as the relationship between exposure and likely consequences.
-Consider all reasonably foreseeable situations and conditions.
(c)Estimate risks:
-Perform a systematic analysis of risk based on:
• the severity of the possible harm, and
• the probability of occurrence
-Consider the individuals or property exposed, the type, frequency and duration of exposure, and the relationship between exposure and the effects.
-Refer to recognized industry standards for risk estimation procedures, including specifically MIL-STD-882 and ANSI B11. TR3. Other standards to consider include ANIS B11-2008, ISO 12100:2010, EN 1050, ISO/TR 14121-2, ISO 14121-1, EN 1005-5, and ISO 13849-1.
2.Risk Evaluation
(a)Based on the results from Risk Analysis, determine if Risk Reduction (or additional Risk Reduction) is required.
(b)If Risk Reduction is needed, then take appropriate safety-improvement steps. These could include eliminating a hazard, providing additional safeguarding, restricting or improving access, interlocks, etc.
(c)Repeat the Risk Assessment process until an acceptable level of risk is achieved.
There are several methods customarily used for analyzing hazards and estimating risks. Each has its own unique approach, strengths, and limitations. Although it is not imperative that any one of these methods listed should necessarily be used, some organized methodical approach should be, and the process should take place while the machine is being designed — not after. Some methods for analyzing hazards and estimating risks include:
Failure Modes, Effects, and Criticality Analysis (FMECA—sometimes known as FMEA) is a method of assessing designs or processes with respect to the various ways they can fail. Failure modes can affect safety as well as machine function. FMECA uses a worksheet (or software) to identify failure modes, their effects, risks, probabilities, and control (mitigation) methods. FMECA is covered in more detail in Chapter 12.
‘What If’ Analysis is a simple system of questions and answers. For machines or systems that are not too complex, “what if” questions are asked and answered in a systematic way about the machine and its operation for the purpose of evaluating the consequences of component failures, operator mistakes, or certain operational situations. The suitability of the machine, its controls, and its safeguarding and safety-related equipment are evaluated.
Fault Tree Analysis (FTA) uses deductive logic. This method starts with an unwanted event (the unwanted consequence) and works backwards to reveal the individual failures that can lead to that event. It enables individuals to find the various critical paths that can lead to the eventual unwanted event. The end event is first identified, then the various events and failures (and combinations of failures) that can lead to the final event are identified and listed, followed by estimates of probabilities of failure. A fault tree analysis can be used to determine the impact of alternative designs.
Preliminary Hazard Analysis (PHA) is an inductive analysis tool that helps identify and address machine hazards at the earliest stages of design. It is a means of creating an initial list of all hazards that may exist in every machine area and system and operation. It helps overcome the tendency to focus only on immediately obvious hazards, forcing an evaluation of potentially more serious or hidden dangers within a machine. Proposals for safety measures are the end result.
The DELPHI Technique involves providing questionnaires to a group of experts, individually, in successive steps. The results of the previous round of questions and answers, together with additional information from the others in the group, are communicated back to the participants. During the third or fourth round, the questions concentrate on those issues for which there is little or no general agreement. Because of its use of experts, this technique is notably efficient.
It should be understood that there are many methods of hazard identification and analysis. These listed are only a few. Each method has advantages for certain applications; therefore, it may be necessary to adjust or combine methods to match the situation at hand. It is important, whatever method is or methods are chosen, that hazard identification and analyses be performed early and often during the design process.
RISK REDUCTION
Risk Reduction is the process of taking sequential steps to either eliminate hazards or reduce hazards to an acceptable level. Although there are variations of lists of such steps, the following steps are commonly cited (listed in sequential order of most effective to least effective):
1.Eliminate or reduce the severity of the hazard (design the hazard out).
2.Safeguard the hazard (barrier guards or protective devices).
