by Manesha Kachroo Manesha Kachroo

Safe machinery provides a safe workplace for users and legal protection for both manufacturer and user. The safety of machinery starts from the design stage, when machine manufacturer identifies and evaluates all possible hazards and hazardous points by undertaking a risk assessment and applying design principles according to the applicable standards. The process of risk reduction is then applied based on that risk assessment. Risk reduction can be achieved through inherently safe design, installing protective devices, proper training to the user, other good design measures, applying protective measures and hazard notification methods.

Continue reading or Download a Free PDF Copy

Traditional views of the past were to guard only the most obvious hazards. The assumption was “why would anyone stick their hands in there?”. We know from experience that this thought process does not work anymore.

There is a need to visit existing equipment and evaluate existing guarding against our philosophy. There is a need to establish equipment/machine specification to ensure our machine safeguarding expectations are met.

The risk mitigation and safeguarding against the hazards should follow the hierarchy as shown in Figure 1. The goal should be to eliminate the hazards by design, which is the concept of inherent safe design; and then use engineering controls to improve the reliability of safeguards when they are put on demand. Procedural controls are important and make personnel aware of hazards and how to avoid them. However, the success of procedural controls depends on training and reliance on the user. Although effective, it may be just a matter of time when a procedural control fails. If possible, the inherent safe design and safeguarding should be primary means of risk mitigation and procedural control should be an additional measure.

Figure 1. Risk Mitigation and Safeguarding Hierarchy

The Plant Manager / machine user has to comply with both the prescriptive control measures, as required in the applicable standards, and identify the residual risks to control and mitigate those risks. In order to achieve this goal of risk reduction and conform that the requirements as specified in the applicable standards are met, it is recommended that the Plant Manager / End User follow the 7 (seven) steps as explained below (also shown in Figure 2).

Step 1: Identify Applicable Standards & Technical Requirements

The first step is to identify what standards apply to the machine. The Occupational Safety and Health Administration (OSHA) has generic requirements on Machine Guarding in 29 CFR 1910.212. However, OSHA has “grey” areas as to what constitutes proper guarding. Similarly, the 29 CFR 1910.217 on Control Reliability is not very elaborate as compared to ANSI, ISO, IEC standards on the subject. The OSHA machine control reliability is only mentioned in the 1910.217 for mechanical power presses. In comparison, the European Machinery Directive and its set of harmonic EN ISO and IEC standards provide a good framework for machine suppliers (to EU) and users (in EU).
Hence, it’s a good practice to refer to ANSI, ISO and IEC standards. There is a three-tier structure of International Safety Standards. Type A: Covers aspects applicable to all types of machines. Examples are EN ISO 12100 that outlines basic principles including risk assessment, guarding, interlocking, emergency stops, etc.; EN ISO 14121 that outlines fundamentals of risk assessment. Type B: Covers Type B1 – Specific safety and ergonomic aspects of machines and Type B2 –  Safety components and protective devices. Example is EN ISO 13849 on Safety related parts of control systems. Type C: Covers specific types or groups of machines. Example is EN ISO 10218 on Safety requirements for industrial robots. A good source to get the standards is

Figure 2. Path to Conformity Verification and Risk Reduction

Step 2: Review Documents & Drawings

The Machine end user should review machinery and its component drawings, operation and maintenance procedures, instruction manuals, safety data sheets, safety distance calculations, required performance level of safety related control systems, etc.  – everything against the applicable standards.

Additionally, the review process should check if all the recommendations in previous audits and risk assessments have been properly closed out.

Continue reading or Download a Free PDF Copy

Step 3: Visual Inspection & Audit

The inspection process should include (i) completion of the Machine Inspection Checklist; (ii) completion of the Risk Assessment spreadsheet; and (ii) Functional test. For complex machinery, an elaborate risk assessment workshop should be held to brainstorm the hazards, causes, effects, safeguards and risk reduction measures (see Step 4). For machinery without complete assembly of control systems, or not at end-user site, the functional test should be carried out with proper procedures after full assembly on site (see Step 6).

The machine should be protected against accidental activation and it should be verified during the inspection and functional test that the energy source is lockable.

The visual inspection should conform that guards meet OSHA/ISO/IEC standards. The visual inspection is completed taking into consideration all machine states of
operation; start up, adjustment, jam clearing, etc.  All safeguards should be checked against hazards due to mechanical motion, heat, electrical causes, chemicals, radiation, fall issues, other hazards like noise, or combination of hazards. The visual inspection should verify if requirements regarding labeling, warning signs, color coding, emergency stops, magnetic starter switches are met.

Step 4: Risk Assessment

Risk assessment should be a part of company’s new equipment machine specification procedures. Risk assessment should also be used when examining the need to upgrade guarding and control system on existing equipment.

Risk assessment establishes the foundation and the early framework for the design and implementation of an effective machine safety program. Risk assessment provides a method for determining equivalent levels of protection when designing safeguards. The process takes away most of the guesswork when estimating risk and prescribing safety system performance. Risk assessment should be a ‘living’ documented process that can be filed and maintained for the entire life of the machine. It is synonymous with due diligence.

Figure 3. ISO 13849 Risk Graph and Reliability estimation of Safety-related part of the Control system

Step 5: Performance Level Verification (Functional Safety)

Performance levels relate to reliability of the safety control system and can be electrical, hydraulic and pneumatic. The required performance level (PLr) as defined in ISO 13849 (Figure 3) and determined during the design stage, should be verified in case of any modification to the machine and/or its control system so that when we put the safety devices on demand, the system should function reliably every time. For more complex control system, IEC 62061 and IEC 61508 should be used.
The rationale is that the more the risk reduction depends upon safety-related control system, the higher should be the reliability of that safety-related control system (Figure 3).

Risk assessment should be part of a company’s new equipment machine specification procedures. Risk assessment should also be used when examining the need to upgrade guarding and control system on existing equipment.

Step 6: Functional Test

The Plant Manager / End User should include functional test scenarios in the machine verification program. It is important to understand the difference between Functional Test (verification activity) and Acceptance Test (validation activity).

Final acceptance is subject to a Site Acceptance Test (SAT) during which there will be a final review of the machine and a final function testing of all the safety system. Writing and converting this into the specifications gives the Plant Manager / End User a final opportunity to pick up issues before the machine is accepted from the manufacturer.

Step 7: Training

Before starting a machine guarding and risk reduction initiative, it is imperative to train Managers, Technical staff, Maintenance, Machine operators and set-up personnel on guarding, control system and risk reduction philosophy and requirements.

Operators, Maintenance and Set-up Personnel should be trained on machine hazards, machine safeguards and how they provide protection.

Risk assessment should be a ‘living’ documented process that can be filed and maintained for the entire life of the machine. It is synonymous to due diligence.

Concluding Remarks

The machine users need to be made part of the process, or else new safeguards will not be used properly as intended.
The verification, hazard identification and risk reduction program should be developed within a continuous improvement framework. Any modification to the machine and/or its control system or change of operating procedure or environment in which the machine is working should trigger the Plant Manager to undertake these 7 (seven) steps. Change in Operation and/or Maintenance personnel should trigger a comprehensive training program. Continuous development process and good practice also means that these 7 (seven) steps should be implemented on a regular basis, both at machine and plant levels.

The 7 (seven) steps undertaken as a continuous development process enable the Plant Manager / End User to manage and control the risks to the desired/tolerable level.

Download a Free PDF Copy

Please leave your comment below.

For questions and suggestions please email to