Six Steps to a Safe Machine
During the design and manufacture of machinery, the machine manufacturer shall identify and evaluate all possible hazards and hazardous points by undertaking a risk assessment (formerly also called a hazard analysis).
Based on this risk assessment, the machine manufacturer shall take suitable design measures to eliminate or reduce the risk. If the risk cannot be eliminated by these design measures or the remaining risk cannot be tolerated, the machine manufacturer shall select and apply suitable protective devices, and provide information on the residual risks if necessary.
To ensure the intended measures work correctly, overall validation is necessary. This overall validation shall evaluate the design and technical measures, as well as the organizational measures in context.
STEP 1: Risk Assessment
When designing a machine, the possible risks must be analyzed and, where necessary, additional protective measures must be taken to protect the operator from any hazards that may exist. To aid the machine manufacturer with this task, the standards define and describe the process of risk assessment. A risk assessment is a sequence of logical steps that facilitate the systematic analysis and evaluation of risks. The machine must be designed and built taking into account the results of the risk assessment.
Where necessary, a risk assessment is followed by risk reduction, which is achieved by applying suitable protective measures. A new risk should not result from the application of protective measures. The repetition of the entire process (risk assessment and risk reduction) may be necessary to eliminate hazards as far as possible and to sufficiently reduce the risks identified or newly emerged. In many C-type standards the risk assessment is defined to suit the specific machine and application. If no C-type standards are applicable or they are insufficient, the requirements in the A-type and B-type standards can be used.
The Risk Assessment Process
Risk Estimation and Risk Evaluation
After the hazards have been identified, a risk estimation is to be undertaken for each hazardous situation considered.
The risk related to each hazardous situation considered is determined by the following elements:
- The extent of harm that can be caused by the hazard (minor injury, serious injury, etc.)
- The probability of occurrence of this harm. This is defined by:
- The exposure of a person/persons to the hazard
- The occurrence of the hazardous event
- The technical and human possibilities for the prevention or limitation of harm
STEP 2: Safe Design
Safe design is the first and most important step in the risk reduction process. During this process, possible dangers are excluded by design. For this reason safe design is the most effective approach. Aspects of safe design relate to the machine itself and the interaction between the person at risk and the machine.
Examples:
- Mechanical design
- Operating and maintenance concept
- Electrical equipment (electrical safety, EMC)
- Concepts for stopping in an emergency situation
- Equipment involving fluids
- Materials and resources used
- Machine function and production process
STEP 3: Technical Protective Measures
Technical protective measures are implemented with:
- Protective devices that are part of a safety function, e.g., covers, doors, light curtains, two-hand controls
- Monitoring units (monitoring position, speed, etc.) or
- Measures to reduce emissions
Not all protective devices are integrated into the machine’s control system. An example of this situation is a fixed guard (barrier, cover). The main task is complete with the correct design of this protective device.
Functional safety
Where the effect of a protective measure is dependent on the correct function of a control system, the term functional safety is used. To implement functional safety, safety functions shall be defined. After this, the required safety level shall be determined and then implemented with the correct components and subsequently verified.
Validation
The validation of all technical protective measures ensures the correct safety functions have a reliable effect.
STEP 4: User Information about Residual Risks
If the application of safe design measures and technical protective measures does not provide the required risk reduction, the user shall receive additional warning with regard to prevailing residual risks and informed of the necessity to take further protective measures (in particular to use personal protective equipment).
Information for use about residual risks may include:
- Acoustic and optical warning devices
- Information and warnings on the machine
- Warnings in the instruction handbook
- Operating procedures, training requirements, or briefing of users
- Instructions about the use of personal protective equipment
Acoustic and optical warning devices
Information and warnings on the machine should take the form of symbols or pictograms whenever possible. They shall be drawn up in the official language of the country in which the machine is being put to market. Additional warnings in other official languages are acceptable. Information that is relevant to safety must be formulated in a way that is clear, easy to understand, succinct, and precise. Interactive means of communication must be easy to understand and support intuitive operation.
Information and warnings on the machine
If the operation of a machine is not monitored, warnings must be provided on the machine providing information about hazards caused by malfunctions. Warning devices must be clearly and readily understandable. It shall be possible for the operating personnel to check that they are constantly ready for operation. The manufacturer has a duty to inform of residual risks that remain.
Warnings and safety notes in the instrucion handbook
The instruction handbook shall include all safety-relevant information for the machine, in particular:
- Warnings relating to possible misuse of the machine that experience has shown might occur
- Notes about commissioning and operation of the machine as well as about required training and/or briefing of operating personnel
- Information about residual risks which remain in spite of measures taken to integrate safety in the design and use of protective devices and supplementary protective measures
- Instructions for protective measures to be taken by the user and personal protective equipment requirements
- Conditions under which requirements with regard to stability are met in the various life cycle phases of the machine
- Safety notes on transport, handling, and storage
- Instructions on the procedures to be followed in the event of accidents or incidents and for safe troubleshooting
- Instructions on safe setup and maintenance and the required protective measures associated with these
- Specification of the spare parts to be used which may affect the health and safety of operating personnel
STEP 5: Overall Validation
As functional safety is only one component of risk reduction, all measures (design and build, technological, and organizational) shall be assessed for their overall effect as part of an overall validation process.
In practice, therefore, it may be the case that an individual technical measure does not reduce risk but in the overall context a satisfactory result is achieved. Sufficient risk reduction can be considered to have been achieved if all of the following questions can be answered with "yes": Have all operating conditions in all phases of the machine's life cycle been taken into account?
Information for use about residual risks may include:
- Has the 3-step method been applied?
- Have the hazards been dealt with or the risks posed by the hazards minimized to the fullest possible practical extent?
- Is there an assurance that the measures taken will not result in new hazards?
- Have users been given sufficient information about and warning of the residual risks?
- Is there an assurance that the protective measures that have been taken will not impair the working conditions of operating personnel?
- Are the protective measures that have been taken compatible with one another?
- Has sufficient consideration been given to the possible consequences of using the machine in a non-commercial or non-industrial environment?
- Is there an assurance that the measures taken will not unduly impair the function of the machine as intended?
- Has the risk been reasonably reduced?
STEP 6: Placing the Product on the Market
Once conformity has been ascertained in the context of overall validation (if applicable by involving a notified Body), during the course of the preparation of technical documentation, the declaration of conformity can be issued and the CE mark added to the machine. The declaration of conformity shall take into account all European directives applicable to the machine.
Technical documentation
The scope of the technical documentation is described in Annex VII, Section A of the Machinery Directive. For incomplete machines, the specific requirements of Annex VII, Section B of the Machinery Directive apply. Based on the technical documentation, it shall be possible to assess the extent to which the machine meets the requirements of the Machinery Directive. Insofar as is necessary for the purpose of this assessment, the technical documentation shall cover the design, build, and function of the machine. It shall be drafted in one or more of the official languages of the European Union; the instruction handbook for the machine, to which the specific provisions of Annex I, Number 1.7.4.1 apply, is an exception to this rule.
Custody period and deadlines
The technical documentation must be held ready for the responsible authorities of the member states:
- From the day of construction of the machine
- For at least 10 years following completion of the last unit
- The technical documentation does not necessarily have to be physically located in the European Community and also does not need to be in material form (e.g., digital storage). However, the person designated in the EC declaration of conformity shall be able to make the technical documentation available by a reasonable deadline.
Scope of the technical documentation
- General description of the machine:
- Overview drawing of the machine, circuit diagrams of the control circuits along with descriptions and explanations necessary to understand how the machine operates
- Complete detailed drawings (possibly including calculations), test results, certificates, etc., necessary to examine the extent to which the machine meets essential health and safety requirements
- List of applicable standards and other technical specifications citing the essential health and safety requirements taken from these standards
- Risk assessment documentation ( 1-1) from which the procedure applied can be derived:
- List of essential health and safety requirements applicable for the machine
- Description of the protective measures taken to avoid the hazards identified or reduce risk and, if applicable, list of the residual risks posed by the machine
- All technical reports with the results of tests carried out by the manufacturer or a body selected by the manufacturer or the manufacturer's agent
- Instruction handbook for the machine
- Copy of the EC declaration of conformity
- If applicable, copy of the EC declarations of conformity for the other machines or products incorporated into the machine
- If applicable, declaration of incorporation and mounting instructions for incomplete machines
Instruction handbook
An instruction handbook in the official language of the country of use shall be supplied with the machine. This instruction handbook shall be the "original instruction handbook" or a translation of the "original instruction handbook"; in the latter case the original instruction handbook shall also be supplied.