Safety professionals are normally aware of what is safe and
unsafe, but we also need to consider the reliability of the safety
measure. For example, a moveable guard
over a hazardous area is unsafe if there is no interlock with the control
system. If there is such an interlock,
it is safe, but what about the reliability of the interlock?
Let’s just look at safety and reliability. When I started to
drive, cars had a single circuit braking system. Leakage from anywhere in the circuit would cause
loss of braking on all four wheels and the only recourse was use of the
cable-operated handbrake. Nowadays, cars
have dual circuit brakes with cross-checking and a dashboard light that shows
if there is a problem, long before you lose the ability to brake. A properly maintained single circuit system
was not unsafe, but the modern systems give a high level of reliability to that
safety.
The requirements for reliability of safety systems is covered
in EN 13849-1. This is not particularly
readable, so for my own use and the benefit of others, I provide a summary of
this in http://www.strategicsafety.co.uk/pdf/Technical-Paper-4-EN13849.pdf
.
Using the steps in this standard, you can take into account
the severity of the outcome (S), the frequency of exposure (F) and possibility
of avoiding the hazard (P) to arrive at a performance level for the
interlock. This standard is required for
new machines, but this analysis is invaluable when deciding what to do about
existing risk controls.
One error I often see is employers failing to check that
interlocks continue to work and the EN13849 approach can help you decide a
checking regime for these. Note that, in
my opinion, it is better to carry out such checks thoroughly less frequently,
rather than have people carry out perfunctory checks every day. However, it does depend on the S+F+P outcome.
One word of caution when assessing reliability. If the
interlock is wired as an input to the PLC, then you have to take into account
the reliability of the PLC and its software.
Interlocking independent of the PLC is normally far better.
Therefore, the actions you need to take are:
- Carry out the S+F+P analysis.
- Decide if existing safety provisions are reliable enough
- Put into place suitable checking systems or upgrade the
interlock system if necessary.