Safety concern

The latest revision of the European Machinery Directive is the most significant change since the Directive's original introduction, so says Paul Laidler, managing director of industrial safety expert and validation authority Laidler Associates, a division of TÜV SUD Product Service (0333 1237 777)). And there are issues for machine tool buyers, users, suppliers and manufacturers flowing from it. The Machinery Safety Directive specifies what steps machine tool builders/agents (plus others) must take to assure national authorities that a machine is safe and can be put on sale within the European market (full wording). The so-called CE mark was one of the measures introduced to support the European Single Market created at the beginning of 1992, and which had the objective of removing barriers to trade throughout the then European Economic Area. Originally entering force in the UK in 1993 (with all machinery supplied in the European market after 1 January 1995 required to be CE marked), its latest iteration is the Machinery Directive 2006/42/EC, published on 9 June 2006 and applicable from 29 December 2009. So, just over 12 months in from the new Directive iteration, Mr Laidler set out the various issues, and confusions, at an event in London, in January. Image: Paul Laidler – the new Machinery Directive is causing some confusion, he says First, the scope of the directive has changed, with it now including partly completed machinery, which addresses the issue where machines were delivered and people told that "we can't CE mark it because you haven't put power to it; it's your responsibility". Lifting accessories, chains, ropes and webbing must also now carry a CE mark, but this is far from widely adopted yet, Mr Laidler offers. There have also been extensions to exemptions, so household appliances are no longer included, for example. But while all electric motors are also excluded, hydraulic motors are not, so confusion remains there, he adds. ESSENTIAL HEALTH AND SAFETY CHANGES The Essential Health and Safety Requirements (EHSRs) have also been broadened, with these now including: ergonomics; operating positions; seating; and lightning - while existing EHSRs have been modified, too, these taking in: guards and protection devices; and fixed guards. ( See box item 2.) Image: Do you know what to look for, following the introduction of the new Machinery Directive? And the impact of what may seem like rather innocuous wording can be great. For example, under fixed guards, the phrase "their fixing systems must remain attached to guards when the guard is removed" will, explains Mr Laidler, mean: "That every machine manufacturer will have to redesign his machine, because very few machine builders meet this." Some of these issues are only starting to be raised now because there was an agreement that if a machine was in the supply chain prior to the new directive coming into force, the old directive was deemed to apply – "but that excuse is getting rather thin now," says the safety expert. The holding of the so-called Technical File, which demonstrates that the EHSRs have been met, must also now be held by a named person "who must be established [a national of an EC country] in the European Community". This sets out to avoid the lack of traceability of documentation that has existed with some external-to-the-EC-supplied equipment. This is something else that has not yet been fully taken on board by many importers, believes Mr Laidler. Details apart, the scope of the directive has shifted, he offers, saying it is more of a lifecycle directive. This has been missed by many and, he explains, is one of the areas of major confusion. "The original directive says that a machine should be CE marked and compliant for 10 years and, additionally, under the EHSRs, for the foreseeable lifetime of the machinery, including assembly and dismantling. The new directive looks at phases of the life cycle, including transport right through to scrapping. So a manufacturer now has to tell a client how to scrap the machine, after it's been through its lifecycle. And that means that users may need to have this information, so they can scrap equipment correctly. The new directive is more a cradle-to-grave directive, with new standards supporting this thinking." ELIMINATING RISK, FOR A LIFETIME The directive's aim is to eliminate any risk throughout the foreseeable lifetime of the machinery including: transport; assembly; operation; maintenance; dismantling; disabling; and scrapping; with such measures also taking in "any reasonably foreseeable misuse [of the machinery] thereof". The latter qualification clearly calls for some extreme crystal-ball gazing, it is suggested. The second major area of confusion is with safety components – what they are - and with safety control systems. First of all, the new directive is more explicit about what constitutes a safety component. Originally, the definition was something that is placed on the market separately that has a safety function, but the new directive adds two more definitions, with one in particular held up by Mr Laidler as troublesome – "the failure and/or malfunction of which endangers the safety of persons". This, he suggests, is more then a little flexible and open to interpretation, with machine designers unclear what the boundary is. And the new Annexe 5 that gives an indicative list of safety components is unhelpful since it is just that, indicative. "Heating and ventilation firms making extraction systems do not CE mark their equipment now, but they will have to – do they know? I don't think so," offers Mr Laidler, who continues: "Guards and protection devices are now safety devices. So replacements, which might have been made by a local firm, or even in house, must now have a Declaration of Conformity and be CE marked." And this is an area that very much affects machine tool end users, because they must now consider whether a replacement part is, under the new directive, considered to be a safety component. Moving on to safety control systems, this is a major area of concern and confusion. Unlike the previous directive, operating a safety function via software is now allowable. So, access control via chips fitted to humans that react when electronic barriers are breached (no physical guards) and Bluetooth-connected E-stops are two technology examples cited of proffered solutions that would now be allowable, suggests the safety specialist, but with clearly discernable horror. Because of this safety control via software, related harmonised standards that support the EHSRs have seen changes and it is this that is causing the machine tool industry, in particular, some consternation. The concern is related to standard EN954-1 (Safety of machinery– Safety-related parts of control systems) and its replacement ISO 13849-1:2006 (Safety of machinery, safety-related parts of control systems: general principles for design), which is employed alongside ISO 13849-2:2003 (validation and testing) – incidentally, BS EN 62061 is applied to complex systems; machine tools are not complex systems. The problems have seen machine builders lobby for the continuation of EN954-1, which was won for two years, but the final date for its demise is December 31, 2011 ( see box item 3). STANDARDS CHANGE EN954-1 was, says Mr Laidler, relatively simple, requiring little validation, while the standard even included actual circuit drawings of what was required – ISO 13849-1 is more complex. The standard calls for the establishment of what is called a Performance Level (PL), with five levels possible, relating to [a]severity of injury, [b]frequency of event and [c] possibility of avoidance []See PDF here). In order to calculate these five levels, data relating to the mean time to dangerous failure (MTTFd) is required for safety components. "So, for every piece of safety equipment, its manufacturers will have to provide MTTFd data [or a PL figure], stating that after so many uses, this product could fail," he says. Back to our guards again, these will now have to be tested to derive MTTFd/PL, Mr Laidler offers, while users that incorporate safety parts into a system must similarly validate that the system meets the required PL. And it is here, again, where end users are affected. As the safety expert puts it, if EN954-1 can be considered an MOT – a snapshot of safety – then ISO 13849 is more akin to manufacturers advice, such as 'change the cam belt at 60,000 miles'. It takes into account the lifecycle of the machine and effectively puts the onus on the user to make sure the machine's safety systems remain safe. But Hardinge Machine Tools' Sean Briars, Bridgeport brand engineering manager, suggest that machine tool builders will consider usage and would likely build in alarms indicating when limits are exceeded. Problems already seen, Mr Laidler says, relate to: lack of MTTFd data; a current lack of understanding of the standard's requirements; confusion around PL and categories that are achievable by assessment and through validation; plus there are people who just don't know – worse, they don't know they don't know. And errors can be expensive. Laidler was called into validate a machine as safe. A machinery manufacturer had carried out 13849-1 assessment; chosen a Performance Level to use; installed the machine without validation. Through two-to-three-weeks' work, Laidler demonstrated that the method employed didn't achieve the required Performance Level, because the software used did not have MTTFd data. The installer had to remove the newly installed circuitry and start again, at additional cost. PUWER INTEREST End users legally have an interest in obtaining proof of safety, too, because of regulation 10 of PUWER 98 (Provision and use of Work Equipment Regulations), which was changed a few years ago, says Mr Laidler. Before, it only required that the buyer made sure machinery had a CE mark, but now, he offers, it requires buyers ensure that machines meet all the EHSRs of the relevant directives. This will result in end users actively looking for references to ISO 13849-1 in machine supplier documentation, with this exercising pressure of machine tool builders, it is suggested. Declarations of Conformity, issued by machine manufacturers, must include usage of harmonised standards. (Certificates of Conformity are different. They are issued by notified [validating] bodies, these stating that it believes that the equipment and the documentation that accompanies it are in conformity with the requirements of a directive, based on examination of a technical file.) Also under PUWER 98, regulation 18, regarding control circuits, means that, says the safety expert, a PUWER 98 assessment undertaken before 31 December this year can accept EN954-1, but afterwards it will require ISO13849-1. HSE PUWER documentation gives some credence to this. "There are national, European and international standards both current and in preparation (BS EN 60204-1, BS EN ISO 13849-1:2006) which provide guidance on design of control systems so as to achieve high levels of performance related to safety. Though they are aimed at new machinery, they may be used as guidance for existing work equipment." And BSI offers this: "Although there is no link between 'harmonised standards' and the requirements of PUWER 98, it is necessary for users of machinery to establish that it is safe for use in their workplace; this can involve demonstrating that relevant EHSRs of the Machinery Directive (and any other relevant Directives) have been fulfilled by, for example, ensuring that machinery has been designed in accordance with 'harmonised standards'." Second-hand machinery is also affected, Mr Laidler suggests, as a 'new' second-hand machine requires a PUWER assessment to be made by the purchaser, since the machine's location has changed. Support for this comes from CE marking/product safety specialist Conformance (01298 873800): "Even though the Supply of Machinery Regulations do not require pre-1995 machines to be CE marked even if they are re-sold, PUWER requires that they meet the same basic requirements as new machines. An employer is therefore prevented from avoiding their obligation to provide safe machinery simply by avoiding purchasing new machines." The implication similarly being that older CE marked machines cannot be purchased to avoid the new Directive's requirements. So, just as when the Machinery Directive was first introduced, there will clearly be a period of bedding in before things run smoothly and there is a settled view on a number or areas. [] Box items below: [] sources for training, guidance, advice; [] the EHSRs in detail; [] machine tool builders' issues detailed; [] ISO13849-1 safety approach described (This is a PDF). Box item 1 Training, advice, guidance [] Laidler Associates is running a series of short machinery safety seminars that are free for delegates to attend. The workshops will be of particular interest to mechanical or electrical engineers involved in specification, design, maintenance or modification of machinery; managers responsible for production, maintenance or design of factor equipment or anyone else connected with specifying and purchasing machinery. The dates and locations for the next events are: Newbury, Ramada Elcott Park, 5 April 2011; Solihull, Ramada Hotel, 3 May 2011; Fareham, TÜV SÜD Product Service, 7 June 2011; Scotland, tba, 5 July 2011; Bolton, Ramada Hotel, 2 August 2011; Newbury, Ramada Elcott Park, 6 September 2011; Solihull, Ramada Hotel, 1 October 2011; Fareham, TÜV SÜD Product Service, 1 November 2011; Scotland, tba, 6 December 2011. Visit www.laidler.co.uk/events/upcoming [] The first of the two SICK Machinery Directive seminars gives attendees a grounding on the directive and safety related control standards BS EN ISO 13849-1. Participants review the changes in the new directive, key considerations when modifying existing machines, safety control standards EN954 and get an introduction to the application of BS EN ISO 13849-1. The second seminar provides delegates with a thorough understanding in applying BS EN 13849-1 and delivers a practical and informal approach to understanding and implementing the key elements of the latest safety related control standards. Visit www.sick.co.uk [] Procter Guarding website has numerous relevant downloadable documents www.machinesafety.co.uk [] Leuze Electronic's machine safety inspection service is explained in a 12-page brochure. Its safety inspection service is like an MoT of a machine's safety, along with a description of the company's machine safety devices and support services. Click here [] A new book from BSI British Standards - Risk Management of Machinery and Work Equipment – offers guidance on and an explanation of: Supply of Machinery (Safety) Regulations 2008; Machinery Directive 2006/42/EC; Provision and Use of Work Equipment Regulations 1998; Harmonised standards, including BS EN ISO 13849. Click here. [] Machinery safety specialist Pilz Automation Technology is running machinery safety training courses during 2011. As well as a training course introduced last year on the new Machinery Directive 2006/42/EC, the range of courses available includes 1, 2 and 4-day City & Guilds Machinery Safety Courses; Safety Design incorporating ISO 13849/IEC 62061; CE Marking & Machinery Regulations; and Electrical Machine Safety in Industrial Installations. Visit www.pilz.co.uk/training. [] Siemens offers a Safety Evaluation Tool to help machine tool builders to calculate the safety levels of various set-ups, and allows the selection of elements from Siemens' product database. Box item 2 New EHSRs [] Ergonomics [] Operating Positions - the operating position must be designed and constructed in such a way as to avoid any risk due to exhaust gases/lack of oxygen etc. [] Seating - workstations constituting an integral part of the machine must be designed for the installation of seating [] Lightning - machinery which is designed for outdoor use and which may be subject to the direct effects of lightning must be fitted with a system for conducting the resultant electrical charge to earth. Modified EHSRs [] Guards and protection devices - must be securely held in place; guards must protect against the ejection or falling of materials and objects (See Procter Guarding website for a white paper on machine guarding - www.machinesafety.co.uk) [] Fixed guards - must be fixed with systems that can be opened only with tools; their fixing systems must remain attached to guards when removed; where possible, guards must be incapable of remaining in position without their fixings Box item 3 Problems with ISO 13849-1, according to CECIMO The Machinery Directive draws on three levels of standard – A, B and C. The first level (A) comprises general principles for the design of machinery. The second level (B) covers specific safety devices and ergonomic aspects. The third level (C) deals with specific classes of machinery by calling up the appropriate standards from the first two levels and addressing requirements specific to the class of machine. EN954-1 is referred to in level B and C standards and is being replaced by ISO 13849-1. ISO 13849-1 is a type B1 standard used to assist in the design and assessment of control systems and by Technical Committees preparing B2 and C standards. CECIMO, the Brussels-headquartered representative body for 15 national machine tool trade associations, is citing fundamental and detailed negative issues related to ISO 13849-1. It cites four areas of concern: missing MTTFd data; the method of determination of PL values; confusion over how safety functions should be modelled; and the effect of the interaction between residual risks. Missing MTTFd is covered in the main article and requires that suppliers of safety components provide this data. CECIMO says: "Major control system and component suppliers provide the characteristic data [ MTTFd or PL] for high quality safety products. But characteristic data are missing for commonly used control system components that do not expressly provide increased reliability – many of which are still used by those same suppliers. And some of the characteristic data are missing for the many mechatronic components used in machine tools controlled by central control systems: e.g. mechanical clamping units (turning chucks, collet chucks) and brakes, fluid power systems (hydraulics and pneumatics) and advanced electrical clamping concepts. Nor can characteristic data be gathered in the short time remaining." As for generating the data, it can be onerous for suppliers, it is said. On the method of determining PL values, it says that: "while the mathematical approach to PL appears to be internally consistent, it does not correspond to practical reality". The ISO 13849-1 approach does not take account of: a) reliability and other statistical data; b) accident history; c) history of damage to health; d) risk comparison, says CECIMO, pointing toward risk assessment standard ISO 14121 (replaces EN1050), referred to by ISO13849 but which does not then incorporate these particular items [a] through[d] into its PL calculations. ( See also box item 4 (This is a PDF)) Type C standards are being re-written now, with confusion even among experts evident, says CECIMO. Indeed, C standards for lathes have already been replaced, while those for machining centres will not be replaced before the end of the year, which effectively means they will still refer to EN954-1, even though that standard will no longer be valid. On confusion about how safety functions should be modelled by designers, it refers to a study undertaken by VDW and the German employers' liability insurance association BGIA. This highlighted how an existing safety system when modelled against the new criteria saw safety requirements intensified. Additionally, CECIMO says that previous discussions have shown that the responsible employees' liability insurance associations [like BGIA] must be consulted during the modelling process and that this contradicts the conformity evaluation procedure of the new Machinery Directive 2006/42/EC, which stipulates that conformity evaluation remains within the exclusive purview of the manufacturer (for non-Appendix-IV machinery). Worse, there are differences of opinion between the various employees' liability insurance association offices, CECIMO adds. Hardinge's Sean Briars offers an example of system modelling dilema. System modelling sees a circuit diagram converted to a functional block diagram. For a machine tool having four emergency stop locations, some designers might include four e-stops in the block diagram, while others might only include one, since only one is used at a time. Clearly, with fewer blocks, each having an MTTFd figure, a lower (better) probability of failure figure will result. But a further complication could be that not all e-stops are used equally, the one on the main control panel is likely to see more uses, which means that the probability of failure is higher for the one that is used most. As Mr Briars explains: "The difficulty in realising the 'safety-related block diagram' from the electrical schematic should not be under estimated, and there is no mechanism to independently verify that the structure of the block diagram produced is actually correct, even if the maths is." (See also SISTEMA Cookbook, below.) Finally, there' the handling of the interaction between multiple residual risks. CECIMO offers this: "What is the logical consequence? Perhaps the machines should be redesigned? Should the available control system components be made 10 times safer? Should a new generation of control system technology be developed? This seems ridiculous, as the available control system technology is already demonstrating a high safety level – as evidenced by the continuous reduction in accident rates." In fact, control systems are being made safer (and more expensive?). German CNC maker Heidenhain, for example, said it would be introducing new 'safe' controls during 2010: "Two redundant safety channels that work independently of each other are the foundation for controls with functional safety. All safety-relevant signals are captured, processed and output via two channels. Errors are detected by mutual comparison of the states and data in the two channels. This way, the occurrence of just one error in the control does not lead to the safety functions being incapacitated." The first control will be its iTNC 530, others will follow. Responding to Machinery's questions on these matters and any further action, CECIMO's director general, Filip Geerts, said that CECIMO "is not aware of a new work revision of ISO 13849-1, at this point" and that "practically speaking, it means that machine tool builders do not have the solution for after 2011....However, a machinery manufacturer remains free to apply alternative specifications to harmonised standards to prove the compliance with the Machinery directive." The most recent meeting on this subject was held on 9 September 2010, when CECIMO took part in the EU Symposium "Safety related control systems for machinery", organised by the European Commission and standards bodies CEN (mechanical) and CENELEC (electrical). At the symposium, several stakeholders from the Commission, industry and European standardisation bodies, as well as ISO, discussed the applicability problems of ISO 13849-1:2006, but no conclusions were reached on how to enhance it. CECIMO is awaiting the development of what is called a SISTEMA Cookbook from BGIA to help support implementation of ISO13849-1. SISTEMA stands for Safety Integrity Software Tool for the Evaluation of Machine Applications. (BGIA, since 1 Jan 2010, is the 'Institute for Occupational Safety and Health of the German Social Accident Insurance', or IFA.) SISTEMA was developed by the BGIA in Germany and is free for use. It requires the input of various types of functional safety data. The data can be input manually or automatically by using a Manufacturer's SISTEMA Data Library. A currently available SISTEMA Cookbook helps designers translate a safety-related block diagram information into SISTEMA, but not in line with CECIMO's requirements. See http://www.dguv.de/ifa/en/pra/softwa/sistema/kochbuch/sistema_cookbook1_end.pdf. But Hardinge's Sean Briars suggests that any examples will only relate to simple systems, so this is not a complete solution. On March 21 and 23, Leuze will be running free-of-charge, one-day training workshops on how to use SISTEMA, the free safety software tool to evaluate safety-related parts in a control systems. First published in Machinery, March 2011