International Diploma in Occupational Health and Safety PDF

Please be advised that the course material is regularly reviewed and updated on
the eLearning platform. SHEilds would like to inform students downloading these
printable notes and using these from which to study that we cannot ensure the
accuracy subsequent to the date of printing. It is therefore important to access
the eLearning environment regularly to ensure we can track your progress and to
ensure you have the most up to date materials.
Version 1.1b
Element C6: Machinery safety
Learning outcomes:

On completion of this element, candidates should be able to:

• outline with examples, the classification, assessment and control of risk of

machinery hazards;
• outline the role and application of European standards relating to machinery;
• outline the main safety issues which should be considered when designing and
operating programmable electronic systems (PES).

Relevant Standards

• International Labour Standards, Guarding of Machinery Convention , C119,

International Labour Organisation, Geneva, 1963
• Transposed Harmonised Standards British/European/International
• BS EN ISO 12100-1:2003 Safety of machinery. Basic terminology and methodology
• BS EN ISO 12100-2:2003 Safety of machinery. Technical principles
• BS EN ISO 14121-1:2006 Safety of machinery. Risk assessment. Principles
• BS EN ISO 14121-2:2006 Safety of machinery. Risk assessment. Practical
guidance and examples of methods

Minimum hours of tuition 6 hours.

1.0 Machinery risk assessment

Crushing
Where a part (or whole of) the body is crushed between a moving part of the machine and
a static object.

Shearing
Where one part of a machine moves together with another part of the machine and
causes one to move (on top of the other).

Cutting/severing
Whereby a part of the operator is cut or severed by a sharp edge or moving part of the
machine.

Entanglement
Where a rotating part of the machine gets caught with the operator's clothing (drawing the
operator into the machine).

Drawing in/trapping
Where the body or parts of the body, are drawn into the machine (caused by two moving
parts of the machine).

Impact
Where a person is hit by a powered part of the machine.
Stabbing/puncture/ejection
Where the person’s skin is penetrated by a part of the machine or process.

Friction/abrasion
Where the person comes into contact with a fast- moving part of the machine.

High pressure fluid injection

Where the pressure of fluid in a system penetrates the skin and tissues of the person.

1.1 The classification of non-mechanical hazards

Noise
Is a hazard to both the operator and the operatives and others working nearby.

Vibration
Can cause adverse effects to the body – such as problems with blood flow, or muscular
problems.

Electricity
Electric shock is the most obvious hazard, but fire and explosion are also associated.

High / low temperature

Workers who are either too hot or too cold can become affected i.e. through lack of
concentration, heat stroke etc.

Radiation
Are health hazards that must be controlled.

Hazardous substances
Some machines use and give off (as a waste product) substance hazardous to health.

1.2 Hazards from typical machines

Sample list of hazards are as follows:

Drills
(a) seizure of hair by revolving shafts, spindles, chucks and drills;

(b) entanglement of gloves, loose sleeves, bandages and rings, usually at the tip of the
drill;

(c) violent spinning of the workpiece in the absence of proper clamping arrangements.

Circular saws

• Damaged blades.
• Loose blades.
• Loose guards.
 • Operator error.

Guillotines

1) Cutting.

2) Drawing in.

3) Electricity.

4) Noise:

(a) the impact of the clamps on the stock;

(b) impact of the blade;

(c) stock vibrating after the cut;

(d) fall of scrap at the rear of the machine;

(e) engagement of the clutch;

(f) noise from the electric motor;

(g) exhausting pneumatic valves.

Paper shredders
"Company Director, Paul White (43) of Drayton today received a twelve month custodial
sentence at Norwich Crown Court following the death of an employee at his paper
recycling business, M W White Ltd of Ketteringham, Norwich on 22 December 2003.

"The custodial sentence followed Mr White’s earlier guilty plea to manslaughter and health
and safety charges. His company today was also fined £30,000 with costs of £55,000.
The sentencing follows a full investigation jointly carried between detectives from Norfolk
Constabulary CID and inspectors from the Health and Safety Executive (HSE) into the
death of Kevin Arnup (36). Mr Arnup had climbed into a paper-shredding machine to clear
blockages when the machine started, fatally injuring him. The machine contained a series
of hammers projecting 15cm from a shaft, which revolved at high speed. The extensive
investigation revealed that the machine was not securely isolated whilst the unblocking
work was being carried out (there was no local electrical isolator provided for the
machinery), there was no safe system for such work and the electrical controls for the
machine were contaminated with dust. Commenting on the case, Minister for Health and
Safety, Lord Hunt said: "Tragic incidents in the workplace such as this are totally
preventable. All employers must make the welfare of their employees a top priority by
ensuring that safe systems of work are provided and maintained."

"There is also a need to make certain that employees are properly instructed in how to
operate machinery to guard against any threat of injury or death." HSE investigating
Principal Inspector, Paul Carter said "This was a horrific incident that was entirely
foreseeable. Isolating the machinery, a safe system of work for clearing blockages,
together with adequate instruction, training and supervision of Paul White’s staff would
have prevented this incident. Evidence showed that Paul White chose not to follow the
advice of his health and safety consultant and instead adopted a complacent attitude
allowing the standards in his paper recycling business to fall. I encourage all employers to
take a fresh look at their business activities, review their risk assessments to ensure that
sensible control measures are in place and that employees understand what is expected
of them."

Abrasive wheels

• Handling.
• Storage.
• Rotation speed.
• Sparks.
• Atmosphere.
• Noise.
• Friction and abrasion.
• Ejection (of parts of the wheel).

Lathes
• contact with rotating cutters;
• ejection of the work piece and/or cutter;
• trapping and crushing caused by moving carriages, swinging arms and moving
turrets;
• unexpected movement or start-up caused by faults in the automatic cycling of the
machine;
• noise emission (often in excess of 100 dB(A));
• exposure to dust and chippings, often in excess of the maximum exposure limit
(MEL) of 5 mg/m3 (milligrammes per cubic metre) for hardwood and softwood dust.

Simple robots
• Drilling.
• Cutting.
• High pressure fluid.
• Impact.
• Contact.

Mechanical and hydraulic presses

• High pressure fluid.
• Crushing.
• Impact.

Portable power tools

Depending upon the tool:

• Vibration.
• Sparks.
• Noise.
1.3 The factors to be considered when assessing risk
The risk assessment process should be adhered to:

Persons at risk
The operator.
Employees near by.
Visitors.

For each group, you must also decide on their numbers.

Severity of possible injury

If there is likely to be an injury, what type of injury is it likely to be?

Probability of injury
What is the probability of the machine causing an injury?

Need for access

Maintenance?
Repairs?

Duration of exposure
In relation to noise.
In relation to vibration.

Reliability of safeguards
Remember the hierarchy of guards as laid out in PUWER 1998:

(a) fixed enclosing guards;

(b) other guards or protection devices such as jigs, holders and push-sticks
etc; and

(c) the provision of information, instruction, training and supervision.

1.4 Video: [News bulletin] Machinery

Safety
http://www.sheilds-elearning.co.uk/file.php/4/video/NewsMachinerySafety.flv

1.5 The main types of safeguards

Within this section, we will examine the various methods of protection, exploring their
principles, merits and limitations:

• Fixed guards.
• Interlocked guards.
• Trip devices (light curtains, foot mats and sensitive edges).
• Adjustable/self-adjusting guards.
• Two-hand controls.
• Protective appliances.
• Personal protective equipment.
 • Information, instruction, training and supervision.

Guards or protection devices must be used to protect risks such as moving parts.

These must be of robust construction and not be easy to bypass. Fixed guards must be
held in place by fixings which can only be undone with tools. Movable guards should be
interlocked. Adjustable guards should be readily adjustable without the use of tools.

Electrical and other energy supply hazards must be prevented. There must be no risk of
injury from temperature, explosion, noise, vibration, dust, gasses or radiation. There must
be proper provision for maintenance and servicing. Sufficient indication and warning
devices must be provided. Machinery shall be provided with instructions for safe
installation, use, adjustment etc.

There are special requirements for agri-foodstuffs, hand-held, wood working machines
and also lifting and underground equipment.

1.5.1 Fixed guards

Fixed guards will prevent access to danger zones of machinery (which will contain moving
parts). Fixed guards have no moving parts and are fastened in a constant position,
relative to the danger zone:

They are kept in place permanently, by welding for example, or by means of fasteners.

1.5.2 Interlocked guards

Interlocked guards.

These are movable guards with interlocking switches.

If access is required, there needs to be a movable (openable) guard which is interlocked

with the power source of the hazard in a manner which ensures that whenever the guard
door is not closed, the hazard power will be switched off. This approach involves the use
of an interlocking switch fitted to the guard door.

The control of the power source of the hazard is routed through the switch section of the
unit. The power source is usually electrical but it could also be pneumatic or hydraulic.
When guard door movement (opening) is detected, the interlocking switch will isolate the
hazard power supply either directly or via a power contactor (or valve).

Some interlocking switches also incorporate a locking device which locks the guard door
closed and will not release it until the machine is in a safe condition. For many
applications, the combination of a movable guard and an interlock switch with or without
guard locking is a reliable and cost-effective solution.

This type of guard will have benefits that:

• The hazardous machine functions covered by the guard cannot operate until the
guard is closed.
• If the guard is opened while hazardous machine functions are operating, a stop
instruction is given.
• When the guard is closed, the hazardous machine functions covered by the guard
van operate, but the closure of the guard does not itself initiate their operation.

1.5.3 Automatic guards

• Moved into position automatically by the machine
• Physically removes from the danger area any part of a person exposed
to danger

1.5.4 Trip devices

Trip devices.

These include:

• Light curtains.
 • Foot mats.
• Sensitive edges.

When frequent access is required, physical guarding at the hazard is sometimes too
restrictive for part loading or adjustment. In this situation, a device is required which
prevents dangerous motion while allowing unrestricted access by sensing the presence of
the operator and sending a stop signal.

Photo-electric light curtains.

These devices emit a curtain of harmless infra-red light beams in front of the hazard area.
When any of the beams are blocked, the light curtain control circuit sends a stop signal to
the guarded machine. There are many factors which affect the type and positioning of a
light curtain.

Light curtains are extremely versatile and can guard areas many metres wide. By the use
of mirrors, the light beams can be diverted round corners to enclose a machine. They are
available with different light beam spacings making them suitable for many applications,
ranging from totally enclosing perimeter guards for industrial robots, to point of access
guards for certain types of presses.

Pressure-sensitive safety mats.

These devices are used to guard a floor area around a machine. A matrix of
interconnected mats is laid around the hazard area and any pressure (e.g. an operator's
footstep) will cause the mat controller unit to send a stop signal to the guarded machine.

Pressure-sensitive mats are often used within an enclosed area containing several
machines e.g. flexible manufacturing or robotics cells. When access may be required into
the cell (for setting or robot teaching, for example), they prevent dangerous motion if the
operator strays from the safe area.

Pressure-sensitive edges.

These devices are flexible edging strips which can be fixed to the edge of a moving part
such as a machine table or powered door, where there is a risk of a crushing or shearing
hazard.

If the moving part strikes the operator (or vice versa) the flexible sensitive edge is
depressed and will send a stop signal to the power source. Sensitive edges can also be
used to guard machinery where there is a risk of operator entanglement. If an operator
becomes caught up and dragged by the machine, he will be pulled onto the sensitive edge
thereby tripping its switching action.

These trip devices do not actually restrict access but only sense it. They rely entirely on
their ability to both sense and switch. For the provision of safety therefore, it is important
that their control circuit be control-reliable. Also they must only be used in correct
applications.

In general, they are only suitable on machinery which stops immediately after removal of
power. Because an operator can walk or reach directly into the hazard area, it is
necessary that the time taken for the motion to stop is less than that required for the
operator to reach the hazard after tripping the device.

The following shows a photo-electric device fitted to a press brake:

1.5.5 Adjustable / Self-Adjusting Guards

Adjustable guards are guarding systems which require manual adjustment to give
protection.

They are used on woodworking machinery, milling machines, lathes, drills and grinding
wheels.

Many of the guards are designed so the work-piece can be observed during machine
operation. Windows of polycarbonate or armoured plate glass allow the operator a clear
view.

Some systems are made with telescopic fencing or a slotted movable casting. Both
systems allow observation of the work-piece.
This kind of guarding can be difficult for the operator to use and is easy to defeat.
However, it is sometimes the only practicable method.

Adjustable guards and other guards which do not completely enclose the dangerous parts
should only be used in situations where it is not practicable to use fixed enclosing guards
or protection devices which would give a greater level of protection.

1.5.6 Two-hand controls

There are other ways of preventing access while the machine is in a dangerous condition.
The use of two hand controls (also referred to as bi-manual controls) is common on
certain types of machinery. Two start buttons have to be operated at the same time to run
the machine. This ensures that both hands of the operator are occupied in a safe position
(i.e. at the controls) and, therefore, cannot be in the hazard area.

Note: This type of measure only protects the operator and does not give protection to
other personnel.

A two-hand control system depends heavily on the integrity of its control and monitoring
system to detect any faults, so it is important that this aspect is designed to the correct
specification. The physical design should prevent improper operation (e.g. by hand and
elbow). The machine should not go from one cycle to another without the releasing and
pressing of both buttons. This prevents the possibility of both buttons being blocked,
leaving the machine running continuously. Releasing of either button must cause the
machine to stop. The use of two-hand control should be considered with caution as it
usually leaves some form of risk exposed.

It is very useful, however, on applications such as teach mode pendants and inching
controls because it can give enhanced levels of protection when used in conjunction with
other protective devices.

The figure below is of a cross-cut saw operated by two hand control and fitted with a short
tunnel guard.

1.5.7 Mechanical restraints

A mechanical restraint is classed as ‘a device that applies mechanical restraint to a
dangerous part of machinery which has been set in motion owing to failure of the
machinery controls or other parts of the machinery, so as to prevent danger’ – BS EN 292.

1.5.8 Jigs and push sticks

Jigs and push sticks are used to hold a work piece in place when used on the
machine.

1.5.9 Safety information and appropriate training

All users of work equipment must be provided with adequate health and safety
information. The employer must make it available and may have to provide written
instructions on the use of work equipment. This means the workforce should have easy
access to such information and be able to understand it.

Users must be trained to use equipment safely and supervisors must also receive
adequate training on potential risks and precautions.

The training and supervision of each individual operator will vary. It is essential that an
assessment is made of those needs by a person who is competent to make such an
assessment.

1.5.10 Video: Machinery Safety

http://www.sheilds-elearning.co.uk/file.php/4/video/Machine_Guards_video-
FINAL.flv

1.5.11 Assessment of training needs and requirements

Assessment.

Assessment is in two stages, firstly to identify the training needs of the individual and
secondly to measure the success of the training that has been given.

The assessors should be familiar not only with the machining processes but also with the
relevant legal requirements and safe working practices

Trainers.

The correct selection of supervisors and managers who undertake training is central to
any successful training scheme. They should be competent in the safe operation of the
class and type of machine, the type of work or operation on which training is to be given
and the risk and control measures to be adopted in each particular case.

Trainers should be able to communicate easily and have the necessary technical
understanding and knowledge of the legal requirements.

Supervision.

What constitutes an adequate level will vary during the training process. Initially,
supervision should be continuous and on a one-to-one basis, with gradual relaxation as
the trainee becomes more competent. As each new operation or training element is
introduced, the level of supervision will need to rise again, reducing gradually to a more
general level only when the trainee has demonstrated competence by consistent adoption
of safe working practices.

Competence.

No one should be allowed to work at a woodworking machine unless they have

demonstrated competence on the basis of a supervisor or trainer's assessment.

Competence is demonstrated when the trainee has been sufficiently trained, has the
requisite knowledge and safe working practice has been used consistently when working
at the machine.

Authorisation.

The authorisation, preferably in writing, should list those machines and operations for
which authorisation is given and it should be made clear to the operator that other
machines should not be used until authorisation is given. A copy of the authorisation
should be given to the operator.

Personal Protective Equipment (PPE).

In addition to the above measures, it may also be necessary for the operator to use
equipment such as special gloves, goggles, respirators etc. The machinery designer
should specify what sort of equipment is required. The use of personal protective
equipment will not usually form the primary safeguarding method but will complement the
measures shown above.

Each measure from the hierarchy should be considered in turn, starting from the top and
used where practical. This may result in a combination of measures being used.

If access is not required to dangerous parts, the solution is to protect them by some type
of fixed enclosing guarding.

If access is required, then life becomes a little more difficult. It will be necessary to ensure
that access can only be gained while the machine is safe. Protective measures such as
interlocked guard doors and/or trip systems will be required. The choice of protective
device or system should be heavily influenced by the operating characteristics of the
machine. This is extremely important as a system which impairs machine efficiency will
render itself liable to unauthorised removal or by-passing.

The safety of the machine in this case will depend on the proper application and correct
operation of the protective system, even under fault conditions. The proper application has
been dealt with by the appropriate choice of general type of protective system. The correct
operation of the system must now be considered. Within each type, there is likely to be a
choice of technologies with varying degrees of performance of fault monitoring, detection
or prevention.

In an ideal world, every protective system would be perfect with absolutely no possibility of
failing to a dangerous condition. In the real world, however, we are constrained by the
current limits of knowledge and materials. Another very real constraint is, of course, cost.
It becomes obvious, because of these factors, that a sense of proportion is required.

Common sense tells us that it would be ridiculous to insist that the integrity of a safety
system on a machine that may, at the worst case, cause mild bruising, to be the same as
that required to keep a jumbo jet in the air. The consequences of failure are drastically
different and, therefore, we need to have some way of relating the extent of the protective
measures to the level of risk obtained at the risk estimation stage.

Whichever type of protective device is chosen, it must be remembered that a safety-

related system may comprise many elements including the protective device, wiring,
power-switching device and sometimes parts of the machine's operational control system.
All these elements of the system (including guards, fixings, wiring etc) should have
suitable performance characteristics relevant to their design principle and technology.

1.5.12 Emergency Stops and Cut-off devices

Emergency stops.
Wherever there is a danger of an operator getting into trouble on a machine, there must
be a facility for fast access to an emergency stop device.

The usual way of providing this is in the form of a mushroom-headed push button, which
the operator strikes in the event of an emergency. They must be strategically placed in
sufficient quantity around the machine to ensure that there is always one in reach at a
hazard point.

Grabwire switches.

For machinery such as conveyors etc., it is often more convenient and effective to use a
grabwire device along the hazard area. These devices use a steel wire rope connected to
latching pull switches so that pulling on the rope will operate the switch and cut off the
machine power.

Telescopic trip switches.

Other variations include telescopic antenna switches, where deflection of the antenna
causes the switch to cut off the machine power. These devices are more commonly used
as trip devices on machinery such as pillar drills. The switch is mounted on the drill and
the antenna is extended down next to the drill bit. In the event of the operator becoming
entangled with the drill, he will be pulled onto the antenna which operates the switch.

1.6 Safe Systems of Work - a case study

June 2010

Staff working at BAE Systems regarded a machine which crushed a factory worker to
death as "risky", an inquest heard.

Gary Whiting, of east Hull, died after he entered a metal-pressing machine at the Brough
factory which was then turned on by colleague Alan Abbott.

The pair were working as part of a four-strong maintenance team tasked with servicing the
ASEA press machine at the site in Skillings Lane, Brough, in November 2008.

The frame inside the press descended after the machine was turned on and Mr Whiting
was trapped by it.

Mr Abbott has already told the inquest into the death of the 51-year-old that he did not
know Mr Whiting had entered the machine when he turned it on.

Derek Dobson, the engineer who is responsible for risk assessment at BAE Systems,
gave evidence on day six of the hearing.

He told Dale Collins, the solicitor representing the aircraft manufacturer, that staff
regarded the machine as risky when he asked if any of the staff had raised concerns
about the safety of the machine.

He said: "They all said that they thought it was a risky machine."
Mr Dobson told Mr Collins that the staff had assured him they could "handle it".

Mr Dobson explained to the jury that, as the general risk assessor, he is responsible for
ensuring there is a generic risk assessment for each of the 450 machines on site.

When writing the risk assessment for the ASEA Press machine, Mr Dobson did not list the
frame coming into contact with the human body as a risk.

Asked by Coroner Geoffrey Saul if there was a reason that the risk from the movement of
the frame was not listed in the assessment, Mr Dobson told him it was because that risk
was detailed in the manual.

Mr Dobson said he had spoken to team leaders who worked on the ASEA press machine
who told him it was normal practice to work from the manual.

Andrew Hogan, the solicitor representing Mr Abbott, also asked Mr Dobson why there was
no mention of risk from the frame coming into contact with the human body in either the
1999, 2004 or 2006 risk assessments.

Mr Dobson said: "I would think its because the manual would have told them (staff
working on the ASEA Press) about that risk."

John Moutrie, a specialist inspector for the Health and Safety Executive (HSE), criticised
the system that was in place for workers using the metal-pressing machine.

The jury at the inquest has already heard the recognised "safe system" of working
involved checking if anyone was in the machine, and shouting to one another, before
turning it on.

Yesterday, Mr Moutrie criticised this method, stating four reasons why it fell below health
and safety standards.

He said, in his opinion, looking into the machine to see if there was anyone in the "danger
area" was not a satisfactory system, because:

• A person could be concealed from the team leader's view.

• A person could enter by door B after the team leader had checked the area.
• If there was a delay before the machine started a person could enter by doors B, C
or D thinking the machine was not about to start.
• After operating the machine, a person located at doors B, C or D might assume the
test cycle was complete and enter the press, when in fact the team leader intended
to repeat the process.

Mr Moutrie explained to the jury a safer system of working would be using ISO Locks,
where each member of the team has a padlock, which they place on the machine if they
are going inside.

He said that eliminated the risk of a worker turning on a machine, not knowing a colleague
is inside.

He said: "The system that was being adopted in no way comes close to the best system
you could have as a safe system of work.

"The incident occurred because the maintenance activity was not being adequately risk
assessed and the ad-hoc safe system of work in use was not sufficiently robust to prevent
a person being in the machine when it was started in service mode."

Asked how far below health and safety standards the system used falls, Mr Moutrie
replied: "It falls well below, I think."

Mr Moutrie also criticised the fact being crushed by the machine in the same way Mr
Whiting was had not been considered in the risk assessment for that machine.

All the evidence in the inquest has now been heard and the coroner is expected to begin
summing up the case today.

1.6.1 Safe Systems of Work

Work equipment should be erected, assembled or dismantled safely and without risk to
health. Safe systems of work and safe working practice should be followed to achieve this.

A safe system of work is a formal procedure which should be followed to ensure that work is
carried out safely and is necessary where risks cannot be controlled by other means. The
work should be planned and potential hazards identified. You should ensure that the
systems of work to be followed are properly implemented and monitored and that details
have been communicated to those at risk.

An example of a permit to work system is outlined below:

1.6.2 Isolation
Any machinery that has been (for whatever reason) withdrawn from service should be
correctly isolated. This must take the form of:

Physical isolation: Barriers or fencing around the said article that prevent access to (either
accidentally or intentionally) the machinery by persons.

Mechanically or electrically: This is achieved by rendering the equipment useless by

disconnecting the ability to supply it with the required energy.

1.6.3 Working at unguarded machinery

Regulation 7 of the PUWER 1998 Approved Code of Practice gives clear advice on
specific risks when using machinery:

You should ensure that, wherever possible, risks are always controlled by (in the order
given):

• eliminating the risks, or if that is not possible;

• taking ‘hardware’ (physical) measures to control the risks such as the provision of
guards; but if the risks cannot be adequately controlled;
• taking appropriate ‘software’ measures to deal with the residual (remaining) risk,
such as following safe systems of work and the provision of information, instruction
and training.

Normal operation.

Where the risks from the use of work equipment cannot be adequately controlled by
hardware measures - such as guards or protection devices - during its normal operation, it
is particularly important that only the persons whose task it is should be allowed to use
such equipment. They should have received sufficient information, instruction and training
to enable them to carry out the work safely.

Repairs, modifications etc.

Where the risks from the use of work equipment cannot be adequately controlled by
hardware measures such as guards or protection devices during repair, maintenance, or
other similar work, only persons who have received sufficient information, instruction and
training to enable them to carry out the work safely should do the work. They shall be the
designated person for the purpose of this regulation.

Specific risks can be common to a particular class of work equipment; for example, the
risks from a platen printing machine or from a drop forging machine. There can also be a
specific risk associated with the way a particular item of work equipment is repaired, set or
adjusted as well as with the way it is used.

The person whose normal work includes the use of a piece of work equipment will have
been given ‘the task of using it’ and the instruction and training provided should be
appropriate to that work. For someone using a grinding machine for example, training
should cover the proper methods of dressing the abrasive wheels. For someone carrying
out a turning operation on a lathe, the training should cover the devices which should be
used if working with emery cloth to obtain the required finish on a work piece.

The designated person to carry out repairs, etc will be the person whose work includes
these activities. This person could be the operator of the equipment, provided that they
have received relevant instruction and training. For example, the training for a person who
has to change the knives on guillotines should include any devices which could be used,
such as knife handles, as well as the system of work.

1.6.4 Setting, Cleaning, Maintenance

Any maintenance and cleaning works must be carried out (where possible) outside the
danger zones of the machine.

2.0 Role and application of European standards relating to machinery

Explanation of Type A, B1, B2 and C standards.

Machinery and safety components manufactured in conformity with specified, published

European standards which have also been published as identically-worded national
standards ('transposed harmonised standards'), will be presumed to comply with the
essential health and safety requirements covered by those standards.

The European Committee for Standardisation (CEN) is working to produce a complex of

European standards at three levels in support of the Machinery Directive.

Type A standards (fundamental safety standards) giving basic concepts, principles for
design and general aspects applicable to all machinery and installations.

Type B standards (group safety standards) dealing with one aspect or one type of safety-
related device which can be used for a series of machines, appliances and installations.

This category is subdivided as follows:

- Type B1 standards on particular safety aspects (e.g. safety distances, surface

temperature, noise)

- Type B2 standards on safety-related devices (e.g. two-hand controls, interlocking

devices, pressure sensitive devices, guards)

Type C standards (machinery safety standards) include detailed safety requirements for a
particular machine or group of machines.

2.1 Outline of BS EN ISO 12100 and BS EN ISO 14121

BS EN ISO 12100

Defines the basic overall terminology and methodology used when designing machinery
and in achieving safety of machinery. By understanding the terms and methods, the
designer can work closely with relevant parties and help reduce the risk of equipment
causing hazards.
These potential hazards range from mechanical, electrical and thermal to hazards
generated by noise, vibration, radiation, material and substances or even a combination of
these.

BS EN ISO 12100-1:2003 supersedes BS EN 292-1:1991.

2.2 BS EN ISO 12100-2:2003

Defines technical information to help designers achieve safety in the design of machinery.
This essential publication details safeguarding and complementary protective measures.
In theory, a designer may have designed a safe machine, but the true test of its safety is
in its safe use.

Users need to be informed and instructed on how best to use the machinery, and that is
why the location, signals and warnings, markings as well as instruction handbooks are
produced so that they are easily understood and clearly visible.

BS EN ISO 12100-2:2003 supersedes BS EN 292-2:1991.

2.3 BS EN ISO 14121:1999 Safety of machinery – Principles of risk assessment

This International Standard establishes general principles for the procedure known as risk
assessment, by which the knowledge and experience of the design, use, incidents,
accidents and harm related to machinery is brought together in order to assess the risks
during all phases of life of the machinery. This International Standard gives guidance on
the information required to allow risk assessment to be carried out. Procedures are
described for identifying hazards and estimating and evaluating risk. The purpose of the
International Standard is to provide advice for decisions to be made on the safety of
machinery and the type of documentation required to verify the risk assessment carried
out. This International Standard is not intended to provide a detailed account of methods
for analysing hazards and estimating risk, as this is dealt with elsewhere.

3.0 Programmable electronic systems (PES)

Hazard identification and analysis constitute part of the process which assures the safety
of a system. They are extensively applied to plant and operation in a number of industries,
but there has been limited practical application to the development and operation of
safety-related computer systems.

3.1 Types of computer controlled equipment

Robots

The guidance booklet HSG 43 (Industrial Robot Safety) gives clear advice and information
on all topics relating to the safe use of robots in industry. The following pieces of
information will be enough to satisfy this section of your course:

‘Robot systems’ means the robot and its control equipment as adapted to perform its
particular function, and includes any associated machinery and equipment. Although
some robots are capable of locomotion, this is not generally regarded as being a defining
characteristic.

‘Manipulating industrial robot’ means an automatically controlled, re-programmable, multi-

purpose, manipulative machine with several degrees of freedom, which may be either
fixed in place or mobile for use in industrial automation applications.

The type of robot, its use and its relationship to other plant and machinery will all influence
the design and selection of safeguards. These will have to be suitable for the work being
done and allow the operator, or operators, to carry out their work in support of normal
operations safely. This includes feeding and removal of work pieces or components,
loading magazines or feed devices, and dealing with interruptions in production, such as
misfeeds or blockages. Where required, the safeguarding should also permit teaching,
programming and setting. Many installations will require people to work in proximity to the
robot during such operations.

3.1.1 Video: Robots

http://www.sheilds-
elearning.co.uk/file.php/4/video/Robots_video.flv

3.1.2 Computer Numerical Control Machines (CNC)

CNC stands for Computer Numerical Control and has been around since the early 1970s.
Prior to this, it was called NC, for Numerical Control. (In the early 1970s, computers were
introduced to these controls, hence the name change.) While people in most walks of life
have never heard of this term, CNC has touched almost every form of manufacturing
process in one way or another. If you are working in manufacturing, it is likely that you are
dealing with CNC on a regular basis.

Before CNC: While there are exceptions to this statement, CNC machines typically
replace (or work in conjunction with) some existing manufacturing process/es. Take one of
the simplest manufacturing processes, drilling holes, for example.

A drill press can of course be used to machine holes. A person can place a drill in the drill
chuck that is secured in the spindle of the drill press. They can then (manually) select the
desired speed for rotation (commonly by switching belt pulleys), and activate the spindle.
Then they manually pull on the quill lever to drive the drill into the work piece being
machined.

As you can easily see, there is a lot of manual intervention required to use a drill press to
drill holes. A person is required to do something almost every step along the way. While
this manual intervention may be acceptable for manufacturing companies if only a small
number of holes or work pieces must be machined, as quantities grow, so does the
likelihood for fatigue due to the tediousness of the operation. And do note that we've used
one of the simplest machining operations (drilling) for our example. There are more
complicated machining operations that would require a much higher skill level (and
increase the potential for mistakes resulting in scrap work pieces) of the person running
the conventional machine tool. (We commonly refer to the style of machine that CNC is
replacing as the conventional machine.)
By comparison, the CNC equivalent for a drill press (possibly a CNC machining centre or
CNC drilling & tapping centre) can be programmed to perform this operation in a much
more automatic fashion. Everything that the drill press operator was doing manually will
now be done by the CNC machine, including: placing the drill in the spindle, activating the
spindle, positioning the work piece under the drill, machining the hole and turning off the
spindle.

How CNC works.

As you might already have guessed, everything that an operator would be required to do
with conventional machine tools is programmable with CNC machines. Once the machine
is set up and running, a CNC machine is quite simple to keep running. In fact, CNC
operators tend to get quite bored during lengthy production runs because there is so little
to do. With some CNC machines, even the work piece loading process has been
automated. (We don't mean to over-simplify here. CNC operators are commonly required
to do other things related to the CNC operation like measuring work pieces and making
adjustments to keep the CNC machine running good work pieces.)

Motion control.

All CNC machine types share this commonality: they all have two or more programmable
directions of motion called axes. An axis of motion can be linear (along a straight line) or
rotary (along a circular path). One of the first specifications that implies a CNC machine's
complexity is how many axes it has. Generally speaking, the more axes, the more
complex the machine.

The axes of any CNC machine are required for the purpose of causing the motions
needed for the manufacturing process. In the drilling example, these (3) axes would
position the tool over the hole to be machined (in two axes) and machine the hole (with
the third axis). Axes are named with letters. Common linear axis names are X, Y, and Z.
Common rotary axis names are A, B, and C.

Programmable accessories.

A CNC machine wouldn't be very helpful if it could only move the work piece in two or
more axes. Almost all CNC machines are programmable in several other ways. The
specific CNC machine type has a lot to do with its appropriate programmable accessories.
Again, any required function will be programmable on full-blown CNC machine tools. Here
are some examples for one machine type.

The CNC program.

Think of giving any series of step-by-step instructions. A CNC program is nothing more
than another kind of instruction set. It's written in sentence-like format and the control will
execute it in sequential order, step by step.

A special series of CNC words are used to communicate what the machine is intended to
do. CNC words begin with letter addresses (like F for feed rate, S for spindle speed, and
X, Y & Z for axis motion). When placed together in a logical method, a group of CNC
words make up a command that resembles a sentence.

For any given CNC machine type, there will only be about 40-50 words used on a regular
basis. So if you compare learning to write CNC programs to learning a foreign language
having only 50 words, it shouldn't seem overly difficult to learn CNC programming.

The CNC control.

The CNC control will interpret a CNC program and activate the series of commands in
sequential order. As it reads the program, the CNC control will activate the appropriate
machine functions, cause axis motion, and in general, follow the instructions given in the
program.

Along with interpreting the CNC program, the CNC control has several other purposes. All
current model CNC controls allow programs to be modified (edited) if mistakes are found.
The CNC control allows special verification functions (like dry run) to confirm the
correctness of the CNC program. The CNC control allows certain important operator
inputs to be specified separate from the program, like tool length values. In general, the
CNC control allows all functions of the machine to be manipulated.

What is a CAM system?

For simple applications (like drilling holes), the CNC program can be developed manually.
That is, a programmer will sit down to write the program armed only with pencil, paper,
and calculator. Again, for simple applications, this may be the very best way to develop
CNC programs.

As applications get more complicated, and especially when new programs are required on
a regular basis, writing programs manually becomes much more difficult. To simplify the
programming process, a computer-aided manufacturing (CAM) system can be used. A
CAM system is a software program that runs on a computer (commonly a PC) that helps
the CNC programmer with the programming process. Generally speaking, a CAM system
will take the tediousness and drudgery out of programming.

In many companies, the CAM system will work with the computer-aided design (CAD)
drawing developed by the company's design engineering department. This eliminates the
need for redefining the work piece configuration to the CAM system. The CNC
programmer will simply specify the machining operations to be performed and the CAM
system will create the CNC program (much like the manual programmer would have
written) automatically.

What is a DNC system?

Once the program is developed (either manually or with a CAM system), it must be loaded
into the CNC control. Though the setup person could type the program right into the
control, this would be like using the CNC machine as a very expensive typewriter. If the
CNC program is developed with the help of a CAM system, then it is already in the form of
a text file. If the program is written manually, it can be typed into any computer using a
common word processor (though most companies use a special CNC text editor for this
purpose). Either way, the program is in the form of a text file that can be transferred right
into the CNC machine. A distributive numerical control (DNC) system is used for this
purpose.

A DNC system is nothing more than a computer that is networked with one or more CNC
machines. Until only recently, rather crude serial communications protocol (RS-232c) had
to be used for transferring programs. Newer controls have more current communications
capabilities and can be networked in more conventional ways (Ethernet, etc.). Regardless
of methods, the CNC program must of course be loaded into the CNC machine before it
can be run.

As stated, CNC has touched almost every facet of manufacturing. Many machining
processes have been improved and enhanced through the use of CNC.

3.2 Description of hazards associated with the use of PES

The main hazards associated with the use of PES are shown below:

Normal use

For example, are the correct materials being used for that particular type of equipment?

What should be done in the event of an emergency or loss of power to the equipment?

Other machines

Does the equipment interfere with the space requirements of other machines and or
personnel i.e. is there a risk of collision?

Contact

Is there a chance that people working nearby will come into contact with moving parts of
the machine?

Ejection

Does the equipment eject products or parts of the machine that could cause a hazard by
way of personnel and or equipment nearby?
Entrapment

Is there a likelihood of entrapment when the machine is in use?

Maintenance

The usual hazards associated with machinery maintenance will apply i.e. ensuring the
equipment is not connected to any power source, use of cleaning chemicals, working in
confined spaces etc.

Programming

Is the machine programmed correctly to perform the required task? Do relevant personnel
have the competence to alter or change the programming requirements, or does this have
to be completed by the manufacturer?

3.3 The reasons for aberrant behaviour

The definition of ‘aberrant behaviour’ is given as: different from what is typical or usual,
especially in an unacceptable way.

Apply this definition to the use of robots in industry and you can quickly see the dilemma.

3.3.1 Electrical interference

An important element in the implementation of an electrically-based safeguarding scheme
is the need to determine the level of safety integrity that has been achieved and then to
assess whether this is acceptable for the hazards and risks in question. The term 'safety
integrity' refers to the ability of a safety-related system to perform its safety functions
correctly. In determining the safety integrity, all causes of failure which could lead to an
unsafe state should be included, e.g. hardware failures, software failures and failures
caused by electrical interference.

3.3.2 Programming faults

An important feature of any electrically-based safeguarding system is whether the safety
functions are hardwired without complex electronics, or depend on programmable or
complex electronics. This has important implications for the ease with which the safety
integrity can be established. Typical hardwired systems are those which include
electromechanical relay logic and systems based on discrete electronic components or
non-programmable integrated circuits.

Interlocking methods utilizing hardwired systems are usually less complex and the
determination of the level of safety achieved is easier than for systems incorporating
programmable electronics. A useful strategy is therefore to exploit the power and flexibility
of the programmable or complex electronics, yet ensure that an adequate level of safety
has been achieved by hardwiring the safety functions. This approach was used in the
design of older installations but for technical and economic reasons, modern installations
include software-based safety systems designed to have a level of safety integrity
equivalent to that of a hardwire-based system.

When users of robots are designing an installation, it is recommended that the relative
merits of both systems described in the previous two paragraphs are considered. The aim
is to illustrate a wide range of safeguarding strategies which may depend on
programmable electronic systems (PES) or on non-PES arrangements. When the
safeguarding strategy is based on non-PES arrangements, the safety integrity of the
system may be enhanced by utilising electronic monitoring systems which could be
separate from, or part of, the robot controller.

3.3.3 Stored energy

When considering stored energy, HSG 43 states:

Each emergency stop should be hardwired to the robot power supply and should stop all
motion and, where appropriate, release all stored energy. In some robot systems, a
controlled shutdown may be necessary.

3.4 Description of safeguards through reliability and integrity of control systems

Regulation 18 of the Provision and Use of Work Equipment Regulations 1998, gives clear
guidance on this issue. They state:

(1) Every employer shall –

(a) ensure, so far as is reasonably practicable, that all control systems of work equipment
are safe; and are chosen making due allowance for the failures, faults and constraints to
be expected in the planned circumstances of use.

Without prejudice to the generality of paragraph (l), a control system shall not be safe
unless -

(a) its operation does not create any increased risk to health or safety;

(b) it ensures, so far as is reasonably practicable, that any fault in or damage to any part
of the control system or the loss of supply of any source of energy used by the work
equipment cannot result in additional or increased risk to health or safety; it does not
impede the operation of any control required by regulation 15 or 16.

Another way of defining a control system is:

‘A control system is a system or device which responds to input signals and generates an
output signal that causes the equipment under control to operate in a particular manner.’

The input signals may be made by an operator via a manual control, or from the
equipment itself, for example from automatic sensors or protection devices (photoelectric
guards, guard interlock devices, speed limiters, etc). Signals from the equipment may also
include information (feedback) on the condition of the equipment and its response
(position, whether it is running, speed).

Failure of any part of the control system or its power supply should lead to a ‘fail-safe’
condition. Fail-safe can also be more correctly and realistically called ‘minimised failure to
danger’. This should not impede the operation of the ‘stop’ or ‘emergency stop’ controls.
The measures which should be taken in the design and application of a control system to
mitigate against the effects of its failure will need to be balanced against the
consequences of any failure. The greater the risk, the more resistant the control system
should be to the effects of failure. Bringing a machine to a safe halt may achieve the
objective. Halting a chemical process, however, could create further hazards. Care should
be taken to fully assess the consequences of such events and provide further protection,
i.e. standby power plant or diverting chemicals to a place of safety. It should always be
possible to recover to a safe condition.

3.5 Outline of safety in programming, operation and maintenance

The main points to consider when involved in maintenance of machinery are embodied,
for the main, in the Workplace (Health, Safety and Welfare) Regulations 1992 (Regulation
5):

The workplace, and the equipment and devices mentioned in these Regulations, should
be maintained in an efficient state, in efficient working order and in good repair. ‘Efficient’
in this context means efficient from the view of health, safety and welfare (not productivity
or economy). If a potentially dangerous defect is discovered, the defect should be rectified
immediately or steps should be taken to protect anyone who might be put at risk, for
example by preventing access until the work can be carried out or the equipment
replaced.

Where the defect does not pose a danger but makes the equipment unsuitable for use, for
example a sanitary convenienc with a defective flushing mechanism, it may be taken out
of service until it is repaired or replaced, but if this would result in the number of facilities
being less than that required by the Regulations, the defect should be rectified without
delay.

Steps should be taken to ensure that repair and maintenance work is carried out properly.

Regulation 5 requires a system of maintenance where appropriate, for certain equipment

and devices and devices and for ventilation systems. A suitable system of maintenance
involves ensuring that:

• Regular maintenance (including, as necessary, inspection, testing, adjustment,

lubrication and cleaning) is carried out at suitable intervals.
• Any potentially dangerous defects are remedied and that access to defective
equipment is prevented in the meantime.
• Regular maintenance and remedial work is carried out properly.
• A suitable record is kept to ensure that the system is properly implemented and to
assist in validating maintenance programmes.

3.6 Considerations in safeguarding

Layout

The following points must be considered:

• There must be a sufficient amount of space for the PES to operate safely.
• There must be sufficient amount of space to allow for access to maintenance.
• There must be sufficient guarding so as not to interfere with safe operation of the
 PES, the pedestrian traffic and others nearby.
• The environment in which it is located, i.e. not near to or in an explosive (or
potentially explosive) atmosphere.

3.6.1 Interlocked perimeter fencing

The following points must be considered:

• The fencing in place, whilst offering a physical barrier between machine and
persons, does not offer protection against environmental issues: noise, heat, dust,
fumes etc.
• The fencing should be of a height that prevents access over it (2m as a minimum).
• The fencing itself should be suitable so as to prevent persons placing objects
(either accidentally or otherwise) through the fencing into dangerous parts of the
machine.
• Gates must be provided, but in such a way as to control access (the power supply
to the machine must be cut when the gate is opened) – however, when the gate is
re-closed, this must not then re-start the machine. The re-starting of the machine
should be achieved by the re-setting of the controls.

3.6.2 Electro-sensitive safety systems

Modern electro-sensitive protective equipment (ESPE), particularly when used in
conjunction with conventional fencing, can provide a high standard of safety while allowing
the necessary access. ESPE may also be suitable for use in situations where
conventional guards are not practicable. The equipment may operate as trip devices
detecting the approach of people or objects to the danger zone, or as presence-sensing
devices where the dangerous operations cannot take place so long as a person or object
is detected.

Safety depends on the electrical integrity of the ESPE, its location with respect to danger
zones and the electrical and mechanical integrity of the rest of the system. In high-risk
situations, certain machine functions, such as the stopping performance and the
performance of the devices controlling the dangerous motions, may have to be monitored.

3.6.3 Trip devices

Trip devices such as pressure-sensitive edges, pressure-sensitive bars and tripwires can
be used to stop the robot if it comes into contact with people (or associated machinery).
Care should be taken to ensure that all parts of the robot creating the hazard are
protected by a trip device which arrests all motion before a hazardous situation is created.
When tripped, the control system should require manual resetting before hazardous
motion is possible. Because of the difficulty of applying such devices to the robot arm,
they are not normally used for the protection of people.

3.6.4 Positive stops and brakes

Positive stops can be used to limit the movement of the robot to that part of its operating
envelope required for the current task. This has the advantage that hazards, e.g. trapping,
impact etc may be eliminated and robot movements kept within well-defined limits. These
positive stops should be designed or shrouded so that they do not create additional
trapping points. Normally they are designed as an ultimate limit on movement if the
functional software-based stop fails.

Brakes should be provided where there is the danger of gravity fall of a robot arm due to
removal of power. It should be capable of supporting the weight of the robot arm and the
weight of the largest tool or work piece likely to be used. Brakes may also be used as a
back-up system to other forms of safeguarding, in which case forces created by dynamic
energy should be taken into account.

3.6.5 Entry procedures

This is best achieved through a permit to work system. A permit to work can include all the
necessary requirements such as allowed access, isolation procedures and training
requirements.

Page 1
An example of _____ is where physical touch can cause injury by cutting, friction,
abrasion, heat or cold burns, corrosive reaction, electric shock.

Multiple Choice (HP)

Answer 1: Impact
Response 1:
Jump 1: This page
Answer 2: Contact
Response 2:
Jump 2: Next page
Answer 3: Entanglement
Response 3:
Jump 3: This page
Answer 4: Ejection
Response 4:
Jump 4: This page
Page 2
An example of _____ is where the operator's clothing may become caught up in moving
components.

Multiple Choice (HP)

Answer 1: Impact
Response 1:
Jump 1: This page
Answer 2: Contact
Response 2:
Jump 2: This page
Answer 3: Entanglement
Response 3:
Jump 3: Next page
Answer 4: Ejection
Response 4:
Jump 4: This page