This section covers all the necessary requirements for the European and Australian standards and also the safety categories for machinery. All questions and answers to the terminology used in safety are also covered.
Further information can be found at Standards Australia web site: www.standards.org.au
Click below for relevant standards and related information for the NHP safety products:
AUSTRALIAN SAFETY STANDARDS
The Australian Standards for safety of machinery are based upon and also reference EN, ISO and IEC standards with minor changes to suit Australian requirements. A similar hierarchy is followed as per the European Standards. Examples of type A and B standards are listed below.
Further information can be found at Standards Australia web site: www.standards.org.au
Safety of Machinery
AS 4024.1101-2006 Terminology – General
AS 4024.1201-2006 Basic terminology and methodology
AS 4024.1202-2006 Technical principles
AS 4024.1301-2006 Principles of risk assessment
AS 4024.1302-2006 Reduction of risks to health and safety from hazardous substances emitted by machinery
Principles and specification for machinery manufacturers
AS 4024.1401-2006 Design principles – Terminology and general principles
Design of safety related parts of control systems
AS 4024.1501-2006 General principles
AS 4024.1502-2006 Validation
Design of controls, interlocks and guarding
AS 4024.1601-2006 Guards – General requirements for the design and construction of fixed and moveable guards
AS 4024.1602-2006 Principles for design and selection
AS 4024.1603-2006 Prevention of unexpected start-up
AS 4024.1604-2006 Emergency stop – Principles for design
Human body measurements
AS 4024.1701-2006 Basic human body measurements for technological design
AS 4024.1702-2006 Principles for determining the dimensions required for openings for whole body access to machinery
AS 4024.1703-2006 Principles for determining the dimensions required for access openings
AS 4024.1704-2006 Anthropometric data
Safety distances and safety gaps
AS 4024.1801-2006 Safety distances to prevent danger zones being reached by the upper limbs
AS 4024.1802-2006 Safety distances to prevent danger zones being reached by the lower limbs
AS 4024.1803-2006 Minimum gaps to prevent crushing of parts of the human body
Displays, Controls, Actuators and Signals
Ergonomic requirements for the design of displays and control actuators
AS 4024.1901-2006 General principles for human interaction with displays and control actuators
AS 4024.1902-2006 Displays
AS 4024.1903-2006 Control actuators
Indication, marking and actuation
AS 4024.1904-2006 Requirements for visual, auditory and tactile signs
AS 4024.1905-2006 Requirements for marking
AS 4024.1906-2006 Requirements for the location and operation of actuators
AS 4024.1907-2006 System of auditory and visual danger and information signals
Further examples of type A and B standards are;
AS 4024.2-1998 Safeguarding of machinery Installation and commissioning requirements for electro-sensitive systems–Optoelectronic devices
AS 4024.3-1998 Safeguarding of machinery – Manufacturing and testing requirements for electro-sensitive systems – Optoelectronic devices
AS 60204.1-2005 Safety of machinery – Electrical equipment of machines – General requirements
AS 62061-2006 Safety of machinery – Functional safety of safety-related electrical, electronic and programmable electronic control systems
AS 61508.0-2006 Functional safety of electrical, electronic and programmable electronic safety-related systems
Australia also has a number of type C standards, for example;
AS 1219-1994 Power presses – Safety requirements
AS 1755-2000 Conveyors – Safety requirements
AS 2939-1987 Industrial robot systems – Safe design and usage
AS 1893-1997 Code of practice for the guarding and safe use of metal and paper cutting guillotines
Local OH&S regulations and codes or practices also need to be taken into consideration
EUROPEAN SAFETY STANDARDS
European Machinery Directives
The aim of the EC Directives is to harmonise the national legislation of the Member States so as to have common regulations concerning technical, economic, social aspects, etc. and to facilitate the free circulation of goods, service and people within the framework of the European union, in compliance with common rule recognised by all the EC Member States.
In particular, where the safety of workers is concerned, the harmonisation of legal provisions has made great progress, resulting in the formulation and approval of Directives and Standards of essential importance.
|Directives ||Define the objectives to be reached|
|Standards ||Define the means and methods by which to reach the objectives established by the Directives. A product/service that complies with the harmonised Standards is presumed to conform to the Directives|
Stages for the realisation of a Standard:
The Directives governing safety components are:
- Machines Directive 98/37/EEC
- Social Directives 89/655/EEC and 89/391/EEC
- Low Voltage Directives 73/23/EEC
- Electromagnetic Compatibility Directive 89/336/EEC
The Machine Directive:
The “Machine Directive” 98/37/EEC is meant for the manufacturers of machines and safety components, and has the following objectives:
- The definition of safety and health protection requirements for the improvement of the degree of protection offered to the operators in charge of hazardous machinery
- The design, construction and placing on the market of the European Union of safety machines and components complying with the minimum safety requirements laid down by the Directive itself
- The free circulation in the Member States of machines and safety components conforming to the Directive
- It applies to all new machines and safety components that are sold, on rental or hired, and to used machinery in the event of sale, rental or loan
- It sets forth the essential safety requirements relating to the design and construction of machines and safety components and it defines the respective certification procedures
- It has been mandatory since 1 January 1995 for machines and 1 January 1997 for safety components. As of the dates mentioned above, only products conforming to the Directive can be marketed or commissioned in the European Union
For different machines or different parts of a machine, the assessment of risk might lead to different risk levels, it is therefore necessary to establish the level of safety of the measures to be adopted in proportion to the risk. Standard AS 4024.1501 defines the classes of safety related parts according to the following parameters:
- Severity of injury (reversible, irreversible, fatal)
- Frequency and duration of exposure to the danger
- Possibility of avoiding danger
The Standard also defines the behaviour of the safety related parts in the event of a failure:
Safety categories for control systems conforming to per. AS 4024.1-2006
|Categories||Summary of requirements||System behaviour||Principles to achieve safety|
|B||The safety related parts of the control system and/or its protection devices, as well as their components, shall be designed, constructed, selected, assembled and combined in accordance with relevant standards, so that they can withstand the expected influence.|| ||Mainly characterised by selection of components|
|1||Requirements of B shall apply. |
Well-tried components and well-tried safety principles shall be used.
|The occurrence of a fault can lead to loss of the safety function, but the probability of occurrence is lower than for category B.|
|2||Requirements of B and the use of well-tried safety principles shall apply. |
Safety function shall be checked at suitable intervals by the machine control system.
| ||Mainly characterised by structure. |
The correct selection of safety components and principles
|3||Requirements of B and the use of well-tried safety principles shall apply. |
Safety-related parts shall be designed so that:
|4||Requirements of B and the use of well-tried safety principles shall apply. |
Safety-related parts shall be designed so that:
Safety Category Assessment Summary of AS 4024.1501
Once the safety category has been determined from the category assessment table, circuits must be designed to conform to safety functions requirements for the category. Download the following PDF to view the Safety Category Assessment Summary.
- Download the Safety Category Assessment Summary PDF
- Download the system examples PDF of CAT 3 and CAT 4 systems
TERMINOLOGY - TOWARDS A BETTER UNDERSTANDING
The emergence of new safety requirements and the related devices which satisfy this criteria have raised many questions, typical of these are:
- "What exactly are positive-break devices?
- "What is positive-mode installation?"
- "Why is it safer?"
- "What are fail-to-safe devices?"
- "How do I, the OEM, or the end user, benefit from use of such safety devices?"
The answer to these and other related questions are the subject of this safety booklet. We hope it provides you with a basic understanding of these unique safety devices and what benefits they offer and we hope it stimulates you to learn more about the requirements and ways to achieve a safer workplace.\
Q & A
What are "positive-opening" or "positive break" safety interlocks?
"Positive-Opening" safety interlocks are electromechanical switches designed with normally-closed (N/C) electrical contacts. These contacts, upon switch actuation, are forced to open by a non-resilient mechanical drive mechanism. (Spring actuators are not considered positive-opening mechanisms). One such interlock design is shown in the picture. This approved and widely used safety switch features a two-piece construction: an electrical switching mechanism and a geometrically-unique actuator key.
Two-piece, "Positive-Opening" or "Positive Break" Safety Switch.
The actuator key is typically mounted to a movable guard - such as an access door, protective grating, equipment hood, or plexiglass safety guard. When the guard is closed, the actuator mates with the electrical switching mechanism. Upon displacement of the movable guard, the actuator key mechanically rotates a cam mechanism - forcing the N/C electrical contacts to change state, opening the safety circuit. With actuator key removed, normally-closed (N/C) electrical contacts are mechanically forced to open. Electrical contacts can only close upon reinsertion of the unique geometric actuator key.
For machine applications with residual motion after shutdown, key actuated interlocks are available with a solenoid latch which, in conjunction with a time delay, can delay access to hazardous areas.
What is "positive-mode" mounting and why is it recommended in safety interlock applications?
"Positive-mode" mounting ensures that an electromechanical safety interlock switch is positively actuated when equipment or machinery shut-down is desired.
Safe "positive-mode" mounting
When mounted in the "positive-mode", the non-resillient mechanical mechanism, which forces the normally-closed (N/C) contacts to open, is directly-driven by the safety guard (eg. access door, protective grating, equipment hood, plexiglass safety guard, etc). In this mounting mode, the safety guard physically forces the N/C contacts open when the guard displacement results in an unsafe condition.
Positive-mode installation is especially important when using single-piece safety interlocks. This installation mode takes full advantage of the device's "positive-break" design - using both the safety guard's mechanical displacement and the applied external force to open the N/C contacts.
Unsafe "negative-mode" mounting
When mounted in the "negative-mode", the force applied to open the normally-closed (N/C) safety circuit contacts is provided by an internal spring. In this mounting mode the N/C contacts may fail to open when the safety guard is "open" (presents an unsafe situation to the machine operator).
What are the risks of installing single piece, "positive-break" safety interlock switches in the "negativemode?"
When mounted in the "negative-mode", single-piece safety interlock switches can be easily defeated/circumvented by the operator...often simply by taping down the switch actuator when the safety guard is open (see picture). In addition, spring-driven, normally-closed (N/C) contacts can fail to open due to sticking, contact welding, or a spring failure. Under such circumstances the operator or maintenance personnel may be exposed to an unsafe condition. Consequently, where possible, two-piece, key-actuated, tamper-resistant safety interlocks are recommended.
Are conventional electromechanical limit switches designed with "positive-opening" normally-closed (N/C) contacts?
Conventional "position" sensors are typically designed to use a spring force to open normally-closed electrical contacts. Such designs are subject to two potential failure modes.
- Spring failure
- Inability of the spring force to overcome "stuck" or "welded" contacts When "actuated", either situation may result in an unsafe condition due to failure to open the normally-closed contacts.
Consequently, such designs are not normally certified or recognised as suitable for safety applications eg. "movable barrier devices shall prevent the initiation of the machine tool due to a single component failure of the device".
How can I recognise "positiveopening" safety switches/ interlocks?
Devices which feature a “positive-break” or “positive-opening” design carry the following internationally recognised safety symbol These designs meet the international requirements established for such safety switches and interlocks.
Must safety switches, interlocks and barrier guards be "tamperresistant"?
Increasingly, manufacturers are recognising the need for and their obligation to provide safety interlocks and barrier guards which are not easily defeated by the operator or other personnel. For example, the safeguarding of machine tools specifically requires:
- Barrier guards which protect against unauthorised adjustment or circumvention
- Interlock devices which are not easily bypassed
With the growing number of product liability cases, companies are designing with devices which are difficult to defeat. To further reduce their liability exposure, firms are selecting only those devices which have been tested and certified for use in safety applications by a recognised third-party agency.
Manufacturers are encouraged to surpass safety design expectations. Occupational Health and Safety Authorities (OHSA) world wide expect companies to go beyond mere compliance. They give greater benefit to firms who have designed their products with the latest state-of-the-art devices.
What is meant by "control reliability"?
Control reliability implies that the safety device or system is designed, constructed and installed such that the failure of a single component within the device or system shall not prevent normal machine stopping action from taking place.but shall prevent a successive machine cycle from being initiated.
How does this definition of "control reliability" relate to the European machinery safety requirements?
Safety systems which are "single component failure control reliable" meet the requirements of a Category/Level 3 safety-related control system as defined by the harmonised European machinery safety standard per EN954-1.
What are "self-checking", "redundancy", "single-fault tolerance" and "positive-guidance"?
Self-checking: The performing of periodic self diagnostics on a safety control circuit to ensure critical individual components are functioning properly. Faults or failures in selected components will result in system shut-down.
Redundancy: In safety applications, redundancy is the duplication of control circuits such that if one component (circuit) should fail, the other (redundant) circuit, will still be able to generate a stop signal. When coupled with a "self-checking" feature, a component failure will be automatically indicated and the system disabled until the failure is corrected/ repaired.
Single-fault tolerance: A safety circuit is considered to be single-fault tolerant if no foreseeable single fault can cause a failure which will cause the safety circuit to be ineffective.
Positive-Guidance: Positively-guided relays are designed such that no normally open (N/O) contact can close before any normally closed (N/C) contact has opened. Rugged "fail-to-safe" control modules are available that incorporate the above functions to satisfy the "control reliability" requirements of existing safety standards.
What characterises "fail-to-safe" safety interlocks?
"Fail-to-safe" safety interlocks are designed such that a component failure will cause the device to attain rest in a safe condition. This term is generally applied to electronic safety interlock systems using non-mechanical presence or position sensors (such as reed, proximity switches, etc). Such devices are often designed to feature redundancy, self diagnostics and positive-guided relays.
Are electronic (non-mechanical) safety interlocks available which provide a higher level of safety than a simple proximity sensor or magnetic switch?
"Solid state devices do not have a mutually exclusive normally-open, normally-closed contact arrangement."
"Other methods must be used to monitor the performance of these devices".
For example, reed switches are acceptable interlock sensors in safety applications provided they feature:
- a tamper-resistant "coded magnet", and
- a fail-to-safe control module
One such system is shown below in Figure 3. Coded magnets required to actuate the sensor make it difficult for operators or maintenance personnel to"defeat".
The fail-to-safe control module features redundant (two) safety relays with positive-guided contacts, dual (redundant) control circuits and self diagnostics which periodically check system operation. In the event of a component failure, the controller will cause the system to fall into a "safe" state.
Note: Reed switches used without an approved fail-tosafe control module do not satisfy safety requirements. Reeds are susceptible to sticking due to power surges, shock, or vibration. Additionally, reed switches tend to fail in the permanently closed position. This failure mode cannot be cured by a fuse. To ensure reliability of a safety circuit using reed-type switches, a fail-to-safe control module/circuit is recommended.
Why should I upgrade or enhance my current safety interlock or safety barrier design?
Heightened awareness and concern for worker safety has and is, precipitating compelling reasons for such upgrades or enhancements. These are embodied in a variety of industrial safety standards and guidelines against which equipment manufacturers and users' level of responsibility and degree of liability are measured.
Several of these current and emerging standards and guidelines are available from your local Health and Safety Authority.
As an OEM, what are the benefits of using positive-break, fail-to-safe and/or tamperresistant interlocks in safety applications?
Proper selection and installation of safety interlocks which have been tested and certified by an independent, recognised, safety commission/agency benefits the equipment manufacturer by:
- Satisfying safety standards and guidelines against which manufacturer's responsibility, in the event of an injury, is judged
- Providing greater protection from injury for machine operators, maintenance personnel, set-up and other user personnel
- Satisfying international safety regulations a must for all equipment manufacturers who wish to export to the European Economic Community
- Reducing liability risks
- Minimising Insurance claims/costs
As an "in-plant" user, what are the benefits of using positive-break, fail-to-safe and/or tamper-resistant interlocks in safety applications?
Proper selection and installation of such safety interlocks which have been tested and certified by an independent, recognised, safety commission/agency benefits the inplant user by:
- Providing greater protection from injury for machine operators, maintenance personnel and other employees
- Reducing liability risks
- Minimising insurance claims/costs
- Satisfying safety standards and guidelines against which employer responsibility, in the event of an injury, is measured
What is "risk assessment"?
Various machines present different types of hazards and risks to the operator and/or maintenance personnel. Risk assessment is a systematic means of quantifying these risk levels early in the design stage in order to determine the scope of the required safety system needed to protect personnel from possible injury.
How do I go about assessing the risk level presented by a machine or manufacturing process?
Different machines and processes have different levels of associated risk. Structured risk assessment involves evaluating four major factors. These include:
- Severity of the potential injury
- Frequency of exposure to the potential hazard
- Possibility of avoiding the hazard if it occurs
- Likelihood of occurrence if a safety interlock fails
One approach, outlined in the European Machinery Directive, provides guidelines for risk assessment based upon five defined levels of risk. These levels range from the lowest risk (Level B) in which the severity of injury is slight and/or there is relatively little likelihood of occurrence, to the highest risk (Level 4), in which the likelihood of a severe injury is relatively high.