Risk Assessment

The Plot

•Understanding the League of Justice (aka OSHA, ANSI, NFPA)• Introduction to our hero Risk Assessment•ANSI vs. ISO•Project Definition unmasked •Risk Assessment – his powers revealed (a.k.a the impenetrable risk assessment form)

•Your Powers and how to apply them

Question: In the title slide what is the Risk Assessment to save us from?

SUPER TRIVIA

Answer: The Evil Hazard

O HA• OSHA: Occupational Safety and Health Administration

– OSHA was created in 1971 under the Occupational Safety and Health Act, which President Nixon signed into effect in December 1970.

– It falls under the Department of Labor of the National Government

– It’s mission is to help employers and employees reduce on the job injuries, illnesses and deaths.

• Who is required to comply?– The OSH Act covers private sector employers/employees in the 50 states. That means us.

– The OSH Act covers employers and employees either directly through Federal OSHA or through an OSHA-approved state program.

• Ohio does not have a state approved program hence Ohio falls under the Federal OSH Act

• What am I complying with?– Part 1910 otherwise known as the Occupational Safety and Heath Standard

• There are actually 52 total standards covering everything from Implementing the Privacy Act to Health and Safety Regulations for Longshoring.

Six Safety Powers of O HA

• Administrative Safety (strength)– program development, emergency planning, safety audits…

• Facility Safety (x-ray eyes)– confined spaces, Electrical Safety, ergonomics, fire safety…

• Exposure Control (bullet proof)– asbestos safety, bloodborne pathogens, hazardous

materials…..

• Personal Protection (laser beam eyes)– back safety, first aid, PPE, eye safety……

• Tools and Equipment (can fly)– compressed gas, Machine Guarding, rigging, welding…

• Behavior and Attitude (Protects the Innocent)– conflict resolution, drug and alcohol, fitness and wellness…

O HA superpower

•General Duty Clause (Section 5(a)(1))

– “requires that each employer “furnish … a place of employment which [is] free from recognized hazards that are causing or are likely to cause death or serious physical harm to their employees. ”

(Reverse time)

NFPA a.k.a The Torch• NFPA: National Fire Protection Association

– NFPA has been a worldwide leader in providing fire, electrical, building, and life safety to the public since 1896

– Responsible for over 300 codes and standards that are designed to minimize the risk and effects of fire.

– Most notable standards for Swagelok are

• NFPA 70 (N.E.C)

• NFPA 70E (Arch Flash)

• NFPA 79 (Electrical Standard for Industrial Machines)

Question: The Torch was a member of what superhero group?

SUPER TRIVIA

Answer: The Fantastic Four

ANSI a.k.a Professor X• ANSI: The American National Standards Institute

– ANSI, itself, does not develop standards;

• it facilitates the development of standards by establishing consensus among qualified groups written entirely by volunteers.

• OSHA has adopted many ANSI and NFPA standards by reference over the years

– ANSI and NFPA both deal with employee safety but in different areas.

• NFPA is mainly electrical in nature

• ANSI is mainly safeguarding in nature

• What about standards that are not referenced?.....i.e do we have to respect the Green Lantern even though he doesn’t live in the Westchester Mansion?

O HA accepts the Green Lantern

• The NFPA 70E is NOT referenced within OSHA, so is it enforceable?

• Swagelok enforces it as it is referenced in SI-12-056 – PPE for HRC-0, 1

• SP-12-026 (Swagelok Electrical Policy) references SI-12-056 and states “For Swagelok associates, failure to adhere to this electrical policy can result in disciplinary action, including termination.”

• Section 29 CFR 1910.2(g) states a “National consensus standard” means any standard or modification thereof which has been adopted and promulgated by a nationally recognized standards-producing organization [NFPA / ANSI / ISO] under procedures whereby it can be determined that persons interested and affected by the scope or provisions of the standard have reached substantial agreement on its adoption”.

So who wins DC or Marvel

I mean ANSI or NFPA• There are important differences between OSHA and

ANSI / NFPA. It mainly has to do with technical scope.

– OSHA laws typically set out only a general framework, procedure and/or set of standards to guard against a hazard.

– An ANSI / NFPA standard is consistent with the law but goes into much greater depth. It provides the technical, nuts-and-bolt details that the statutes leave out.

– ANSI / NFPA Standards also typically go much further than the laws in protecting workers.

– You can think of OSHA as the statute or law and ANSI / NFPA as the regulations or rules to follow that law.

• LOTO example

Question: What other NFPA standard (already mentioned) is not referenced by OSHA Hint: It’s a prime number

SUPER TRIVIA

Answer: NFPA 79

Are all Villians (hazards) created equal?

• Hazard Safety – There are levels of Hazards

• Would you want the same safeguards to protect you from Grumpy Bear as you would Galactus the ultimate Villain?

• Different machines inherently have different levels of hazards to an employee and need to be guarded properly to that level of hazard

• The levels are determined by the Risk Assessment

• The process by which the intended use of the machine, the tasks, the hazards and the level of risk are determined.– ALL safety standards whether European or American

require a risk assessment

• Without determining what a hazard is, how do you know how to protect against it and to what level of protection do you need?

What is this Risk Assessment?

O HA likes destroying hazards

• 29 CRF 1910.132(d)(1)– The employer shall assess the workplace to determine if hazards are

present, or are likely to be present, which necessitate the use of personal protective equipment (PPE).

• 29 CRF 1910.132(d)(2)– The employer shall verify that the required workplace hazard

assessment has been performed through a written certification that identifies the workplace evaluated; the person certifying that the evaluation has been performed; the date(s) of the hazard assessment; and, which identifies the document as a certification of hazard assessment.

• So what does this all mean?

IT’S THE LAW

Question: What would happen to Bruce Banner when he became angry?

SUPER TRIVIA

Answer: He would become the HULK

Does our hero Risk Assessment have a twin?

• There are many different risk rating systems and NO universally accepted solution.

– ANSI B11.TR3 / R15.06:1999 - US

– ISO12100 / IEC 61508parts 1-7 - European

• Some of the European and American standards are being harmonized

• R15.06:2012 Robot Safety Standard (US) and ISO10218:2010 (International Standard for Robot Safety)

• ISO is most widely recognized risk assessment procedure

Question: Wonder Woman was played by who in the tv series


SUPER TRIVIA

Answer: Lynda Carter

Question: Who can lift the hammer of Thor


DOUBLE SUPER TRIVIA

Answer: Thor

Bonus: What is the hammer made of

Answer: Alpha Particles

Put on your underroos

• Machine suppliers and End Users have the responsibility for defining and achieving acceptable risk over the lifecycle of the machine– Machine supplier is responsible for the design, construction

operation and initial maintenance procedures of the machine

– End User is responsible for the operation and ongoing maintenance of the machine through decommissioning

• Lifecycle progression from concept through decommissioning

1Design

Concept

2Preliminary

Design

3DetailedDesign

4Build or

Purchase

5Commission

(Install / Debug)

6Production

Maintenance

7Decommission

Machine and Equipment Lifecycle Stages

Step 1 – Even Superhero's have limits

• Determine the limits of the machine– Use limits determined by the INTENDED use of the machine,

production rates, cycle times, speeds, people involved….

• Space limits– Range of movement, space requirements for installation,

maintenance and operator interface

• Time limits– Maintenance and wear of tools, mechanical and electrical

components

• Environmental limits– Temperature, humidity, noise, location

• Interface limits– Other machines or auxiliary equipment

Step 2 – The task at hand

• All tasks of the machine should be identified• Remember to consider the entire lifecycle of the machine

– System install

– Start up / commissioning

– Setup

– Operation

– Tool Change

– Planned maintenance

• Unplanned maintenance

– Recovery from control failures, jams

– Decommissioning

Question: What was Batman’s secret identity

SUPER TRIVIA

Answer: Bruce Wayne

Step 3 – Identify the Risk

RiskRelated to the

considered hazard

Is a function of

with

SeverityThat results from

the hazard

Frequencyof occurrence

Probabilityof avoidance

and

Step 4 – Reduce that Risk

• If the level of risk is not acceptable, risk reduction measures shall be implemented to reduce that risk• Risks shall be reduced using the hazard control

hierarchy– We’ll get to this in a bit

• Risks can be reduced by– Reducing the potential severity of harm presented by the

hazard

– Improving the possibility of avoiding the harm

– Reducing the need for access to the hazard zone

Hazardous Control Hierarchy

MostPreferred

LeastPreferred

Protective Measure

Example Influence on Risk Classification

EliminationOr

Substitution

• Robots and conveyors

• Redesign the process

• Impact on overall risk (elimination)• May affect severity of harm Design Out

Guards andSafeguards

• Barriers• Interlocks• Presence sensing

devices• Two hand

controls

• Greatest impact on the probability of harm (occurrence of hazardous events under certain circumstances)

• Minimal if any impact on severity of harm

Engineering Controls

Awareness Devices• Lights and beacons• Computer warnings• Signs and labels

• Potential impact on probability of harm (avoidance)

• No impact on severity of harm

Administrative ControlsTraining and

procedures

• Safe work procedures

• Lockout / Tagout (LOTO)

• Potential impact on probability of harm (avoidance and/or exposure)


Personal Protection Equipment

(PPE)

• Safety glasses• Ear plugs• Gloves• Protective footwear

• Potential impact on probability of harm (avoidance)


Question: How did Spiderman get his powers

SUPER TRIVIA

Answer: He was bit by a radioactive spider

Step 5 – Assess Residual Risk• When risk reduction measures have been

selected, the residual risk shall be assessed.• This process follows the same procedures as the

initial risk• The incentive to defeat or circumvent risk

reduction measures shall be considered when validating risk reduction measures– Prevents the task from being performed

– It slows down production

– The hazard is not recognized by associates as a hazard

– The risk reduction measure in not accepted as suitable, necessary or appropriate for its function.

Step 6 – Achieve Acceptable Risk

• Once the residual risk has been established for each hazard, a decision shall be made to accept the residual risk or further reduce it.• High Residual Risk – only acceptable when all

reasonable alternatives/options have been reviewed and formally deemed impracticable or infeasible• Medium Residual Risk – Undesirable but

permissible only when all reasonable alternatives have been formally deemed infeasible• Low Residual Risk – Usually acceptable• Negligible Residual Risk - Acceptable

Step 7 – Validate solution

• After the risk reduction measures have been implemented, their effectiveness shall be validated– Testing and verifying operation of safety devices

– Review of training

– Presence of warning labels preferably scratch n’ sniff

– Presence of lockout procedures and safe job procedures

– Functioning of complimentary equipment

• I shouldn’t even have to say this but, the testing of the safeguarding measures shall not expose an individual to potential harm should the safeguard not provide the protection expected.– There I said it

Step 8 – Time to document

• The outcome of a risk assessment shall be documented• The documentation shall demonstrate

– The procedures that were followed

– The hazard identified

– The risk reduction methods employed to reduce the risk to an acceptable level

Question: How many superhero’s secret identity has a first name of Bruce

SUPER TRIVIA

Answer: 2 Bruce Wayne and Bruce Banner

Flowcharts are like kryptonite to Superman


Set Limits of the assessment (1)



Identify Tasks and Hazards (2)




Assess Initial Risk (3)

Risk Scoring System





Risk Scoring System

Reduce Risk (4)

Hazard ControlHierarchy





Risk Scoring System

Reduce Risk (4)


Assess Residual Risk (5)

Risk Scoring System





Risk Scoring System

Reduce Risk (4)



Risk Scoring System

ResidualRisk

Accepted? (6)





Risk Scoring System

Reduce Risk (4)



Risk Scoring System

Validate Solution (7)

ResidualRisk

Accepted? (6)

YES

NO





Risk Scoring System

Reduce Risk (4)



Risk Scoring System

Validate Solution (7)

Results Documented (8)

ResidualRisk

Accepted? (6)

YES

NO

Question: What is Green Lanterns weakness?

SUPER TRIVIA

Answer: The color Yellow

B11.0.TR3 Risk Assessment Matrix

Severity of HarmProbability of Occurrence

Catastrophic Serious Moderate Minor

Very Likely High High High Medium

Likely High High Medium Low

Unlikely Medium Medium Low Negligible

Remote Low Low Negligible Negligible

• In this model the risk terms are correlated to the level of risk reduction required.– Risk - The combination of the probability of occurrence of harm and

the severity of that harm

Probability of Occurrence

• It is estimated by taking into account the frequency, duration, extend of exposure, training and awareness.•Very Likely – near certain to occur•Likely – may occur•Unlikely – not likely to occur•Remote – so unlikely as to be near zero•Remember when estimating the probability the highest credible level of probability is to be selected

Severity of Harm

•Catastrophic – death or permanently disabling injury – unable to return to work

•Serious – severe debilitating injury or illness – able to return to work at some point

•Moderate – significant injury or illness – requires more than first aid

•Minor – no injury or slight injury requiring no more than first aid.

Risk Reduction Architecture

•High– Dual channel with continuous monitoring

•Medium– Redundancy with self checking upon startup

•Low– Redundancy that may be manually checked

•Negligible– Physical barriers, electrical devices using a single

channel non-safety rated components

Question: Who played Superman in the 1980’s movies

SUPER TRIVIA

Answer: Christopher Reeves

R15.06 (1999) Risk Assessment Matrix

• The new standard (not yet released) has been harmonized with ISO10218 which has standardized on the ISO 12100 Risk Assessment methodology and utilizing PL values based on the ISO 13849-1 standard

Severity of Injury Exposure Avoidance Risk Reduction

S2 Serious Injury

E2 Frequent A2 Not Likely R1

A1 Likely R2A

E1 Infrequent A2 Not Likely R2B

A1 Likely R2B

S1 Slight Injury

E2 Frequent A2 Not Likely R2C

A1 Likely R3A

E1 Infrequent A2 Not Likely R3B

A1 Likely R4

Severity / Frequency / Avoidance

•Severity– S1 – Slight injury – Normally reversible or

requires only first aid as defined in OSHA 1904.12

– S2 – Serious Injury – Normally irreversible or fatal or requires more than first aid as defined in OSHA 1904.12

Severity /Frequency / Avoidance

•Exposure– E1 – Infrequent – Less then once per

hour

– E2 – Frequent – More then once per hour

•Avoidance– A1 – Likely – Can move out of the way,

or sufficient warning /reaction time or robot speed is less then 250mm/sec

– A2 – Not Likely – Cannot move out of the way, or inadequate reaction time or robot speed greater then 25mm/sec

R15.06 Safety Category

Category Safeguard Performance Circuit Performance

R1 Hazard elimination or hazard substitution

Control reliable

R2A Engineering controls preventing access to the hazard or stopping the hazard i.g. interlocked barrier guards, light curtains

Control reliable

R2B Single Channel with monitoring

R2C Single Channel

R3A Non-interlocked barriers, clearance procedures and equipment

Single channel

R3B Simple

R4 Awareness means Simple

Control Reliable R1/R2

•Control Reliable: Safety circuitry shall be designed, constructed and applied such that a single fault shall not lead to the loss of the safety function.– R1 is dual channel circuitry with continuous

monitoring of the safety function and will detect a fault and stop machine function in a safe manner

– R2A is dual channel circuitry that will check the safety function at machine start-up and periodically during operation. If a fault is detected a stop signal will be generated

Question: Batman protected what city?

SUPER TRIVIA

Answer: Gotham

ISO 13849 Risk Assessment Matrix

Categories

B 1 2 3 4

F1

S2

S1

F2

P1

P2

P1

P2

Possible Category

Preferred Category

Over-dimensioned for risk

Severity / Frequency / Avoidance

•Severity– S1 – Slight injury – Normally reversible

– S2 – Serious Injury – Normally irreversible or fata

•Frequency– F1 – Infrequent – Less then once per hour

– F2 – Frequent – More then once per hour

•Avoidance– P1 – Likely – Can move out of the way, or

sufficient warning

– P2 – Not Likely – Cannot move out of the way, or inadequate reaction time

CATEGORY B

•Fault can lead to the loss of the safety function•Basic components can be used•Proper engineering practices– i.e wiring, placement of parts…..

CATEGORY 1

•The same requirements as those of Category B apply plus the following•Well tried components•Design with past success (industry standard)•Made and verified using principles which demonstrate its suitability and reliability for the safety-related application

Question: What was the name of Green Hornets car

SUPER TRIVIA

Answer: Black Beauty

CATEGORY 2

•The same requirements as those of Category B apply plus the following•Well tried components•Safety functions are checked at startup and suitable intervals

CATEGORY 3

•The same requirements as those of Category B apply plus the following•Well tried components•Safety functions are checked at startup and suitable intervals•Single fault does not lead to the loss of the safety function•Dual channel

CATEGORY 4

•The same requirements as those of Category B apply plus the following•Well tried components•Automatic safety function detection•Single fault does not lead to the loss of the safety function•Dual channel•Diagnostic Coverage is High

The Mega Graph

Risk Reduction System Architecture

ANSI B11.TR6(ISO 13849-1:1999)

ANSI B11.0 RIA R15.06CSA Z434

ISO 13849-1(1999)

IEC 61508SIL

ISO 13849-1(2006) PL

Requirement B shall apply. Single fault immediately detected and accumulation of undetected faults shall not lead to loss of safety function

HighRedundant with continuous monitoring

R1/R2A(control reliable)

4 3 e

Requirement B shall apply. Single safety fault shall be detected on subsequent demand of system

IntermediateRedundant with self checking at start-up

R2A/R2B(control reliable)SC w/monitoring

3 3 to 2 b, c or d

Requirement B shall apply. Single fault of safety parts shall not lead to a loss of safety function

LowRedundant with manual monitoring

R2B / R2CSC w/manual monitoring

2 2 to 1 a, b, c or d

Requirement B shall apply. Well tried and true components and safety principles shall be used

LowestSingle Channel

R3ASingle channel 1 0 b or c

SRP/CS and or their protective equipment as well as their components designed to withstand expected influence

R3B / R4simple B a or b

Question: Name of Superman’s father

SUPER TRIVIA

Answer: Kal-El

QUESTIONS……?QUESTIONS……?

Risk Assessment

Documents

Transcript of Risk Assessment