Upload
adam-killian
View
113
Download
5
Tags:
Embed Size (px)
Citation preview
© 2006 Swagelok Company. Swagelok confidential. For internal use only.
The Plot
•Understanding the League of Justice (aka OSHA, ANSI, NFPA)• Introduction to our hero Risk Assessment•ANSI vs. ISO•Project Definition unmasked •Risk Assessment – his powers revealed (a.k.a the impenetrable risk assessment form)
•Your Powers and how to apply them
Question: In the title slide what is the Risk Assessment to save us from?
SUPER TRIVIA
Answer: The Evil Hazard
O HA• OSHA: Occupational Safety and Health Administration
– OSHA was created in 1971 under the Occupational Safety and Health Act, which President Nixon signed into effect in December 1970.
– It falls under the Department of Labor of the National Government
– It’s mission is to help employers and employees reduce on the job injuries, illnesses and deaths.
• Who is required to comply?– The OSH Act covers private sector employers/employees in the 50 states. That means us.
– The OSH Act covers employers and employees either directly through Federal OSHA or through an OSHA-approved state program.
• Ohio does not have a state approved program hence Ohio falls under the Federal OSH Act
• What am I complying with?– Part 1910 otherwise known as the Occupational Safety and Heath Standard
• There are actually 52 total standards covering everything from Implementing the Privacy Act to Health and Safety Regulations for Longshoring.
Six Safety Powers of O HA
• Administrative Safety (strength)– program development, emergency planning, safety audits…
• Facility Safety (x-ray eyes)– confined spaces, Electrical Safety, ergonomics, fire safety…
• Exposure Control (bullet proof)– asbestos safety, bloodborne pathogens, hazardous
materials…..
• Personal Protection (laser beam eyes)– back safety, first aid, PPE, eye safety……
• Tools and Equipment (can fly)– compressed gas, Machine Guarding, rigging, welding…
• Behavior and Attitude (Protects the Innocent)– conflict resolution, drug and alcohol, fitness and wellness…
O HA superpower
•General Duty Clause (Section 5(a)(1))
– “requires that each employer “furnish … a place of employment which [is] free from recognized hazards that are causing or are likely to cause death or serious physical harm to their employees. ”
(Reverse time)
NFPA a.k.a The Torch• NFPA: National Fire Protection Association
– NFPA has been a worldwide leader in providing fire, electrical, building, and life safety to the public since 1896
– Responsible for over 300 codes and standards that are designed to minimize the risk and effects of fire.
– Most notable standards for Swagelok are
• NFPA 70 (N.E.C)
• NFPA 70E (Arch Flash)
• NFPA 79 (Electrical Standard for Industrial Machines)
Question: The Torch was a member of what superhero group?
SUPER TRIVIA
Answer: The Fantastic Four
ANSI a.k.a Professor X• ANSI: The American National Standards Institute
– ANSI, itself, does not develop standards;
• it facilitates the development of standards by establishing consensus among qualified groups written entirely by volunteers.
• OSHA has adopted many ANSI and NFPA standards by reference over the years
– ANSI and NFPA both deal with employee safety but in different areas.
• NFPA is mainly electrical in nature
• ANSI is mainly safeguarding in nature
• What about standards that are not referenced?.....i.e do we have to respect the Green Lantern even though he doesn’t live in the Westchester Mansion?
O HA accepts the Green Lantern
• The NFPA 70E is NOT referenced within OSHA, so is it enforceable?
• Swagelok enforces it as it is referenced in SI-12-056 – PPE for HRC-0, 1
• SP-12-026 (Swagelok Electrical Policy) references SI-12-056 and states “For Swagelok associates, failure to adhere to this electrical policy can result in disciplinary action, including termination.”
• Section 29 CFR 1910.2(g) states a “National consensus standard” means any standard or modification thereof which has been adopted and promulgated by a nationally recognized standards-producing organization [NFPA / ANSI / ISO] under procedures whereby it can be determined that persons interested and affected by the scope or provisions of the standard have reached substantial agreement on its adoption”.
So who wins DC or Marvel
I mean ANSI or NFPA• There are important differences between OSHA and
ANSI / NFPA. It mainly has to do with technical scope.
– OSHA laws typically set out only a general framework, procedure and/or set of standards to guard against a hazard.
– An ANSI / NFPA standard is consistent with the law but goes into much greater depth. It provides the technical, nuts-and-bolt details that the statutes leave out.
– ANSI / NFPA Standards also typically go much further than the laws in protecting workers.
– You can think of OSHA as the statute or law and ANSI / NFPA as the regulations or rules to follow that law.
• LOTO example
Question: What other NFPA standard (already mentioned) is not referenced by OSHA Hint: It’s a prime number
SUPER TRIVIA
Answer: NFPA 79
Are all Villians (hazards) created equal?
• Hazard Safety – There are levels of Hazards
• Would you want the same safeguards to protect you from Grumpy Bear as you would Galactus the ultimate Villain?
• Different machines inherently have different levels of hazards to an employee and need to be guarded properly to that level of hazard
• The levels are determined by the Risk Assessment
• The process by which the intended use of the machine, the tasks, the hazards and the level of risk are determined.– ALL safety standards whether European or American
require a risk assessment
• Without determining what a hazard is, how do you know how to protect against it and to what level of protection do you need?
What is this Risk Assessment?
O HA likes destroying hazards
• 29 CRF 1910.132(d)(1)– The employer shall assess the workplace to determine if hazards are
present, or are likely to be present, which necessitate the use of personal protective equipment (PPE).
• 29 CRF 1910.132(d)(2)– The employer shall verify that the required workplace hazard
assessment has been performed through a written certification that identifies the workplace evaluated; the person certifying that the evaluation has been performed; the date(s) of the hazard assessment; and, which identifies the document as a certification of hazard assessment.
• So what does this all mean?
IT’S THE LAW
Question: What would happen to Bruce Banner when he became angry?
SUPER TRIVIA
Answer: He would become the HULK
Does our hero Risk Assessment have a twin?
• There are many different risk rating systems and NO universally accepted solution.
– ANSI B11.TR3 / R15.06:1999 - US
– ISO12100 / IEC 61508parts 1-7 - European
• Some of the European and American standards are being harmonized
• R15.06:2012 Robot Safety Standard (US) and ISO10218:2010 (International Standard for Robot Safety)
• ISO is most widely recognized risk assessment procedure
Question: Wonder Woman was played by who in the tv series
© 2006 Swagelok Company. Swagelok confidential. For internal use only.
SUPER TRIVIA
Answer: Lynda Carter
Question: Who can lift the hammer of Thor
© 2006 Swagelok Company. Swagelok confidential. For internal use only.
DOUBLE SUPER TRIVIA
Answer: Thor
Bonus: What is the hammer made of
Answer: Alpha Particles
Put on your underroos
• Machine suppliers and End Users have the responsibility for defining and achieving acceptable risk over the lifecycle of the machine– Machine supplier is responsible for the design, construction
operation and initial maintenance procedures of the machine
– End User is responsible for the operation and ongoing maintenance of the machine through decommissioning
• Lifecycle progression from concept through decommissioning
1Design
Concept
2Preliminary
Design
3DetailedDesign
4Build or
Purchase
5Commission
(Install / Debug)
6Production
Maintenance
7Decommission
Machine and Equipment Lifecycle Stages
Step 1 – Even Superhero's have limits
• Determine the limits of the machine– Use limits determined by the INTENDED use of the machine,
production rates, cycle times, speeds, people involved….
• Space limits– Range of movement, space requirements for installation,
maintenance and operator interface
• Time limits– Maintenance and wear of tools, mechanical and electrical
components
• Environmental limits– Temperature, humidity, noise, location
• Interface limits– Other machines or auxiliary equipment
Step 2 – The task at hand
• All tasks of the machine should be identified• Remember to consider the entire lifecycle of the machine
– System install
– Start up / commissioning
– Setup
– Operation
– Tool Change
– Planned maintenance
• Unplanned maintenance
– Recovery from control failures, jams
– Decommissioning
Question: What was Batman’s secret identity
SUPER TRIVIA
Answer: Bruce Wayne
Step 3 – Identify the Risk
RiskRelated to the
considered hazard
Is a function of
with
SeverityThat results from
the hazard
Frequencyof occurrence
Probabilityof avoidance
and
Step 4 – Reduce that Risk
• If the level of risk is not acceptable, risk reduction measures shall be implemented to reduce that risk• Risks shall be reduced using the hazard control
hierarchy– We’ll get to this in a bit
• Risks can be reduced by– Reducing the potential severity of harm presented by the
hazard
– Improving the possibility of avoiding the harm
– Reducing the need for access to the hazard zone
Hazardous Control Hierarchy
MostPreferred
LeastPreferred
Protective Measure
Example Influence on Risk Classification
EliminationOr
Substitution
• Robots and conveyors
• Redesign the process
• Impact on overall risk (elimination)• May affect severity of harm Design Out
Guards andSafeguards
• Barriers• Interlocks• Presence sensing
devices• Two hand
controls
• Greatest impact on the probability of harm (occurrence of hazardous events under certain circumstances)
• Minimal if any impact on severity of harm
Engineering Controls
Awareness Devices• Lights and beacons• Computer warnings• Signs and labels
• Potential impact on probability of harm (avoidance)
• No impact on severity of harm
Administrative ControlsTraining and
procedures
• Safe work procedures
• Lockout / Tagout (LOTO)
• Potential impact on probability of harm (avoidance and/or exposure)
• No impact on severity of harm
Personal Protection Equipment
(PPE)
• Safety glasses• Ear plugs• Gloves• Protective footwear
• Potential impact on probability of harm (avoidance)
• No impact on severity of harm
Question: How did Spiderman get his powers
SUPER TRIVIA
Answer: He was bit by a radioactive spider
Step 5 – Assess Residual Risk• When risk reduction measures have been
selected, the residual risk shall be assessed.• This process follows the same procedures as the
initial risk• The incentive to defeat or circumvent risk
reduction measures shall be considered when validating risk reduction measures– Prevents the task from being performed
– It slows down production
– The hazard is not recognized by associates as a hazard
– The risk reduction measure in not accepted as suitable, necessary or appropriate for its function.
Step 6 – Achieve Acceptable Risk
• Once the residual risk has been established for each hazard, a decision shall be made to accept the residual risk or further reduce it.• High Residual Risk – only acceptable when all
reasonable alternatives/options have been reviewed and formally deemed impracticable or infeasible• Medium Residual Risk – Undesirable but
permissible only when all reasonable alternatives have been formally deemed infeasible• Low Residual Risk – Usually acceptable• Negligible Residual Risk - Acceptable
Step 7 – Validate solution
• After the risk reduction measures have been implemented, their effectiveness shall be validated– Testing and verifying operation of safety devices
– Review of training
– Presence of warning labels preferably scratch n’ sniff
– Presence of lockout procedures and safe job procedures
– Functioning of complimentary equipment
• I shouldn’t even have to say this but, the testing of the safeguarding measures shall not expose an individual to potential harm should the safeguard not provide the protection expected.– There I said it
Step 8 – Time to document
• The outcome of a risk assessment shall be documented• The documentation shall demonstrate
– The procedures that were followed
– The hazard identified
– The risk reduction methods employed to reduce the risk to an acceptable level
Question: How many superhero’s secret identity has a first name of Bruce
SUPER TRIVIA
Answer: 2 Bruce Wayne and Bruce Banner
Flowcharts are like kryptonite to Superman
© 2006 Swagelok Company. Swagelok confidential. For internal use only.
Set Limits of the assessment (1)
Flowcharts are like kryptonite to Superman
Set Limits of the assessment (1)
Identify Tasks and Hazards (2)
Flowcharts are like kryptonite to Superman
Set Limits of the assessment (1)
Identify Tasks and Hazards (2)
Assess Initial Risk (3)
Risk Scoring System
Flowcharts are like kryptonite to Superman
Set Limits of the assessment (1)
Identify Tasks and Hazards (2)
Assess Initial Risk (3)
Risk Scoring System
Reduce Risk (4)
Hazard ControlHierarchy
Flowcharts are like kryptonite to Superman
Set Limits of the assessment (1)
Identify Tasks and Hazards (2)
Assess Initial Risk (3)
Risk Scoring System
Reduce Risk (4)
Hazard ControlHierarchy
Assess Residual Risk (5)
Risk Scoring System
Flowcharts are like kryptonite to Superman
Set Limits of the assessment (1)
Identify Tasks and Hazards (2)
Assess Initial Risk (3)
Risk Scoring System
Reduce Risk (4)
Hazard ControlHierarchy
Assess Residual Risk (5)
Risk Scoring System
ResidualRisk
Accepted? (6)
Flowcharts are like kryptonite to Superman
Set Limits of the assessment (1)
Identify Tasks and Hazards (2)
Assess Initial Risk (3)
Risk Scoring System
Reduce Risk (4)
Hazard ControlHierarchy
Assess Residual Risk (5)
Risk Scoring System
Validate Solution (7)
ResidualRisk
Accepted? (6)
YES
NO
Flowcharts are like kryptonite to Superman
Set Limits of the assessment (1)
Identify Tasks and Hazards (2)
Assess Initial Risk (3)
Risk Scoring System
Reduce Risk (4)
Hazard ControlHierarchy
Assess Residual Risk (5)
Risk Scoring System
Validate Solution (7)
Results Documented (8)
ResidualRisk
Accepted? (6)
YES
NO
Question: What is Green Lanterns weakness?
SUPER TRIVIA
Answer: The color Yellow
B11.0.TR3 Risk Assessment Matrix
Severity of HarmProbability of Occurrence
Catastrophic Serious Moderate Minor
Very Likely High High High Medium
Likely High High Medium Low
Unlikely Medium Medium Low Negligible
Remote Low Low Negligible Negligible
• In this model the risk terms are correlated to the level of risk reduction required.– Risk - The combination of the probability of occurrence of harm and
the severity of that harm
Probability of Occurrence
• It is estimated by taking into account the frequency, duration, extend of exposure, training and awareness.•Very Likely – near certain to occur•Likely – may occur•Unlikely – not likely to occur•Remote – so unlikely as to be near zero•Remember when estimating the probability the highest credible level of probability is to be selected
Severity of Harm
•Catastrophic – death or permanently disabling injury – unable to return to work
•Serious – severe debilitating injury or illness – able to return to work at some point
•Moderate – significant injury or illness – requires more than first aid
•Minor – no injury or slight injury requiring no more than first aid.
Risk Reduction Architecture
•High– Dual channel with continuous monitoring
•Medium– Redundancy with self checking upon startup
•Low– Redundancy that may be manually checked
•Negligible– Physical barriers, electrical devices using a single
channel non-safety rated components
Question: Who played Superman in the 1980’s movies
SUPER TRIVIA
Answer: Christopher Reeves
R15.06 (1999) Risk Assessment Matrix
• The new standard (not yet released) has been harmonized with ISO10218 which has standardized on the ISO 12100 Risk Assessment methodology and utilizing PL values based on the ISO 13849-1 standard
Severity of Injury Exposure Avoidance Risk Reduction
S2 Serious Injury
E2 Frequent A2 Not Likely R1
A1 Likely R2A
E1 Infrequent A2 Not Likely R2B
A1 Likely R2B
S1 Slight Injury
E2 Frequent A2 Not Likely R2C
A1 Likely R3A
E1 Infrequent A2 Not Likely R3B
A1 Likely R4
Severity / Frequency / Avoidance
•Severity– S1 – Slight injury – Normally reversible or
requires only first aid as defined in OSHA 1904.12
– S2 – Serious Injury – Normally irreversible or fatal or requires more than first aid as defined in OSHA 1904.12
Severity /Frequency / Avoidance
•Exposure– E1 – Infrequent – Less then once per
hour
– E2 – Frequent – More then once per hour
•Avoidance– A1 – Likely – Can move out of the way,
or sufficient warning /reaction time or robot speed is less then 250mm/sec
– A2 – Not Likely – Cannot move out of the way, or inadequate reaction time or robot speed greater then 25mm/sec
R15.06 Safety Category
Category Safeguard Performance Circuit Performance
R1 Hazard elimination or hazard substitution
Control reliable
R2A Engineering controls preventing access to the hazard or stopping the hazard i.g. interlocked barrier guards, light curtains
Control reliable
R2B Single Channel with monitoring
R2C Single Channel
R3A Non-interlocked barriers, clearance procedures and equipment
Single channel
R3B Simple
R4 Awareness means Simple
Control Reliable R1/R2
•Control Reliable: Safety circuitry shall be designed, constructed and applied such that a single fault shall not lead to the loss of the safety function.– R1 is dual channel circuitry with continuous
monitoring of the safety function and will detect a fault and stop machine function in a safe manner
– R2A is dual channel circuitry that will check the safety function at machine start-up and periodically during operation. If a fault is detected a stop signal will be generated
Question: Batman protected what city?
SUPER TRIVIA
Answer: Gotham
ISO 13849 Risk Assessment Matrix
Categories
B 1 2 3 4
F1
S2
S1
F2
P1
P2
P1
P2
Possible Category
Preferred Category
Over-dimensioned for risk
Severity / Frequency / Avoidance
•Severity– S1 – Slight injury – Normally reversible
– S2 – Serious Injury – Normally irreversible or fata
•Frequency– F1 – Infrequent – Less then once per hour
– F2 – Frequent – More then once per hour
•Avoidance– P1 – Likely – Can move out of the way, or
sufficient warning
– P2 – Not Likely – Cannot move out of the way, or inadequate reaction time
CATEGORY B
•Fault can lead to the loss of the safety function•Basic components can be used•Proper engineering practices– i.e wiring, placement of parts…..
CATEGORY 1
•The same requirements as those of Category B apply plus the following•Well tried components•Design with past success (industry standard)•Made and verified using principles which demonstrate its suitability and reliability for the safety-related application
Question: What was the name of Green Hornets car
SUPER TRIVIA
Answer: Black Beauty
CATEGORY 2
•The same requirements as those of Category B apply plus the following•Well tried components•Safety functions are checked at startup and suitable intervals
CATEGORY 3
•The same requirements as those of Category B apply plus the following•Well tried components•Safety functions are checked at startup and suitable intervals•Single fault does not lead to the loss of the safety function•Dual channel
CATEGORY 4
•The same requirements as those of Category B apply plus the following•Well tried components•Automatic safety function detection•Single fault does not lead to the loss of the safety function•Dual channel•Diagnostic Coverage is High
The Mega Graph
Risk Reduction System Architecture
ANSI B11.TR6(ISO 13849-1:1999)
ANSI B11.0 RIA R15.06CSA Z434
ISO 13849-1(1999)
IEC 61508SIL
ISO 13849-1(2006) PL
Requirement B shall apply. Single fault immediately detected and accumulation of undetected faults shall not lead to loss of safety function
HighRedundant with continuous monitoring
R1/R2A(control reliable)
4 3 e
Requirement B shall apply. Single safety fault shall be detected on subsequent demand of system
IntermediateRedundant with self checking at start-up
R2A/R2B(control reliable)SC w/monitoring
3 3 to 2 b, c or d
Requirement B shall apply. Single fault of safety parts shall not lead to a loss of safety function
LowRedundant with manual monitoring
R2B / R2CSC w/manual monitoring
2 2 to 1 a, b, c or d
Requirement B shall apply. Well tried and true components and safety principles shall be used
LowestSingle Channel
R3ASingle channel 1 0 b or c
SRP/CS and or their protective equipment as well as their components designed to withstand expected influence
R3B / R4simple B a or b
Question: Name of Superman’s father
SUPER TRIVIA
Answer: Kal-El
QUESTIONS……?QUESTIONS……?