Rant about Safety

brucechase

Member
Join Date
Sep 2004
Location
Augusta GA
Posts
721
Just had an discussion with our new safety guy and thought I would get some advice on what to do.

I just installed a new conveyor system consisting of 450 I/O and about 35 motors. Each motor had a local lockable disconnect switch. Our written LOTO procedure states to put a lock on the local disconnect if you have to work on the motor or conveyor. It has been suggested to lock out the PLC panel. This means that the control source is the lockout point.

I'm not very comfortable with requiring a PLC to be locked to work on anything except the PLC. As a matter of fact, OSHA specifically does not allow this. This has really gotten to be a sticking point on the "approval" of the system.

Not quite sure on how to convince someone that the local disconnect is the proper and only required lockout when working on the conveyor or motor.
 
Last edited:
I presume the PLC is controlling other routes, thereby stopping all production instead of just one branch.

You are correct of course, should point out though that doing it the safety engineer's way will save thousands of dollars in future installations as local isolators would not be required.

After all that is their only function that he has taken away.

Of course, is the PLC point also the source of power to the motor, because if it isn't then perhaps you will need to lock out locally as well, after all.

In the end of the day all you can do is ensurer its safe for the engineer and do as told by management. If they lose production, then they will come around to the correct way of thinking eventually.
 
I'm not sure how you can convince them they simply look at it from the view point of the risk accessment and what they consider to be instrinsically safe. Perhaps you can simply pull the fuses to the individual motor as part of your lockout. If you can prove to them that there is no risk by doing that they may go for it. The problem is the OSHA is subject to interpretation as everything states according to the risk accessment therefore its subjective according to what the safety officer considers intrinsically safe.
 
Does the proposed proceedure call for both the disconnect and the PLC Panel to be Locked Out? I have seen this before and it is the lazy man's LOTO. If only the PLC, that would mean the motors were still operational from local controls at the switchgear. If the switch gear does not have local control, without LOTO, they could be jumpered or malfuction and still operate.
 
Bruce,

I feel your pain with the "safety guy" who wants to make something "totally safe" but does not know/ can not comprehend how their decision can cause more work and not really effect the overall safety of a given maintenance task, possibly making it less safe in some cases. My response to this situation has been to:

Lay out why the proposed additional “safety step” does not provide any additional real safety function.
Estimate the additional cost in time and then $ for doing it.
Sit down with the safety guy and have him explain it to me again why it’s needed.

If they are still adamant, ask them when they will have time to sit down with the plant manager to discuss these same points and rationally describe why we are wasting money to do them. Hopefully you will only have to do this once to show them you know what you are doing.

In your case, does the safety guy really want to sit down and explain to OSHA why an incident occurred due to their additional requirement(s)? The plant manager would also like to know what this answer will be. As always, CYA with sufficient paperwork so that you have a good case to prove your innocence if finger pointing occurs.

Mike
 
It is my understanding that the LOTO requiements in NEC require that the lockout point be within sight of the motor. A local disconnect is most likely to meet that requirement. There are exceptions, but from a common sense standpoint you want to lock out the local disconnect so that you can't inadvertently operat a motor while you are testing the PLC, which must be done with power on at the PLC panel.
 
brucechase, I'm not 100% sure from your post if you mean the safety guy wants to lock out the plc cabinet in addition to or instead of the local disconnect. If "in addition to" then I would probably let this guy have his way and move on with life. As long as your procedures indiucate you need to lock out the local disconnect the added disconnect at the PLC cabinet doesn't make this any less safe.

If "instead of" alot depends on cabinet placement and power feeds. As Tom said the lockout point needs to be in site of the item being worked on. In addition you need to lock out the primary power source. We do alot of smaller machies. The control cabinets are usually right next to the machine. So we have a single lockable disconnect on the cabinet to cover the whole machine. But that disconnect removes motor power n addition to control power. Tom makes the good point that this may not be logistically optimal from a testing standpoint. But it satisfies the safety requirements.

If the plc cabinet lockout only drops the control system and does not isolate the power system I don't consider that a reliable lockout at all.

Keith
 
Unless we are talking safety PLC here, then what the PLC does or does not shall be totally irrelevant for the safety.
If the 'safety guy' is insecure if the safety measures are good enough, then he should not try to improve the safety measures by using the PLC as a safety device. In stead he must improve the real safety measures, or verify that the current measures are good enough.

A common disconnect that shuts down an entire plant is possible (in stead of a PLC shutting down an entire plant), but consider that safety measures must be reasonable and not hindering or limiting the operation of the plant in an unjustifiable way. If the safety measures are too draconian, then operators may be tempted to bypass them to avoid other problems, such as lost production. Because of this a local individual disconnect per device or machine is the norm.
For vey large devices or motors, a local disconnect may not be possible. In that case Lock-out and Tag-out in a central distribution panel for example is acceptable.

You need to make sure that labeling in the field of both devices and disconnects is good enough.
And make sure that there are instructions.
The instructions shall include advice about what to disconnect. If other devices are relevant, then state that they must be disconnected as well. A list detailing each device is a good idea (i.e. "For work on conveyor 23, disconnect conveyors 22, 23, 24 and 25").
And make sure that the maintenance personnel has read and understood the instructions (have them sign a declaration stating that they have).
It is quite simple really.
 
Locking out the PLC is not the answer, you need to isolate the power to the motor either at a local disconnect or back at the MCC.
The local disconnect does you no good if you want to work on the electrical items.
Typically the electrical supply for pull switches, missalignment etc is supplied from the motor starter.
If you lock out the PLC it will make it very dificult for maintenance.
Roy
 
Last edited:
One way to go would be, if you have a local circuit breaker for power to the motor, to wire the help contact to an input telling the PLC that the motor has been powered down for maintainance.
 
I presume the PLC is controlling other routes, thereby stopping all production instead of just one branch.

Of course, is the PLC point also the source of power to the motor, because if it isn't then perhaps you will need to lock out locally as well, after all.

In the end of the day all you can do is ensurer its safe for the engineer and do as told by management. If they lose production, then they will come around to the correct way of thinking eventually.

All motors are 480 VAC out of an MCC that the PLC controls. Locking out only the PLC will stop the motors, but it will not put them in a safe position.

Does the proposed proceedure call for both the disconnect and the PLC Panel to be Locked Out? I have seen this before and it is the lazy man's LOTO. If only the PLC, that would mean the motors were still operational from local controls at the switchgear. If the switch gear does not have local control, without LOTO, they could be jumpered or malfuction and still operate.

He's not sure if he wants both. There are no local controls for the motors. You are correct that the failure of a motor contactor will cause the motor to continue to run.

Bruce,

I feel your pain with the "safety guy" who wants to make something "totally safe" but does not know/ can not comprehend how their decision can cause more work and not really effect the overall safety of a given maintenance task, possibly making it less safe in some cases. My response to this situation has been to:

Lay out why the proposed additional “safety step” does not provide any additional real safety function.
Estimate the additional cost in time and then $ for doing it.
Sit down with the safety guy and have him explain it to me again why it’s needed.

If they are still adamant, ask them when they will have time to sit down with the plant manager to discuss these same points and rationally describe why we are wasting money to do them. Hopefully you will only have to do this once to show them you know what you are doing.

In your case, does the safety guy really want to sit down and explain to OSHA why an incident occurred due to their additional requirement(s)? The plant manager would also like to know what this answer will be. As always, CYA with sufficient paperwork so that you have a good case to prove your innocence if finger pointing occurs.

Mike

I really wish I could do this. Unfortunately, the higher management just told me to make it right and really didn't bother about anything else. They really don't want to get into a battle, they just want it done. As for the $$, it won't be seen until someone has to lock something out. Unfortunately, the rational part went out the window a while ago (at least for me). I really start to lose my patience around someone who acts like they know what they are doing but really has no clue.

It is my understanding that the LOTO requiements in NEC require that the lockout point be within sight of the motor. A local disconnect is most likely to meet that requirement. There are exceptions, but from a common sense standpoint you want to lock out the local disconnect so that you can't inadvertently operat a motor while you are testing the PLC, which must be done with power on at the PLC panel.

According to 430.102(B), the disconnecting means does not have to be in line of sight if it is lockable and in an idustrial installation where only qualified persons service the equipment - the exception you are probably referring to. I personally like the common sense approach. As for testing, the safety guy isn't concerned about our testing, just running the system.

In either case, ours is within 5 feet of the motor, labled and lockable.

brucechase, I'm not 100% sure from your post if you mean the safety guy wants to lock out the plc cabinet in addition to or instead of the local disconnect. If "in addition to" then I would probably let this guy have his way and move on with life. As long as your procedures indiucate you need to lock out the local disconnect the added disconnect at the PLC cabinet doesn't make this any less safe.

If "instead of" alot depends on cabinet placement and power feeds. As Tom said the lockout point needs to be in site of the item being worked on. In addition you need to lock out the primary power source. We do alot of smaller machies. The control cabinets are usually right next to the machine. So we have a single lockable disconnect on the cabinet to cover the whole machine. But that disconnect removes motor power n addition to control power. Tom makes the good point that this may not be logistically optimal from a testing standpoint. But it satisfies the safety requirements.

If the plc cabinet lockout only drops the control system and does not isolate the power system I don't consider that a reliable lockout at all.

Keith

I agree and wish I could just let him have his way. My only problem comes in the fact that I've seen people cut off the PLC disconnect and watch all the motors stop. It's not a far stretch for them to think that this is an acceptable lockout point (especially if it is labled with a "LOCKOUT HERE" sticker).

We have a lot of machines in which the disconnect does isolate the motor power along with the PLC. I'm more worried about the confusion that can happen if the disconnect is labeled like a machine disconnect.

Unless we are talking safety PLC here, then what the PLC does or does not shall be totally irrelevant for the safety.
If the 'safety guy' is insecure if the safety measures are good enough, then he should not try to improve the safety measures by using the PLC as a safety device. In stead he must improve the real safety measures, or verify that the current measures are good enough.

A common disconnect that shuts down an entire plant is possible (in stead of a PLC shutting down an entire plant), but consider that safety measures must be reasonable and not hindering or limiting the operation of the plant in an unjustifiable way. If the safety measures are too draconian, then operators may be tempted to bypass them to avoid other problems, such as lost production. Because of this a local individual disconnect per device or machine is the norm.
For vey large devices or motors, a local disconnect may not be possible. In that case Lock-out and Tag-out in a central distribution panel for example is acceptable.

You need to make sure that labeling in the field of both devices and disconnects is good enough.
And make sure that there are instructions.
The instructions shall include advice about what to disconnect. If other devices are relevant, then state that they must be disconnected as well. A list detailing each device is a good idea (i.e. "For work on conveyor 23, disconnect conveyors 22, 23, 24 and 25").
And make sure that the maintenance personnel has read and understood the instructions (have them sign a declaration stating that they have).
It is quite simple really.

No safety PLC here, just an AB 5/05. You are right about people trying to bypass things to make their life easier (or just to make production run). I wouldn't want someone to lose their life because of it though. As for labeling, all my systems are color coded and labeled at both the disconnect and the MCC. I try to make it as dummy proof as possible, but there are some smart dummies out there.

Locking out the PLC is not the answer, you need to isolate the power to the motor either at a local disconnect or back at the MCC.
The local disconnect does you no good if you want to work on the electrical items.
Typically the electrical supply for pull switches, missalignment etc is supplied from the motor starter.
If you lock out the PLC it will make it very dificult for maintenance.
Roy

Yes, it will make it difficult if the PLC has to be locked out. Our control power is seperate from the motor starter in our system. The control panel supplies all the voltages for all the controls and field devices.


All in all, I appreciate the good suggestions from everyone. My problem is I've started to let my lack of patience get in the way and now battle lines are being drawn. I've never wanted something like this to happen because safety should not be a political game. I just wanted a non-confusing system that is easy to operate and easy to isolate when working on it.

Thanks for letting me vent a little.
 
Just had an discussion with our new safety guy and thought I would get some advice on what to do.

I just installed a new conveyor system consisting of 450 I/O and about 35 motors. Each motor had a local lockable disconnect switch. Our written LOTO procedure states to put a lock on the local disconnect if you have to work on the motor or conveyor. It has been suggested to lock out the PLC panel. This means that the control source is the lockout point.

I'm not very comfortable with requiring a PLC to be locked to work on anything except the PLC. As a matter of fact, OSHA specifically does not allow this. This has really gotten to be a sticking point on the "approval" of the system.

Not quite sure on how to convince someone that the local disconnect is the proper and only required lockout when working on the conveyor or motor.

Bruce
From 20 years in safety and hygiene and as an electrician here is what I think:

You are correct in installing disconnects near motors.

1. NEC requires a local disconnect in sight of equipment OR a remote and lockable disconnect. Load disconnect means can and often is in another building.
2. OSHA requires the power to be disonnected
3. OSHA requires machine to be in zero state mechanically ie other mechanical devices springs hydraulics etc to be "bled off" or blocked etc to prevent movement.

Ever since I started in the electrical business in the Navy I have been taught to
1. kill the main power to a machine.
2. never lockout just control power. I know of several fatal accidents where locking control power did not work out. This is what you are creating by locking out PLC only.
3. never rely on interlocks.

All the above goes for working "hands on" on electrical equipment and it does NOT apply to trouble shooting where portions or all portions may be required to be live.

IF me working on a piece of equipment I would either
A. have the wires disonnected at the source and my lock on the cabinet or danger tagged
B. local or remote disconnect pulled and my lock on it.
C. If I have any doubts the load side shorted and bonded to ground. That saved my life at Trojan Nuclear Plant - long story.

I guess if your safety guy wants you to lock out the PLC that is fine and would be OK with me - it is all on company time and the pay is the same. I would never trust a PLC to keep me alive. I would do A B or C. I am the guy on other end of the wires and provided it meets company policy and OSHA I can do anything I want to protect me
OR
per OSHA I have the right to refuse to do an unsafe job.

Dan Bentler
 
Last edited:
you have 2 guidelines to consider (there may be others)

NFPA70 - national electric code requires that all motors not within sight of the main control panel disconnect have a disconnect. see the definition in the code book "in sight from" all motors must be within 50 ft from the main control panel and be within sight of the panel disconnect.

nfpa 79 - electrical standard for industrial machinery.
this also applies.

you also may want to goto www.mikeholt.com and ask your question there. this is an electrical code forum.

regards,
james.
 
you have 2 guidelines to consider (there may be others)

NFPA70 - national electric code requires that all motors not within sight of the main control panel disconnect have a disconnect. see the definition in the code book "in sight from" all motors must be within 50 ft from the main control panel and be within sight of the panel disconnect.

nfpa 79 - electrical standard for industrial machinery.
this also applies.

you also may want to goto www.mikeholt.com and ask your question there. this is an electrical code forum.

regards,james.


James
I am not referring to the current code requirements. i am referring to older installations not wired to current code where the disconnects were not required to be in sight. There are other installations ie utility and shipboard where NEC does not apply. I probably should not have even mentioned NEC come to think of it and just stick to reality.

Regardless of requirements having your disconnects near the equipment only makes sense.
Dan Bentler
 
Last edited:
How about a demonstration to him (under controlled conditions of course), simulate a fault (i.e. short out the contactor circuit so the contactor is always on). Then disconnect the PLC panel and lock it off.

Demonstrate to him that the drive is still running even though its locked off his way.

Then show that the local disconnect will still stop the motor.


Explain that the PLC is not a safe isolation point for someone to put their arms/legs/head, etc into.

Also, if someone is killed whose responsible and likely to go to jail. Might be prudent to point it out to them.
 

Similar Topics

I often need to search for answers. What really p!$$e$ me off are long web pages and videos where I must waste a lot of time getting the info...
Replies
19
Views
5,304
It seems that the OPs always want to be secretive. Not just on this forum but also on reddit/control theory and especially on a Chinese forum we...
Replies
40
Views
9,791
(Rant)(CAD Models): Phoenix Contact Took the Time to say "FU!!" to their customers So obviously they have real CAD models of their parts because...
Replies
0
Views
1,744
Today I had first time experience to troubleshoot Twincat3 project, that has motion control and is semi complicated and it was project not done by...
Replies
3
Views
1,451
While I am now retired, I still visit Delta a few times a week. I saw an intern trying to write code to interface a Delta RMC motion controller...
Replies
9
Views
2,897
Back
Top Bottom