Too much safety

[BlackBamba]

Hi all,

Can a machine be "too safe"?

I originally wanted to ask a different question about best-practices when switching a machine from non-auto to auto mode. But as I was writing that question with all the background details and different options, I figured I already knew what the answer should be - as one option was somewhat safer than the others.

And then it struck me that maybe the added safety was kind of superfluous.

So, have you ever encountered a machine that you, or experienced operators, have considered "too safe"?
In the sense that the safety procedures somehow have a negative impact on machine operation/operators/throughput...

Kindly share your experiences and thoughts!

 

[A_G]

It is possible to have too many nuisance alarm notifications that can lead to the actually important alarms getting missed / ignored

 

[IO_Rack]

So, have you ever encountered a machine that you, or experienced operators, have considered "too safe"?
In the sense that the safety procedures somehow have a negative impact on machine operation/operators/throughput...

Kindly share your experiences and thoughts!

I've seen machines that have been overloaded with electrical safety controls.

Too safe though? I don't think so. If a machine is difficult to work with due to safety controls and/or is hindering performance, operators will find a way to get hurt.

Our approach is to eliminate the hazards during machine and operation design, thus eliminating a need for safety controls. This is easier said than done, especially sitting in a room with all the interested groups. (Machine builders, EHS, engineering, production, etc...)

EDIT: Noting our hazards come from medium sized servo motors, actuators, pneumatic operations for medium sized assembly machines. There are forum members here that deal with much greater hazards.

 

[jstolaruk]

Designing a machine's control system "too safe" is my reaction when the customer doesn't want to go through the effort of supplying a risk assessment (which is often the case with smaller clients).

 

[Tom Jenkins]

If you make it idiot proof they will build a bigger idiot.

Seriously, there is no such thing, in my opinion, as "too safe". That, however, doesn't mean adding every gadget and precaution imaginable is worthwhile. Eventually, you hit the point of diminishing returns, where the increased precautions add little or nothing to the actual safety of the operators and decrease the ability of the system to perform its primary function.

Where is that point? Good question, and establishing it is what sound engineering judgment is all about.

 

[Phill77]

I think there are two ways it can be 'too safe'.
1 - The safety system is over specified or incorrectly assessed as the wrong PL / SIL.
Hopefully it is obvious that there are increased hardware requirements with higher safety levels, which can include more regular testing and replacement of equipment after a certain lifespan. That's a real hassle if the safety level is not actually required.

2 - Software controls which go over and above the safety system.
Software logic that replicates in parallel the function of the safety system are much more prone to errors than the actual safety system, quite obvious really, else we would not use a certified safety system!
I think it is too easy to think of scenarios which you believe would be unsafe, but which a proper safety assessment would either decide is improbable or covered a different way.
I know of a system designed to be powered by multiple sources (only one at a time), where motorised breakers are monitored by the safety system and also hard wired interlocked to prevent incorrect operation. Any inconsistencies will cause the failsafe PLC to open all the breakers which then shuts down the process.
In our wisdom we also put logic in place which will command all the breakers open if the process attempts to close an unsafe combination, or when it is not in use.
This has caused so much inconvenience for various reasons, and really is unnecessary because if we cannot rely on the actual safety system then there is no point of it being there.

 

[I_Automation]

One Too-safe thing I came across was an OEM for an addition to a stamping press suddenly started using GuardLogix PLC's instead of the ControlLogix all the previous ones had.


I talked to their tech support about it (more like complained and chewed his ear off) and they went back to CLX's.
There was no reason for that add-on to be a safety PLC with safety IO when it wasn't controlling the press, just responding to the press and not anything that could endanger an operator if the PLC did some non-safety thing and crashed.
Plus with the safety signature in the GuardLogix replacing an IO module in the RemoteIO and updating the version number from 1.88 to 3.3 was impossible.

 

[JeffKiper]

I do think you hit a point of diminishing return on safety.

A standard 3 round risk assessment is about my limit for machine design. We always start with the machine WITHOUT any safeguards. ID the hazards and rate them. What is acceptable and what's not? What can you do to mechanically design them out. Then loop back and do it again and again. Then we use the safeguards, warnings, administrative controls and PPE.

It's not exactly following the ANSI spec but very close. Most of our issues are mechanical so we look at the a little heavier.

What we have found is if we don't look at it and just add stuff the machine they get cluttered and makes the machine hard to operate. People bypass stuff that makes life difficult. When it's easy to operate the system produ thin usually isn't impacted. We have found that a lot of the mechanical issues are fixed so the operators interface a lot less with the machine during production. Less interfacing means more steady run time. Less exposure to the hazards, etc. etc.

Sometimes just adding a safety light curtain makes things easier.

 

[geniusintraining]

It is possible to have too many nuisance alarm notifications that can lead to the actually important alarms getting missed / ignored

Agree, this is the reason lights change the pattern on emergency vehicles and has anyone downloaded something and read the "warnings" once you download it you scroll to the bottom and click "I agree to these terms" not that its safety but if someone sees it all the time they will not consider it and only think its just a stupid annoyance.

You do need to protect yourself and CYA also make it as safe as it can be for others

 

[BlackBamba]

Thanks for the enlightening replies! A lot of food for thought...

Wishing you all a Happy New Year!