A safety PLC beats a padlock

Frank Schrever explains why administrative controls are never enough to protect employees working in hazardous industries.

PADLOCK and a set of procedures that included simply “looking out” for colleagues before restarting machinery were all that kept a group of Australian steelworkers safe until a Programmable Safety System (PSS) was recently installed. Nobody had been hurt but the steel mill considered the upgrade essential.

Imagine steel rods fed via conveyor into a 30m-long shear machine that cuts them to the right length, ready to be stacked at the out-feed end. The hazards are many and the potential for injury is serious.

The machine was surrounded by padlocked gates, but no barriers were in place to prevent workers crossing the conveyor and an overhead walkway was also periodically exposed to risk. Procedures were in place, however, that would prevent injury if followed to the letter.

What the law says

Australian state laws do not spell out exactly how workplace hazards must be controlled but they accommodate all sorts of circumstances by setting benchmarks for safety.

Among the most important safety regulations in Victoria, for example, are the Plant Regulations, which stipulate the need to identify workplace hazards, assess the risks and control those risks.

The controls chosen should be as high as possible in the hierarchy of controls, which are elimination, substitution, engineering, administration policies and procedures for safe work practices, and, finally, personal protective equipment. Administrative controls are lower than engineering controls, such as guarding, because they tend to fail when human error inevitably occurs.

Similarly, the Victorian OHS Act says you must eliminate the risk, or if it is not practicable to eliminate it, reduce the risk so far as is “reasonably practicable”.

What “reasonably practicable” means

“Reasonably practicable” is defined by the likelihood of a hazard eventuating, the degree of potential harm, knowledge of risk and controls, availability and suitability of controls and cost.

Of these factors, the degree of harm will always be heavily weighted while cost will be the least important. The suitability of controls is judged according to their feasibility, effectiveness and overall operational considerations.

Critically, too, ignorance is no defence. “Knowledge” means what you know and what someone in your position should know.

The benchmark: AS40241

The Australian Standard covering the safeguarding of plant and machinery, AS4024.1, is the industry benchmark used by the courts.

Because the workers faced hazards that would lead to serious, irreversible injuries, the frequency of the risk was high and the ability to avoid the risk was low, AS4024 would call for Category 4 controls.

The standard says: “Safety-related parts of control systems to category 4 shall be designed so that a single fault in any of these safety-related parts does not lead to a loss of the safety function, and the single fault is detected at or before the next demand upon the safety functions, e.g. immediately, at switch-on, or at the end of a machine operating cycle. If this detection is not possible, then an accumulation of faults shall not lead to a loss of the safety function”.

Because all faults must be detected in time to prevent the loss of the safety function, monitoring systems used to check the input and output safety circuits must do more than detect loss of redundancy. They also need to detect faults that could hide a switch failure, leading to an accumulation of faults and a loss of safety.

Compliance in practical terms

In practice, this meant the steel mill needed a comprehensive set of safety devices monitored by a doubly redundant controller.

The solution was a set of scanners and safety grids overseen by a Pilz PSS, or safety PLC, installed by Malcolm Lutchner of Elecontrol. When workers enter a hazardous area, the sensor (whether one of the five interlocked safety gates, grids or two laser scanners), sends a message to the PSS, which initiates safe shutdown.

A mimic panel shows the operator which of the devices has been triggered and the machine can only be restarted once two reset buttons — one inside the enclosure and one outside — have been pressed in the correct sequence. No longer does the operator have to rely on seeing a person inside the gates to be sure the area is safe to resume production.

Aside from the extra safety that this system provides, the electronics themselves are highly reliable. The PSS offers dual redundancy, which means that as well as continually checking that all the sensors are functioning correctly, its own circuit is self-checking and failsafe.

The good news is that aside from complying with its legal obligations, the steel mill’s decision to upgrade to a PSS makes adjustments or expansion easy as the line changes, while on-board diagnostics achieve maximum uptime.

The benefits of a safety PLC over a padlock and procedures approach are compelling: the liability of the company and its technical staff members is minimised but more importantly everyone will go home at the end of the shift.

* Frank Schrever has been on the Australian standards committee for Safety of Machinery SF 041 reviewing AS 4024 and other machine-specific standards since 1999. He is also the founder and owner of Pilz Safe Automation 03 9544 6300.

Leave a Reply