5. Inherently Safe Design Measures Sumitomo Riko Group
5-2-10-7. Applying Inherently Safe Design Measure to Control Systems - Safety functions
implemented by programmable electronic control systems
(Refer to ISO12100/JISB9700, 6.2.11.7)
Provided as follows concerning safety functions implemented with programmable electronic control systems.
① General
Control systems including programmable electronic devices (e.g. PLC), which may be used to carry out
the machine safety functions as appropriate, provided that performance requirements for safety
functions need be considered.
② Hardware aspect
Hardware (e.g. sensors, actuators) must be selected, designed and installed complying with both the
functional and performance requirements for the safety functions to be implemented.
③ Software aspect
OS and application software to be installed must be designed to satisfy the performance specification for
safety functions.
・Prohibit reprogramming by a user.
・ In case of reprogramming, restrict the access to software processing safety functions.
P76/135
5. Inherently Safe Design Measures Sumitomo Riko Group
5-2-10-7. Applying Inherently Safe Design Measures to Control Systems - Safety functions
implemented by programmable electronic control systems
(Refer to ISO12100/JISB9700, 6.2.11.7)
Performance requirements associated with safety function
Category Categorized per response to failure
(assumption of breakdown)
Performance level (PL) Level calculated and rated per machine reliability,
Safety integrity level (SIL) probability of failure and others(resistance to
breakdown)
Make selection per risk level → Safer items must be used as the risk increases!
Category Requirements (outline) In case of failure Probability of PL SIL Probability of
hazardous failure hazardous failure
B Use parts that can stand usage Safety function will be damaged due to a N/A
environment. failure. occurrence b1 occurrence
10-5 - 10-4 c1
1 B+Use reliable parts. Safety function deterioration is less d2 10-6 - 10-5
than B. 3×10-6 - 10-5 e3 10-6 - 10-5
10-7 - 10-6
2 1+Failure check function Failure is detectable, but safety 10-6 - 3×10-6 Safety side 10-8 - 10-7
function will be lost while checking.
10-7 - 10-6
Safety will be maintained with single
10-8 - 10-7
3 1+Failure double-check function failure, but not all the failures are
detectable. In that case, safety
function may be lost.
4 1+Failure double-check function Failure will be detected before safety
with different technologies function is activated to protect the
safety function.
P77/135
5. Inherently Safe Design Measure Sumitomo Riko Group
5-2-10-7. Applying Inherently Safe Design Measures to Control Systems - Safety functions
implemented by programmable electronic control systems
(Refer to ISO12100/JISB9700, 6.2.11.7)
Category SIL PL
Safety light curtain(source: Keyence website, http://www.keyence.co.uk/products/safety/light-curtain/gl-r/index.jsp)
P78/135
5. Inherently Safe Design Measures Sumitomo Riko Group
5-2-10-7. Applying Inherently Safe Design Measures to Control Systems - Safety functions
implemented by programmable electronic control systems
(Refer to ISO12100/JISB9700, 6.2.11.7)
Software aspect(security of program)
Setting change → Password must be entered.
Only authorized people can operate.
P79/135
5. Inherently Safe Design Measures Sumitomo Riko Group
5-2-10-8. Applying Inherently Safe Design Measures to Control Systems Principles relating to
manual control (Refer to ISO12100/JISB9700, 6.2.11.8)
Provided as follows concerning manual control principles.
① Manual controls shall be designed and laid out according to ergonomic principles.
→ Easy to find and press, etc.
② Stop controls shall be positioned near their corresponding stars controls. As to hold- to-run control, the stop
control shall be provided separately if some risk may be caused by stop command communication failure.
→ Place the stop switch near the operation switch.
③ Manual controls shall be positioned at a place not reachable from the dangerous zone, excluding emergency
stops or teaching pendants that are required to be installed in such zones.
→ Operation panel shall be placed outside the safeguard.
④ Whenever possible, controls and controlling positions shall be located where an operator can visually check
the operation or dangerous area.
→ Operation panel shall be placed where machine inside is easily checked visually.
P80/135
5. Inherently Safe Design Measures Sumitomo Riko Group
5-2-10-8. Applying Inherently Safe Design Measures to Control Systems -Principles relating to
manual control (Refer to ISO12100/JISB9700, 6.2.11.8)
Provided as follows concerning manual control principles.
⑤ If several controls are available for activating the same hazardous element,
the control circuit must be designed to enable only one control.
→ Key switch, safety plug and other restrictions
⑥ Control actuator shall be designed so that it is not operable without
intentional operation wherever risk is present or provided with guard.
→ Guarded switch, etc.
⑦ As to the machine function for which safe operation is ensured by the (source: Various switches
operator’s direct control, employ measure to ensure the operator presence Idec website. Analysis of Safety Ensuring Method for Operators in Hazardous Areas and
at the controlling position.
Development of Padlockable Safety Switches
jp.idec.com/cms/pdf/usr/technology/tech.../01/HIS_2006_02.pdf )
⑧ For the wireless control, the machine shall be automatically stopped when
no control signal is received including when communication is lost.
P81/135
5. Inherently Safe Design Measures Sumitomo Riko Group
5-2-1 0-9. Applying Inherently Safe Design Measures to Control Systems -
Control mode for setting, teaching, process changeover, fault-finding, cleaning or
maintenance (Refer to ISO12100/JISB9700, 6.2.11.9)
In cases where safeguards must be moved or removed, protective devices must be deactivated, or the machine
needs to be run for such operations as indicated in the above title, safety must be ensured with the specific
control mode that satisfies all the features below.
① All the other control modes shall be deactivated.
② Operation of machine’s hazardous elements shall be permitted only with enable or both-hand
operated controls or with hold-to-run controls operated continually.
③ Operation of machine’s hazardous elements shall be permitted only while risk is lowered (e.g.
decelerated or lowered power or force)
④ Implementation of hazardous function due to intentional or unconscious action against machine
sensors must be prevented.
This control mode shall employ at least one of the following measures.
・Whatever possible restrictions against access to dangerous zone
・Emergency stop control installed within the operator’s reach
・Portable control unit (teaching pendant) and/or local controls (located where it is possible to visually check
the elements to be controlled)
P82/135
5. Inherently Safe Design Measures Sumitomo Riko Group
5-2-10-9. Applying Inherently Safe Design Measures to Control SystemsControl Modes for Setting,
Teaching, Process Changeover, Fault-Finding, Cleaning or Maintenance
(Refer to ISO12100/JISB9700 6.2.11.9)
For teaching pendant
Teaching pendant 3-position enable switch
Select teaching mode
・Safety Speed 250mm/s or less
・Enable switch (Command is enabled only while switch is being
pushed)
・Two-hand operation or hold-to-run (Operation is enabled only
while switch is being pushed)
(Source: Catalogue, Mitsubishi Safety Solutions ) 3-Position enable switch(IDEC Catalog)
P83/135
5. Inherently Safe Design Measures Sumitomo Riko Group
5-2-10-10. Applying Inherently Safe Design Measures to Control Systems
Selection of Control and Operating Mode (Refer to ISO12100/JISB9700 6.2.11.10)
When a machine is designed and manufactured so as to be able to use several types of control or operating
modes that require different safeguarding measures and/or work procedures to allow adjustments, setting
(initial set-up, etc.), maintenance, inspections or the like, the following items shall be observed.
● A mode selector device shall be provided that can fix (lock) each of the mode positions.
The respective mode positions of the selector device must be clearly identifiable.
●
Each of the mode positions of the selector device shall cause either one control mode or one
● operating mode to be selected.
The selector device may be replaced with other selection means that limits the use of specific
● functions of the machine to operators belonging to a specific category.
Example: Limiting specific functions by requiring input of a password
P84/135
5. Inherently Safe Design Measures Sumitomo Riko Group
5-2-10-11. Applying Inherently Safe Design Measures to Control Systems
Applying Measures to Achieve Electromagnetic Compatibility
(Refer to ISO12100/JISB9700 6.2.11.11)
Please refer to JIS B9960-1 and IEC61000-6 for measures to achieve electromagnetic compatibility.
Electromagnetic compatibility (EMC) refers to
a condition in which electromagnetic interference waves emitted by electric and electronic devices don’t
interfere with other devices and systems, and those electric and electronic devices function properly even if
they are subject to electromagnetic interference.
EMC Electromagnetic Interference (EMI) Doesn’t cause any electromagnetic
damage
(Electromagnetic Compatibility) Electromagnetic Interference Sensitivity (EMS)
Doesn’t receive any
electromagnetic damage
Electromagnetic Electromagnetic Interference
Interference Sensitivity
Illustration: Noise transmission path Illustration: How to understand EMC (Source: TDK Lambda HP: www.tdk- Illustration: Global EMC Standards (Source: TDK Lambda HP: www.tdk-
(Source: Cosel Co., Ltd. HP: https://www.cosel.co.jp/en/data/pdf/technotes_nf.pdf#page=2) lambda.co.jp/products/sps/catalog/jp/10-28_nf_tec.pdf ) lambda.co.jp/products/sps/catalog/jp/10-28_nf_tec.pdf )
P85/135
5. Inherently Safe Design Measures Sumitomo Riko Group
5-2-10-11. Applying Inherently Safe Design Measures to Control Systems
Applying Measures to Achieve Electromagnetic Compatibility
(Refer to ISO12100/JISB9700 6.2.11.11)
Four factors in measures against Knowing principles enables effective applications
noise
1. Shielding 2. Reflection 3. Absorption 4. Bypassing Shielding wire(ElectronicDeviceManufacturing.com HP
http://www.denshikikiseizou.com/denshikiki/denshi0303.html)
Points Points Points Points
Ferrite core (Seiwa Electric MFG Co., Ltd. HP
Cover with metal to cause Return conductive noise to Absorb the conductive Cause the conductive noise http://www.seiwa.co.jp/support/pdf/emc_140703s.pdf)
radiation noise to flow into the noise source first, and noise that penetrates into that penetrates into the
a frame or the ground, or the circuit, and convert it
prevent the noise from circuit to flow into a frame
convert the noise to heat penetrating into a circuit to heat. or the ground.
by absorbing the noise
using a wave absorber or as much as possible.
electromagnetic shielding
materials.
Metal plates, ferrite Inductors, IC filters Resistance, ferrite Condensers, varistors
plates beads, etc.
Countermeasures against noise (Source: TDK HP: Reactor
http://www.tdk.co.jp/techmag/emc/200503/emc050301.htm)
P86/135
5. Inherently Safe Design Measures Sumitomo Riko Group
5-2-10-12. Applying Inherently Safe Design Measures to Control Systems Standards for Diagnostic
System for Supporting Detection of Faults
(Refer to ISO12100/JISB9700 6.2.11.12)
It is desirable to incorporate a diagnostic system that supports the detection of faults into control systems to eliminate the need
for disabling protective measures. E.g. Self-diagnosis function for failures
Note: This system reduces exposure of maintenance factors to hazard sources as well as improving usability and
maintainability of machinery, equipment, etc.
Enable Switch Safety Controller Diagnosis conditions
Diagnosis results
A machine fails
Failure is notified Contact Two When both contact points A Operation allowed
point A circu and B are ON (Position 2) (Normal state)
Contact its When both contact points A Operation not
point B input and B are OFF (Positions 1, 3) allowed (Normal
When two inputs are different state)
from each other Operation not
allowed (Failure
E.g.: When contact point A is
ON and contact point B is OFF detected)
(All positions 1, 2, and 3) Operation not
allowed until the
Example of self-diagnosis (Source: IDEC Corporation HP: http://jp.idec.com/ja/technology/safety/guide/safety07.html) failure is fixed.
P87/135
5. Inherently Safe Design Measures Sumitomo Riko Group
5-2-11. Minimizing Probability of Failure of Safety Functions
(Refer to ISO12100/JISB9700 6.2.12 1 to 4)
Safety of the machine depends not only on reliability of control systems but also on reliability of all the parts
of the machine. Thus, in order to use the machine safely, it is a basic approach to constitute the machine using
reliable parts and adopt continuous operation of safety functions. This can be achieved by taking the
measures specified below.
(1) Use of Reliable Components
(2) Use of “Asymmetric Failure Mode” Components
(3) Dual System (or Redundant System) for Components or Sub-
Systems
P88/135
5. Inherently Safe Design Measures Sumitomo Riko Group
5-2-11. Minimizing Probability of Failure of Safety Functions
(Refer to ISO12100/JISB9700 6.2.12 1 to 4)
(1) Use of Reliable Components
A reliable component means a component that has a low probability of causing a dangerous functional
failure of a machine during a specified operation period of usage or for a specified number of operations and
that can withstand all interferences and stresses associated with usage methods of the machine under intended
usage conditions (including environmental conditions).
Component operated Life 1,000 times
100 times per day
Components should be selected while also taking into
account environmental factors such as heat, humidity, and
vibration.
P89/135
5. Inherently Safe Design Measures Sumitomo Riko Group
5-2-11. Minimizing Probability of Failure of Safety Functions
(Refer to ISO12100/JISB9700 6.2.12 1 to 4)
(2) Use of “Asymmetric Failure Mode” Components
It is desirable to use “asymmetric failure mode” components or systems all the time, for which typical
failure modes are known in advance, as it is possible to predict the impact of the failure modes on machine
functionalities.
Asymmetric Failure Mode: When a failure occurs, the probability of being on the safe side is far
greater than the probability of being on the dangerous side, or the machine is designed so as to only operate
on the safe side.
A pole falling down →Failure Asymmetric Failure Mode
Dangerous Safe Safe
P90/135
5. Inherently Safe Design Measures Sumitomo Riko Group
5-2-11. Minimizing Probability of Failure of Safety Functions
(Refer to ISO12100/JISB9700 6.2.12 1 to 4)
(2) Use of “Asymmetric Failure Mode” Components
It is desirable to use “asymmetric failure mode” components or systems all the time, for which typical
failure modes are known in advance, as it is possible to predict the impact of the failure modes on machine
functionalities.
Asymmetric Failure Mode: When a failure occurs, the probability of being on the safe side is far
greater than the probability of being on the dangerous side, or the machine is designed so as to only operate
on the safe side.
Asymmetric Failure Mode ≒ Fail-Safe
Examples of asymmetric failure mode components
Machine fails
Fails on the safe
side
Illustration Fuse Illustration Emergency Stop Switch (Source: IDEC Corporation HP: http://jp.idec.com/ja/technology/safety/guide/safety02.html)
P91/135
5. Inherently Safe Design Measures Sumitomo Riko Group
5-2-11. Minimizing Probability of Failure of Safety Functions
(Refer to ISO12100/JISB9700 6.2.12 1 to 4)
(3) Dual System (or Redundant System) of Components or Sub-Systems
The dual system (or redundant system) of safety-related components is used to ensure that even when one of
the components fails, another component can take over the function of the failed component. As a result, it
becomes possible to use the safety function continuously. The failure must be detected through automatic
monitoring or by carrying out inspection at a cycle shorter than a predicted component life.
Diversification (Heterogeneous Redundancy) is used to avoid common cause failures or common
mode failures. Even when it fails, safety functions are
A machine fails maintained
Example of Simple Example of Redundancy Door switch
Redundancy plus Diversification
Door switch Safety relay
Safety relay
Limit switch I : Input device
L : Logical device
Illustration Example of Redundancy (Source: Omron Corporation HP: http://www.fa.omron.co.jp/solution/sysmac/safetynavigator/hint/09.html) O : Output device
P92/135
5. Inherently Safe Design Measures Sumitomo Riko Group
5-2-12. Limiting Exposure to Hazards through Reliability of Equipment
(Refer to ISO12100/JISB9700 6.2.13)
Limiting exposure to hazards through reliability of equipment means reducing exposure to hazards by
improving reliability of safety functions and thereby reducing the occurrence frequency of accidents.
Safety-related components (specific sensors, for example) that have known reliability must be used.
Components of safeguards and protective devices must be particularly reliable. This is because a failure of the
safeguard or the protective device can cause an operator to be exposed to a hazard, and also because low
reliability of the safeguard or the protective device encourages an operator to disable such a device.
Frequent production Disabled Accident
stops
Frequently failing
safety device Frequent Exposure to Accident
replacements hazards
Improve reliability
P93/135
5. Inherently Safe Design Measures Sumitomo Riko Group
5-2-13. Limiting Exposure to Hazards through Mechanization or Automation of Loading (Feeding)
or Unloading (Removing) (Refer to ISO12100/JISB9700 6.2.14)
Mechanization and automation of loading and unloading operations of machines,
and more generally of handling operations (of work pieces, materials and substances) reduce
exposure of operators to hazards at work positions, thereby reducing risks caused by those operations.
Examples of mechanization: Transfer slides, push rods, etc.
Examples of automation: Robots, handling devices, transfer mechanisms, etc.
When a failure occurs, a risk may arise, so it is necessary to reliably ensure that no hazard is generated between
a device and mechanical parts, work pieces, or materials to be processed with great care.
Work loading part
Hazard
P94/135
5. Inherently Safe Design Measures Sumitomo Riko Group
5-2-14. Limiting Exposure to Hazards through Locating Setting and Maintenance Points outside
Danger Zones (Refer to ISO12100/JISB9700 6.2.15)
Need to approach danger zones must be minimized by locating maintenance, oil
refilling and setting (initial set-up) points outside the danger zones.
Enable operator to carry out oil
refilling at a location where it is easy
to work
Eliminate risk of falling associated with
high-place work
Enable operator to adjust control circuits
without opening the control box
Eliminate risk of electric shock
inside the control box
P95/135
6. Safeguarding Sumitomo Riko Group
What is Safeguarding?
Risk Reduction through 3 Step Method
Step 1 Inherently Safe Design Measures
Step 2 Safeguarding
Complementary Protective Measures
Step 3 Information for Use
Risk reduction is promoted by following Steps 1→2→3
Safeguarding includes:
guards (safety fences, safety covers) and protective devices (two-hand start operation,
interlocks, etc.
When hazards cannot be removed or risks cannot be reduced sufficiently by the
inherently safe design measures, safeguarding should be used to protect operators.
P96/135
6. Safeguarding Sumitomo Riko Group
6-1. Guideline for Selecting Safeguards (Guards and Protective Devices)
(ISO12100/JIS B9700 6.3.2)
Types of safeguarding differ depending on characteristics of dangerous parts and
characteristics of work.
Accurate selection of safeguarding devices →Based on Design RA
Gaurds Protective device Dvices not liked with
Devices linked with control systems control systems
Control devices Entry/Presence
Sensing device
・Fixed guard ・Control guard ・Enable device ・Laser scan ・Wedge
・Movable guard ・Interlocking ・Hold-to-run ・Light curtain ・Wheel stopper
・Removable ・Emergency ・Pressure ・Anchor bolt,
guard
guard, stop sensing mat, etc.
etc. ・Interlocking etc.
P97/135
device, etc.
Illustration Classification of Safeguarding (Source: Masao Mukaidono (2007)
“International Standards of Safety 2 ” p.116)
6. Safeguarding Sumitomo Riko Group
6-1. Guideline for Selecting Safeguards (Guards and Protective Devices)
(ISO12100/JIS B9700 6.3.2)
(1) When it is not necessary to approach danger zones during normal
operations
・Fixed guard (JIS B9716)
・Guard with lock or interlocking guard without lock
(JIS B9710 and 9716)
・Self-closing guard (JIS B9716)
・Sensitive protective device
E.g. Electro-sensitive protective equipment (JIS B9704)
Pressure sensing device (JIS B9717-1 and ISO13856-1, 3)
P98/135
6. Safeguarding Sumitomo Riko Group
6-1. Guideline for Selecting Safeguards (Guards and Protective Devices)
(ISO12100/JIS B9700 6.3.2)
Fixed guard Interlocking guard with guard locking
Distance guard Enclosing guard Electromagnetic
Secure a safety Prevent an approach lock
distance from a to a hazard Door does not open until safety is secured.
hazard Illustration Electromagnetic lock (Source: Omron Corporation HP:
http://www.fa.omron.co.jp/data_pdf/cat/d4sl-n_sgfm-059_6_4.pdf?id=3125,
http://www.fa.omron.co.jp/products/family/1611/)
P99/135
6. Safeguarding Sumitomo Riko Group
6-1. Guideline for Selecting Safeguards (Guards and Protective Devices)
(ISO12100/JIS B9700 6.3.2)
Self-closing guard Sensitive protective device
Electro-sensitive protective device
When the work piece no longer exists, the
guard automatically closes
Illustration Self-closing guard (Source: JISB9716: 2006 Illustration 4) Illustration Safety light curtain (Source: Keyence Corporation HP: http://www.keyence.co.jp/switch/safety/gl_r/)
Pressure-sensitive protective device
Guard Mat switch(Sense presence of an operator)
Illustration Circular saw (Source: Hitachi Koki Co., Ltd. HP: http://www.hitachi- Illustration Pressure sensing device Mat switch (Source: Tokyo Sensor Co., Ltd. HP: http://www.t-sensor.co.jp/catalog/mat.pdf, http://www.t-sensor.co.jp/catalog/application.pdf)
koki.co.jp/powertools/pro/cutter/c18dsl/c18dsl.html)
P100/135
6. Safeguarding Sumitomo Riko Group
6-1. Guideline for Selecting Safeguards (Guards and Protective Devices)
(ISO12100/JIS B9700 6.3.2)
(2) When it is necessary to approach danger zones during normal
operations
・Guard with lock or interlocking guard without lock (JIS B9710 and 9716)
・Sensitive protective device E.g. Electro-sensitive protective device (JIS B9704)
・Adjustable guard
・Self-closing guard (JIS B9716)
・Two-hand operation control device (JIS B9712)
・Interlocking guard with start function (Control guard)
This is a special type of interlocking guard that gives a command to start up a dangerous function when a guard
reaches a closed position without using any other start-up control device →Requirements are complex
P101/135
6. Safeguarding Sumitomo Riko Group
6-1. Guideline for Selecting Safeguards (Guards and Protective Devices)
(ISO12100/JIS B9700 6.3.2)
Adjustable guard Two-hand control device
Cover
Adjustment
Switches
Illustration Adjustable guard (Source: MonotaRO Co., Ltd. HP: http://www.monotaro.com/g/00011565/) Use of hands and elbows is prohibited.
→A gap between the switches should
Adjust the height of the cover to prevent a hand from being be 550 mm or more.
caught by the rotating portion, thereby separating the hand
from the hazard as much as possible Illustration Two-hand Operation Control Device (Source: Fuji Electric FA Components & Systems Co., Ltd. HP:
https://felib.fujielectric.co.jp/docfetch/CustomContentDownload.aspx?sid=B0082D64B0658F15ECAA25F2663F2A51DD7F397B
A33A4611&dataid=1198587&version=0&site=japan&lang=ja)
Make sure to keep both hands occupied
(Prevent freeing a hand)
P102/135
6. Safeguarding Sumitomo Riko Group
6-1. Guideline for Selecting Safeguards (Guards and Protective Devices)
(ISO12100/JIS B9700 6.3.2)
(3) When it is necessary to approach danger zones for setting (initial set-up) of a
machine, teaching, process changeover, detection of a failure, cleaning or maintenance
Safeguarding must be designed to reliably protect the operator without interfering
with the operator.
Identify work and implement risk assessment Back surface
E.g. Teaching work of a robot
Enable device
The operation is allowed only while the
switch is pushed.
Hold-to-run control device
The device operates only while the Enable device of a teaching
switch is pushed. pendant
Other functions include restrictions on highest speed and external operations, etc.
P103/135
6. Safeguarding Sumitomo Riko Group
6-1. Guideline for Selecting Safeguards (Guards and Protective Devices)
(ISO12100/JIS B9700 6.3.2)
(4) Selection of Sensitive Protective Devices
Diversification of Selection of appropriate
detection capabilities sensitive protection Presence detection by safety laser scanner
● Types of sensitive protective devices
Light curtain (generally called an area sensor)
Scanner device (E.g. Laser scanner)
Pressure sensing mat
● Intended use of sensitive protective devices
For tripping (automatic stop) Illustration Safety Laser Scanner
For presence detection (Source: Keyence Corporation HP: http://www.keyence.co.jp/switch/safety/sz/)
For both tripping and presence detection
For restarting a machine based on specific conditions
When there is something that may obstruct the Careful consideration is required at time
sensitive protective device of selection.
E.g. Characteristics of discharging a material or a part → False detection
Emission (noise, radiation, fine particles, etc.) that requires a guard → Obstacle
Characteristics of not being able to stop in the middle of a cycle → Cannot stop, etc.
P104/135
6. Safeguarding Sumitomo Riko Group
6-1. Guideline for Selecting Safeguards (Guards and Protective Devices)
(ISO12100/JIS B9700 6.3.2)
(4) Selection of Sensitive Protective Devices
The following items should be also considered.
● Size of detection zone , characteristics and positioning (Refer to JIS B9715)
● Device behavior at time of failure → Safety confirmation type and hazard detection type
● Possibility of bypassing
● Detection capability and change in detection capability over time
(E.g. Environmental conditions such as sunlight and impurities in the air)
● Linking with control systems
・A command is immediately issued when a person or a body part is detected.
・The machine is not restarted simply because a detected person or a detected body part moves outside the
detection zone.
・Restart is implemented as a result of the operator intentionally operating a control device arranged
outside the danger zone at a location visibly recognizable by the operator.
・Along with a fixed guard, the location and shape of the detection zone prevent a person or a body part
from entering the danger zone or being present within the danger zone without being detected by a sensing
device.
P105/135
6. Safeguarding Sumitomo Riko Group
6-1. Guideline for Selecting Safeguards (Guards and Protective Devices)
(ISO12100/JIS B9700 6.3.2)
Safety confirmation type and Hazard detection type
Which is safer? E.g. Mushroom you’ve never seen
Mr. A Eat it because it is listed in the “Illustrated Reference of Edible
Mushrooms”.
→Eat it only when safety is confirmed = Safety confirmation type
Mr. B Don’t eat it because it is listed in the “Illustrated Reference of
Poisonous Mushrooms”.
Source: Handbook: Mushroom Identifier (Illustrated
→Don’t eat it only when hazard is detected = Hazard detection type Encyclopedia) by Peter Jordan
→Then, if the mushroom is not listed in the reference because it is a
new species? Is it really safe?
Edible Poisonous New edible New poisonous
mushroom mushroom mushroom mushroom
Safety Eat Don't eat Don't eat Don't eat
confirmation
Eat Don't eat Don't eat Eat
Hazard
detection
P106/135
6. Safeguarding Sumitomo Riko Group
6-1. Guideline for Selecting Safeguards (Guards and Protective Devices)
(ISO12100/JIS B9700 6.3.2)
Safety confirmation type and hazard detection type
Safe state Anxiety State Danger state
Detection by hazard detection type Considered safe Danger
Detection by safety confirmation type
Safe Considered dangerous
Hazard detection type
There is a possibility that an actually dangerous state may be considered to be safe.
→Sensor failure→Hazard is not detected→Machine is not stopped.
Safety confirmation type
If safety is not confirmed, the operation of the machine is stopped.
→Suitable for constituting an interlock
Signal Door switch
Go forward when blue signal is on Turned ON when door is closed
Stop when red signal is on Turned OFF when door is closed
P107/135
6. Safeguarding Sumitomo Riko Group
6-2. Requirements for Design of Guards and Protective Devices (ISO12100/JIS B9700 6.3.3)
(1) General Requirements Take into account mechanical and other hazards
Appropriately design for intended use
Guards and Protective
devices
● Have a Robust structure.
● Don’t create new hazard.
● Cannot be easily bypassed or disabled.
● Arranged at a location appropriately distanced from danger zones. (JIS B9715 and 9718)
● Minimize a visual obstruction of production processes.
● Make it possible for the operator to carry out attachment and/or replacement of tools and basic operations
of maintenance, without removing and disabling a guard or a protective device if possible, by allowing the
operator to approach only an area required by the operation.
(With regard to an opening of the guard, refer to JIS B9718)
P108/135
6. Safeguarding Sumitomo Riko Group
6-2. Requirements for Design of Guards and Protective Devices (ISO12100/JIS B9700 6.3.3)
(2) Guard functions
● Prevent approach to space surrounding guard
● Containment or trapping of materials, workpieces, chips and fluid when there is risk of falling or
discharge from machine, and reduction of emissions (noise, radiation, and dust, soot/smoke,
gaseous hazardous substances) that may be generated by machine.
● There are cases where it is necessary to have specific characteristics relating to the following
・Electricity→ Electric shock prevention ・Explosion → Pressure resistance, inflow prevention
・Temp. → Burn prevention ・Vibration → Vibration resistance
・Industrial accident → Ignition prevention ・Visibility → Mistaken operation prevention
・Operator’s ergonomic position (posture, repeated movement etc.)
(3) Requirements for fixed guards
Must be reliably secured in specific position
● Permanent(E.g. fix by welding)
● Use fastening components that cannot be removed or released without using tools
(screws, nuts). It is preferable that guards cannot be attached without fastening components.
P109/135
6. Safeguarding Sumitomo Riko Group
6-2. Requirements for Design of Guards and Protective Devices (ISO12100/JIS B9700 6.3.3)
(4) Movable guard requirements
Movable guards for hazards of motion transmission parts should achieve the following
● Even when open, a state should be obtained in which hinges or guides fix the machine as much as
possible
● Guard with interlock(where necessary, with a lock)
Movable guards for hazards caused by operating parts that are not transmission parts must be
linked with the following type of machine control system
● When operating parts are within range of reach of operator, they cannot be activated
● After operating parts have been activated, it must be set up so that the operator cannot reach
● Can only be adjusted by intentional behavior, such as with a tool or key
● When a component of a movable guard is missing or has failed, activation of operating parts should
be prevented or operating parts are stopped. This can be achieved using self-monitoring.
P110/135
6. Safeguarding Sumitomo Riko Group
6-2. Requirements for Design of Guards and Protective Devices (ISO12100/JIS B9700 6.3.3)
(5) Requirements for adjustable guards
Adjustable guards may be used only in places in danger zone that cannot be completely
surrounded due to operational reasons. Manually adjustable guards are as follows:
● Design in which adjustable portions are each fixed during operation
● Are easily adjustable without using tools
(6) Hazards due to guards
● Structure of guard
E.g. Sharp edges or corners, (harmful) materials, source of noise etc.
● Operation of guard
Cuts or crushing caused by guards operated by power supply and heavy guards that are easily lowered
(7) Technical features of protective devices
It is necessary to understand the technical features of protective devices and select/design them in the
following manner:
comply standard● Select so as to
with relevant (IEC61496/JISB9704 series, ISO13849-1/JISB9705-1 etc.)
● A structure by which the device cannot be easily disabled and connected to control system
P111/135
6. Safeguarding Sumitomo Riko Group
6-3.Safeguarding to Reduce Emissions (ISO12100/JIS B9700 6.3.4)
When measures to reduce emissions at emission source are not appropriate through inherently safe design
measures, it is necessary to provide the following type of protective measure additionally on the machine
(1) Examples of additional protective Soundproof box for fan
measures against noise
Anti-vibration leveling mount
● Cage(see ISO 15667)
● Partition (screen) mounted on machine
● Silencing device(see ISO 14163)
(2) Examples of additional protective measures
against vibration
● Damping device to block vibrations between
vibration source and person exposed to
vibrations
● Elastic attachment
● Anti-vibration sheet
P112/135
6. Safeguarding Sumitomo Riko Group
6-3.Safeguarding to Reduce Emissions (ISO12100/JIS B9700 6.3.4)
(3) Example of additional protective measures Clean
against hazardous substances exhaust
Interval between machines (enclose with
negative pressure housing) Dust
collector
● Local exhaust ventilation with filter Dust
● Wetting by fluid
● Special ventilation for zone Illustration: Wet scrubber
(Source: Kyowa Kako Co. Ltd. HP http://www.kyowakako.co.jp/products/eco.html)
(4) Additional protective measures against radiation Block scattered light
● Use of filter and absorption device of laser
● Use of damping partition (screen) or guard
Illustration: Laser shield Heat insulating material (guard)
(Source: Yamamoto Kogaku Co. Ltd. on surface of heat machine
http://www.yamamoto-kogaku.co.jp/safety/laser_safety/)
P113/135
7. Complementary Protective Measures Sumitomo Riko Group
Complementary Protective Measures explained: (ISO12100/JIS B9700 6.3.5)
3 Step method for risk reduction
Step 1 Inherently Safe Design Measures
Step 2 Safeguarding
Complementary Protective Measures This part
Step 3 Information for Use
Due to intended use of machine and mistaken operation that can be logically foretold, where necessary,
additionally implemented protective measures that are not Inherently Safe Design Measures,
Safeguarding, or Information for Use
Inherently Safe Design Measures Elimination/reduction of hazards
→ Fundamental measures
Safeguarding Separation/stopping of machine/control hazards
Complementary protective measures → Mechanical measures
Measures, such as emergency stop, entrusted to human
action
Measures that complement inherent measures and
safeguarding
→ Human-dependent measures
P114/135
7. Complementary Protective Measures Sumitomo Riko Group
Complementary Protective Measures explained (ISO12100/JIS B9700 6.3.5)
As complementary protective measures, the following content is specified
● Emergency Stop(ISO13850/JISB9703)
● Measures for Escape and Rescue of trapped persons
● Measures for Isolation and Energy Dissipation(ISO14118/JISB9714)
● Provisions for easy and Safe Handling of Machines and Heavy Component Parts
● Measures for Safe Access to machinery(JIS14122/JISB9713)
P115/135
7. Complementary Protective Measures Sumitomo Riko Group
7-1 Requirements for Emergency Stop Function(ISO12100/JIS B9700 6.3.5)
Emergency stop (function) is:
Emergency operation of person performing one action to stop process/operation that has become dangerous
● Actuator is clearly identified, visible and can be immediately Yellow
plate
accessed
→Safety Standards for Machinery and Equipment S-01-009 “Emergency Red switch
Stop Circuit”
Push lock, pull or turn reset Reset
● Due to the stopping, no new hazard should occur, and must be operation can be performed by either
stopped as soon as possible.
pulling or turning
● Until emergency stop is reset, operation must not be enabled
pulling turning
→ Structure where reset operation is necessary using push lock
mechanism
● Machine does not restart as a result of emergency stop reset
→ Ready for operation circuit, self-holding circuit
Illustration Emergency stop switch(Source IDEC HP
http://jp.idec.com/ja/technology/safety/guide/safety02.html、http://jp.idec.com/ja/s/c14DA/)
P116/135
7. Complementary Protective Measures Sumitomo Riko Group
7-1 Requirements for Emergency Stop Function (ISO12100/JIS B9700 6.3.5)
Wire rope type emergency stop switch
Illustration Wire rope type emergency switch (Source: Panasonic Corporation HP Motor stopped by brake
http://www3.panasonic.biz/ac/j/fasys/sensor/safety/zq/index.jsp)
Safety cutout
Rubber kneading roll Safety Bar (Not possible to start up until
reset)
Safety Standards for Machinery Push safety bar in
and Equipment emergency P117/135
S-1—003
“Rubber Kneading Roll Machine
Emergency Stop Device”
7. Complementary Protective Measures Sumitomo Riko Group
7-2 Measures for the Escape and Rescue of Trapped Persons (ISO12100/JIS B9700 6.3.5)
The following types of measures are to be provided:
● For machinery that may cause a hazard of an operator being trapped, escape route and place of
evacuation
● Means to move specific elements manually
after emergency stop
● Means to reverse drive specific elements
● Mooring fixture for device for lowering
● Means by which trapped person can call
for help
Door Release button
opening/closi
ng lever
Illustration Measure for being trapped(Source Omron Corp. HP http://www.fa.omron.co.jp/data_pdf/cat/d4jl_d4jl-sk40_ds_j_7_6.pdf?id=1611)
P118/135
7. Complementary Protective Measures Sumitomo Riko Group
7-3 Measures for Isolation and Energy Dissipation (ISO12100/JIS B9700 6.3.5)
The following types of measures are to be provided: Illustration Breaker handle
(Source Mitsubishi Electric HP
● Block (cut, separate) machine (or specified parts of machine) from dl.mitsubishielectric.co.jp/dl/fa/document/catalo
all power supplies
g/.../y0668e1302.pdf )
● All cut-off devices to be locked in “cut-off” position
→ Install devices that allow lock out
● Dissipate all accumulated energy where there is a risk of causing a
hazard
Where not possible, not realistic, suppress energy.
● Verify that above means are safe, and establish work procedure
Key
hole
Illustration Residual pressure release valve with lock Illustration Lockout of cable valve Illustration Lockout of ball valve Illustration Lockout by multiple persons
(Source SMC Co. Ltd. HP (Source MIDORI ANZEN Co. Ltd. HP http://lo.midori-sh.jp/?page_id=30) (Source MIDORI ANZEN Co. Ltd. HP http://lo.midori-sh.jp/?p=642) (Source MIDORI ANZEN Co. Ltd. HP http://lo.midori-sh.jp/?page_id=30)
http://www.smcworld.com/products/ja/s.do?ca_id=262&se_id=462&show_
page=true#detail)
P119/135
7. Complementary Protective Measures Sumitomo Riko Group
7-4 Provisions for Easy and Safe Handling of Machines and Heavy Component Parts
(ISO12100/JIS B9700 6.3.5)
The following types of measures are to be provided(Implementation of processes in
which the following are provided/attached):
● Springs, hooks, eyebolts etc.
● Guide grooves for transporting by fork lift
● Hoisting tools and instruments built into machine
Forks of forklift are inserted
to prevent falling over
Eyebolt for hoisting
Illustration Belt sling with metal fittings
(Source IHS Co. Ltd HP http://slingbelt.yakiin.net/metal/)
P120/135
7. Complementary Protective Measures Sumitomo Riko Group
7-5 Measures for Safe Access to Machinery (ISO12100/JIS B9700 6.3.5)
The following types of measures are to be provided:
● As much as possible, operators should carry out work at ground level
● Where not possible, scaffold, stairs or other facilities must be provided
on machinery to enable safe access
● Walking areas must be made of non-slip materials during operations
● Guard rails must be provided at appropriate height depending on height
from floor
● In the case of large automated machinery, means of access must be
considered, such as walkway, conveyor bridge or overpass/underpass
crossing
P121/135
7. Complementary Protective Measures Sumitomo Riko Group
7-5 Measures for Safe Access to Machinery (ISO12100/JIS B9700 6.3.5)
● On means of access to parts in high places, means of protection must be provided as a measure against
falling (stairs, ladder, platform guard rails, safety enclosure on stairs etc.)
● Mooring fixtures must be provided for protective equipment to prevent falling from high places
● Openings must always be able to be opened toward a safe position whenever necessary
● Auxiliary tools (e.g. steps, handles) must be provided for access
● Control devices must not be used as tools for access.
Pillar
Rail
b)500mm max.
a)1,100mm min.
d)100mm以上 b)500mm max. Crosspiece
c)10mm Max.
Skirting board
Operation floor
Safety Standards for Equipment and Machinery S-08-002 “Selection Criteria and Standards for Means of Inter-level Access”
P122/135
8. Information for Use Sumitomo Riko Group
Information for Use explained: (ISO12100/JIS B9700 6.4)
3 step method for risk reduction
Step 1 Inherently Safe Design Measures
Step 2 Safeguarding
Complementary protective measures
Step 3 Information for Use This part
Final measures required when Steps 1 and 2 do not result in elimination or reduction
In contrast to other Steps,
● Risk reduction and elimination cannot be achieved by Information for Use itself
● Ensure that persons to whom information is provided properly understand and
implement based on understanding
P123/135
8. Information for Use Sumitomo Riko Group
8-1 General Requirements (ISO12100/JIS B9700 6.4.1)
● Should consist of communication means such as text, words, signals, symbols or tables
● Should target specialists and non-specialists So that anyone can understand About correct usage
● All operation modes must be taken into account, and information about intended use must
be provided to users
● Information must include all instructions necessary to use the machine safely and correctly without fail
● The following content must be appropriately indicated
-Necessity for training
- Necessity for protective equipment
-Necessity for additional guards or safeguarding About shortcuts, omitting procedures
● Usage methods of machines that can be reasonably predicted based on the content of instructions
and descriptions cannot be omitted.
● Warnings must be given about risks caused by using machinery other than described method of
use. About mistaken operation
● Transportation, assembly and equipment, commissioning (launch, inspection, delivery, transfer), use
(settings, teaching, operation, cleaning, maintenance etc.) must be described individually or in
combination.
P124/135
8. Information for Use Sumitomo Riko Group
8-2 Location and Nature of Information for Use (ISO12100/JIS B9700 6.4.2)
Information for Use should be placed in the following way
● Inside the machine and on the machine
● Accompanying documents(Instruction manual etc.)
● On packaging
● Display in location other than on machine, other means such as warning etc.
8-3 Signals and Warning Devices (ISO12100/JIS B9700 6.4.3)
Information for Use may use the following visual signals/audible signals to warn of
hazardous event
● Emitted before occurrence of hazardous event
● Are not ambiguous
● Can be clearly perceived by users and other persons, and can be easily distinguished from all
other signals
● Must be designed and placed to allow easy inspection. Regular inspection of warning devices must be
included in Information for Use
● Care should be taken to avoid possibility of lowered perception due to emission of regular visual signals
and/or audible signals(Leads to ineffectiveness of warning devices)
P125/135
8. Information for Use Sumitomo Riko Group
Warning Labels Signal word
Warning label structure
Written
Format message
Symbol
What is the symbol?
P126/135
8. Information for Use Sumitomo Riko Group
Signal lights Avoid mistaken perception by
making uniform
Safety Standards for Machinery and Equipment S-01-010
“Warning devices”
Color Meaning Standard application(What the warnings indicate) Warning
Green/ Safe ・Situation is safe -
Blue ・Operations are commenced
Yellow/ Operating ・Be aware of potentially dangerous situations Intermittent sound
Orange Caution ・Abnormal situation(minor malfunction)
Abnormal ・Workers should be aware of the current situation Continuing sound
Red Warning (Example:Rubber has run out)
・Prohibited to enter/use Example of machine for hoses for vehicles Buzzer sound
Prohibited ・Abnormal situation(Major malfunction)
Abnormal ・High danger situation
Emergency ・Paused/stopped equipment and tools
Stopped
Ch No. Ch 1 Ch 2 Ch 3 Ch 4 Ch 5 Ch 6
Sound
Concep t Beeping sound Ringing sound Clanging sound Gentle warning Siren sound Electric tone
sound sound
(E.g.)
Warning devices (Pip op ap o)
Set NG Notice that it is
M achine failure Safety Required /Inprocess Cycle over not
inspection NG abnormality
Notice
Call for Danger to Urgent Operator use is Something
resp onse wrong knocked/somet
maintenance human body
hing wrong
Stop machine Check needed
PLC Area sensor Workset Positioning Cycle over Count up
abnormality ON required nozzle gap D
Servo Safety door Out of Q/C set nozzle Rubber on counter
abnormality op en materials gap D pressure upper
limit
Air pressure Safety mat M aterial tank Flare diameter Cooling water
drop switch ON level down nozzle gap D lower limit
Camera Discharge tank Jig set NG Dancer
abnormality full up p er/lower
limit
Avoid mistaken perception by making uniform
P127/135
8. Information for Use Sumitomo Riko Group
8-4 Markings, Signs (Pictograms) and Written Warnings (ISO12100/JIS B9700 6.4.4)
Carry out following displays as thought necessary for Machine
machine nameplate
(1) In order to clearly distinguish: Industrial Safety and
●Name and address of manufacturer Health Act Model No.
●Series name or model name (manufacturing no. if available)
(2) Showing compliance with compulsory requirements
●Markings(E.g. CE, UL etc.)
Display through lettering (E.g. Industrial Safety and
●Health Act Model No.)
(3) To ensure safe use
● Max. speed of rotating parts
● Max. diameter of tools
● Mass of machine and components
● Max. load
● Necessity to wear protective gear
● Guard adjustment data
● Inspection frequency
Illustration Major Standards of Respective Countries (Source: Omron Corporation
HP: www.omron.co.jp/ecb/products/pdf/safety.pdf )
P128/135
8. Information for Use Sumitomo Riko Group
8-4 Markings, Signs (Pictograms) and Written Warnings (ISO12100/JIS B9700 6.4.4)
Example of display for need to wear protective gear
Displayed next to equipment
Place provided, to make requirements
easy to follow
P129/135
8. Information for Use Sumitomo Riko Group
8-4 Markings, Signs (Pictograms) and Written Warnings (ISO12100/JIS B9700 6.4.4)
For display, following items must also be considered:
● Information that is directly printed on the machine is permanent and can be understood throughout the
predicted life of the machine.
● Signs and written warnings that simply say “Danger” must not be used.
● Displays, signs and written warnings must be immediately understandable, particularly in relation to
functioning parts of relevant machine, and must not be ambiguous.
● Signs (pictograms) that can be immediately understood should be used in preference to written
warnings
● Signs and pictograms should preferably only where they are understood in the culture in which the machine is
used
● Written warnings must first be written first in the language of the country in which the machine is used, and,
if necessary, must be written in a language required for the operator to understand
● Displays must comply with official standards
P130/135
8. Information for Use Sumitomo Riko Group
8-5 Accompanying Documents (Instruction Handbook etc.) (ISO12100/JIS B9700 6.4.5)
Instruction Handbook or other written instructions (e.g. on packaging etc.) include the
following items
●Information relating to transport, handling and storage of machine
E.g. Machine storage conditions, dimensions, weight, instructions for handling (hoisting position etc.)
● Information about machine installation and commissioning (launch, inspection, delivery, transfer)
E.g. Fixing, installation method, installation/maintenance space, environmental conditions (temp. and
humidity etc.), about power supply, disposal method, protective measures to be implemented by user
● Information about machine itself
E.g. Accompanying parts, detailed explanation of guards/protective equipment, broadly defined intended
scope of applications (prohibited methods of use), tables (structure of safety devices etc.), data/measurement
method of emissions (discharged materials), certificate of compliance with compulsory requirements
P131/135
8. Information for Use Sumitomo Riko Group
8-5 Accompanying Documents (Instruction Handbook etc.) (ISO12100/JIS B9700 6.4.5)
●Information relating to use of machine
E.g Intended method of use, operation switches, settings, adjustment, stopping method, emergency stop,
protection by designer
Risks that could not be eliminated by measures(Residual risk), mistaken operation that can be logically
predicted and prohibited items, repair/restart method at time of failure, necessary protective gear and
training/qualifications
●Information relating to maintenance
E.g. Inspection of safety functions, and inspection frequency, maintenance work limited to those with
special technical knowledge or specialization, drawings to allow logical implementation of maintenance work,
maintenance that can be carried out by user, work (without special technical skills) methods
Note Maintenance workers and manufacturers maintenance instruction manual should be clearly
distinguished and displayed
● Information relating to dismantling, stopping of use, and disposal
●Information relating to emergency situation
E.g. Operating methods to follow when there is an accident/failure, type of fire extinguishing equipment to
be used, warning about possibility of leaking of harmful substances, instructions relating to impact of harmful
substances
P132/135
8. Information for Use Sumitomo Riko Group
8-5 Accompanying Documents (Instruction Handbook etc.) (ISO12100/JIS B9700 6.4.5)
The following should be applied to drafting of and descriptions in Instruction Handbook
● Print type (font) and size should be clear
Warnings relating to safety should be emphasized by using color, symbols etc.
● Information for Use should be written first , in language of country in which machine is used
Plurality of languages → Preferable that can be easily distinguished from other languages, and that
translated text, explanatory diagrams are displayed alongside
●For ease of understanding, main text is preferably supplemented by explanatory diagrams
Explanatory diagrams should preferably not be separated from related explanatory text, and should be
displayed in accordance with operation procedure
● For ease of understanding, information should preferably be displayed in table format. Table should
preferably be arranged close to related explanatory text.
● It is preferable for long texts to be provided with a table of contents and index
● Safety related instructions that must be carried out immediately are preferably provided in a format that can
be rapidly used by the operator.
P133/135
8. Information for Use Sumitomo Riko Group
8-5 Accompanying Documents (Instruction Handbook etc.) (ISO12100/JIS B9700 6.4.5)
The following should be applied to drafting and editing of Instruction Handbook
●There must be a clear relationship with the machine
E.g. Serial No.
● Instruction Handbook is preferably drafted in chronological order of operations
Questions such as “How?” and “Why?” are preferably predicted and answers given.
E.g. Q&A format
● Must be as simple and concise as possible. Descriptions should use consistent Serial No. of machine
terminology and units, and uncommon terminology should preferably have a clear
explanation attached
E.g. Glossary
● When the machine is likely to be used by non-specialist staff (user, maintenance worker etc.), it is preferable
that instructions are given in a format that is immediately easy to understand
● Where protective gear is necessary for safe use, that information should preferably be
emphasized and displayed
● The Instruction Handbook is preferably drafted in a long-lasting format
When it is electronically stored, a hard copy back up must be provided of safety-related
information immediately needed for action, where it can be immediately used.
SDS→ Describes what to do in
an emergency
P134/135
9. Documentation of Risk Assessment and Risk ReductionS.umitomo Riko Group
Risk assessment must be carried out, and a series of records achieving risk reduction (procedures,
obtained results) must be indicated.
Objectives of records
● To clarify residual risk that could not be reduced by the machine itself, to clearly communicate
Information for Use to the user and give warning.
● To accumulate know how as reference for risk assessment implemented for machine modifications and
machines to be manufactured in the future
● To be provided as evidence when explanation is required from an official body with respect to safety of
machinery and equipment
Content of documentation
● Machines for which risk assessment has been carried out E.g. specifications, restrictions, intended use
● Assumptions at time of risk assessment E.g. Load, strength, safety coefficient
● Hazards and hazardous situations identified by risk assessment, as well as potential hazardous events
● Information forming basis of risk assessment
● Risk reduction targets to be achieved by protective measures
● Protective measures implemented for elimination or risk reduction of identified hazards
● Residual risk relating to machine
● Risk assessment results
● Forms drafted at risk assessment implementation stage
P135/135
Sumitomo Riko Group
Be Safe
MEMO SUMITOMO RIKO Group
GSS-M
Machine Design Risk Assessment
manual part
Form 1 GSR-0Z-001
Page 1/3
Class Sumitomo Riko Safety Standard Classification㻌 No. GSM䠉00䠉003-
Established Date:01/04/2015
Date:01/04/2015
Name Machine Design Risk Assessment Procedure㻌
Last Revised
1. (Objective)
This Standard provides for basic procedures for the machine design risk assessment
(Design RA) to assure machine safety through risk reduction at the design phase by
Sumitomo Riko or subsidiaries.
2. (Scope of Application)
2-1. (Applicable machine)
This Standard is applied in newly installing, modifying or relocating power-driven machines
as defined in Paragraph 2 (Scope of Application) of the Machine Safety Design Standard
(GSM-00-002).
2-2. (New installation)
New installation means newly installing the applicable machine.
2-3. (Modification)
Design RA is necessary when any one of the following conditions apply.
(1) Modification in installation or electric circuit for emergency stop or protective devices (e.g.
interlocking devices including a light curtain or door switch)
(2) Modification in installation of guards such as safety fence or cover (e.g. location, interval,
addition, removal)
(3) Addition or removal of devices accompanying functional or operational change
(4) Modification of machine due to change in materials, jigs, dies and others
(5) Other cases where Design RA is deemed necessary by the Equipment Engineering
Section
2-4. (Relocation)
Design RA is necessary when any one of the following conditions apply.
(1) Change in operation method due to machine relocation
(2) Change in operation environment due to machine relocation
If it is not clear whether or not Design RA is required, the Equipment Engineering Section
shall consult with the Safety and Health Department before determination.
3. (Terms and Definitions)
Main terms, when used herein, are defined as follows.
Term Definition
Risk assessment Overall process comprising of risk analysis and risk evaluation
(RA) Risk analysis is composed of the following:
࣭ Determination of limits of machine
࣭ Hazard identification
࣭ Risk estimation
Risk evaluation aims at determining necessity of risk reduction.
Drafted by Approved by Person Responsible
Takayuki Noguchi
Chairperson of Machine Safety WG General Manager of Safety & Health Chairperson of CSR Safety & Health
Dept. Committee
Hiroshi Nouso Ken Kono Rikizo Tatsuta
Document No. 䠣䠯㻹䠉㻜㻜䠉㻜㻜㻟 Form 1 GSR-0Z-001
Page 2/3
Term Definition
Risk
Safety Combination of the probability of occurrence of accident and the severity of that accident.
Hazard Probability of occurrence of accident further comprises of three elements; - frequency and
time of exposure to hazard, possibility of avoidance, and probability of hazardous event
Limits of machine occurrence.
Hazard State free from unacceptable risks
identification
Risk estimation Potential source of harm
Situations/conditions under which machine is operated. The following three items are
considered and clarified.
1) Information for use
Interaction between operators/other persons and the machine
2) Time constraint
Interval/timing of inspection and maintenance required to use the machine without down
time
3) Space constraint
Machine running environment and moving range related to various conditions of use
(e.g. auto or manual operation, setup, cleaning and inspection)
To identify all hazards and hazardous events estimated from the man-machine interaction
clarified through determining the limits of the machine. Based on this information, safety
measures are considered.
To judge risk level from severity of accident and probability of its occurrence as to identified
hazards and hazardous events
4. (Purpose of Design RA)
Risk assessment used herein means assuring machine safety by investigating and
evaluating potential risks of the machine at the designing phase to reduce such risks to an
acceptable level for users, that is, the level to ensure safe operation of the machine, before
the machine is introduced.
5. (Main Steps for Design RA)
Design RA consists of preparation for risk analysis, risk analysis, risk evaluation, risk
reduction and validity check. Indicated below are major steps implemented in Design RA.
Related methods, standards and forms shall be determined by each equipment engineering
section.
(1) Preparing purchase specification per requirements specification
(2) Investigating hazards per purchase specification at the machine designing phase
(3) Estimating risks against identified hazards
(4) Judging if estimated risks are acceptable or not
(5) Considering and implementing risk reduction measures for unacceptable risks, if any
(6) Repeating risk evaluation after risk reduction to judge if risks are acceptable or not
(7) Acquiring approval of General Manager of the applicable section after confirming all the
risks are acceptable
6. (Responsibility for Design RA)
The Equipment Engineering Section is responsible for making any machine manufacturer
implement Design RA. Provided, however, that the Equipment Engineering Section itself
shall carry out Design RA if:
(1) The machine manufacturer has a reasonable reason for not implementing Design RA;
(2) Compliance to the Machine Safety Design Standard cannot be set forth in the purchase
specification due to manufacturing problems;
(3) Equipment manufactured by plural manufacturers is introduced as an assembly line; or
(4) Commercially available machine is purchased.
Document No. 䠣䠯㻹䠉㻜㻜䠉㻜㻜㻟 Form 1 GSR-0Z-001
Page 3/3
7. (Documentation)
(1) The Equipment Engineering Section shall request applicable machine maker to
document and submit the result of Design RA by the introduction of machine, or to
consider alternative methods if such submission is difficult.
(2) In the case of Design RA implemented by the Equipment Engineering Section, the
section shall document the result of Design RA after checking validity.
(3) Documentation method shall be determined by each Equipment Engineering Section.
(4) The Equipment Engineering Section is required to preserve the original copy of
documentation as long as the introduced machine exists.
(Supplemental)
1. This Standard shall be maintained by Sumitomo Riko Safety and Health Department (Global
Safety Standard Promotion Office).
2. This Standard shall go into force on April 1, 2015.
3. Concrete operation of the provisions herein shall comply with the Machine Design Risk
Assessment Manual (document no.: GSM-0G GSS-M).
Safety GS Form 1 GSR-0Z-001
Page 1/8
Class Sumitomo Riko Safety Standard Classification No. GSM䠉00䠉003-
Established Date: 01/04/2015
Date: 01/04/2015
Name Machine Design Risk Assessment Procedure㻌
Last Revised
Appendix 1: ISO 12100/JIS B 9700
Safety of machinery-General principles for design-Risk assessment and risk reduction
(JISB9700 is the Japanese Industrial Standard developed based on ISO 12100)
Drafted by Approved by Person responsible
Takayuki Noguchi
Chairperson of Machine Safety WG General Manager of Safety & Health Chairperson of CSR Safety and
Dept. Health Committee
Hiroshi Nouso Ken Kono Rikizo Tatsuta
Classification No. Safety GS Form 1 GSR-0Z-001
Page 2/8
1. (General Steps for Design Risk Assessment)
Figure 1 is the flowchart of Design RA a machine designer should follow as described in the
applicable ISO standard. Applicable paragraphs in this Standard are also indicated in the
flowchart. Explanations for each step will be presented later.
Start ĸPreparation for risk analysis
㸦Item (1), Paragraph 5㸧
Determination of limits of
m a chi nery
Hazard identification ĸRisk analysis
㸦Item (2), Paragraph 5㸧
Risk estimation ĸRisk evaluation Yes
㸦Item (3), Paragraph 5㸧
Risk evaluation No
Yes
Is adequate risk reduction Documentation Are all risk reduction
achieved? 㸦Paragraph 7㸧 measures complete㸽
No End
Is hazard remov able㸽 Risk reduction㸦Item (4), Reevaluation of risk㸦Items (5) and (6), Paragraph 5㸧
Paragraph 5㸧 ĺValidity check & approval
No Yes
Has intended risk Yes
Is risk reducible with Implementation of reduction been
inherently safe design essential safe design
measures? policy achiev ed?
No
Yes No
Is risk reducible with Yes Has intended risk Yes
saf eguarding and reduction been
complemenrary protectiv e Implementation of achiev ed?
measures ? safeguarding and
complemenrary protective No
No
Yes Can specif ications be No Presentation of Has intended risk Yes
rev iewed as per the information for use reduction been
achiev ed?
limits of the machine?
No
Figure 1: Flowchart for Design Risk Assessment
Classification No. Safety GS Form 1 GSR-0Z-001
Page 3/8
2. (Determination of Limits of Machinery)
Accident will occur when a worker and machine hazard come close or in contact with each
other. Therefore, the first step of Design RA is to identify the interaction between them. This
step is referred to as “determination of limits of machinery.” Limit means determining 5W1H in
relation to machine usage. Clarifying expected usage manners, good or bad, and interaction
between human and machine makes it possible to consider as many required items as
possible in the following step of “hazard identification.”
To facilitate “determination of limits of machinery” by a machine designer, the Production
Engineering Section shall present the requirements specification incorporating the following
items to the maximum extent possible.
(1) Machine operators and their training/experience level including:
newly employed and personnel with special qualification.
(2) Intended use (normal way of usage) and reasonably predictable misuse including:
replenishment of material; taking out of products; replacing of dies; installation,
removal, regular inspection and maintenance of machine; and removing a protective
cover to take out a product stuck on the way and reaching out toward hazard.
(3) Third parties who may be exposed to hazard include:
other operators, passers-by and visitors on tour working or walking around the
applicable machine.
(4) Limitation on installation space or the environment including:
work area, maintenance space, passages, elevated places and outdoors.
(5) Life cycle of the machine and its parts including:
annual replacement of filter.
Exhibit 1 is attached as a reference form in outlining specifications concerning machine
limits to complete the requirements specification.
Exhibit 1: Basic Specification for Machine Planning
3. (Hazard Identification)
The ISO standard has the provision of “Hazard Identification” that follows “Determination of
Limits of Machinery.” The ISO standard defines “hazard” as a potential source of harm that
may cause harm (physical injury or damage to health), and driving unit, hazardous
substances, high temperature and noise are applicable. Table 1 lists up hazards. Hazards
are identified against the man-machine interaction specified in the “determination of limits of
machinery” step, and the term “identification” is used. This step is most important in Design
RA. If there remain any unidentified hazards, risks cannot be reduced and hazardous
machinery may be introduced.
Classification No. Safety GS Form 1 GSR-0Z-001
Page 4/8
Table 1 List of Hazards Example of hazardous event
Hazard
Pinching Hand was inserted between sliding doors.
Shear Hand was put under descending die and crushed.
Cut Finger was cut by a cutter blade or product edge burr.
Caught Finger was caught by a roll.
Finger is accidently inserted into and caught by uncovered sprocket.
Mechanical Impact (hitting, contusion)㸧
hazard While unfastening bolt, tool slips off and a worker bumps his/her
hand on the machine.
Stubbing Moving element comes off and hit a worker.
Worker’s leg bangs into sharp edge of the machine.
Worker has his/her hand stuck by a pointed end of a tool.
Scar Worker accidently touches a rotating stone and has his/her hand scraped.
High pressure fluid blowout Hydraulic fluid blowing out of a hole of hydraulic hose enters eyes.
Others Events that cannot be classified into the above.
Electrical hazard
High temperature hazard Electric shock caused by touching live parts
Noise hazard Static electricity shock caused by touching charged product
Burn by touching outer surface of furnace wall
Hot water splashing on arm
Poor hearing caused due to constant exposure to air exhaust noise
Vibration hazard Sickness due to floor vibration generated by running motor
Radiation hazard
Material/substance hazard Loss of vision due to exposure to direct laser beam
Ergonomic hazard Cancer caused by X-ray exposure
Environmental hazard
Fire and explosion caused by flammable gas generated
Lower back pain due to operation that forces personnel to bend their back
Uncomfortable state working in front of dazzling light source
Fall due to slippery floor
Hazard combination Dehydration due to work with frequent movement in a hot environment
4. (Risk Estimation)
4-1. (How to estimate risk)
The ISO standard defines risk as combination of the probability of occurrence of harm and the
severity of that harm. Risk estimation means defining these risk factors and quantifying the
risk level. Though there’s no consolidated method for risk estimation, representative ones are
shown in Table 2. Risk graph method will be detailed in the following paragraph.
Classification No. Safety GS Form 1 GSR-0Z-001
Page 5/8
Table 2: Representative Risk Estimation Methods
Method Description Characteristics
Matrix method
Risk level is determined as the product of ࣭ Easy to estimate with small
the harm probability categories and harm categories
severity categories (see Table 3).
࣭ Subjective determination leads to
Scoring method Probability of occurrence of harm and its different result depending on an
࣭ Addition severity are scored and combined to rate estimator
࣭ Integration the risk level (see Table 4).
࣭ Risk level is apparent from the total
Risk graph method Risk is estimated by going through 2 or 3 score calculated.
options set to 4 parameters of harm
severity, frequency, avoidance and ࣭ Risk reduction is unlikely reflected
probability of occurrence. on the score due to the effect of
other factors.
࣭ Easy to select and easy to estimate.
࣭ Risk reduction results in selecting
another option, and its effect is
easily reflected on the estimation.
Table 3: Example of Risk Determination Matrix㸦source: ANSI B11㸧
Probability of Severity of harm
occurrence of harm
Catastrophic Serious Moderate Minor
Very likely High High High Medium
Likely High High Medium Low
Unlikely Medium Medium Low Negligible
Remote Medium Low Negligible Negligible
Catastrophic: Death or permanent injury/sickness (returning to work is impossible)
Serious: Serious injury or sickness (returning to work is possible some time)
Medium: Serious injury or sickness that needs treatment beyond first aid (returning to the same work is possible)
Low: Injury that only needs first aid, or light injury (which is slight or has no effect on duty during working hours)
Very likely: High probable to occur
Likely: Probable to occur
Unlikely: Unlikely to occur
Remote: Probability of occurrence is nearly zero.
Table 4: Example of risk scoring (implemented at Sumitomo Riko㸧
(A) Frequency of approaching hazard (B) Possibility of accident
Rating Point Description Rating Point Description
Frequent 4 A few times/day Very likely 6 Usual care is not enough to avoid injury
Sometimes 3 A few times/month High 4 Carelessness may result in injury
Rare 2 A few times/year Possible 2 Human error may cause injury
Almost 1 Unlikely but chance is Almost never 1 Unlikely but chance is not zero
never not zero
(C) Severity (D) Risk level
Point Description Level Score Evaluation
10 㹔 60 or higher Majorly unacceptable risk
Death, lost vision, amputation of ϫ
6 limb 31-59 Unacceptable risk
Long leave for treatment is Ϫ
3 required (e.g. broken leg) 22-30 Acceptable risk (major)
1 Cut, burn, low back pain ϩ
Abrasion, contusion, strain Ϩ 11-21 Acceptable risk (minor)
10 or lower Acceptable risk
Formula: D = (A+B)×C
Classification No. Safety GS Form 1 GSR-0Z-001
Page 6/8
4-2.㸦Risk graph method㸧
Risk graph method employs 4 risk estimation elements, that is, “severity of harm,” “hazard
exposure frequency and time,” “hazard avoidance,” and “probability of occurrence of
hazardous event.” Tables 5 and 6 exemplify risk estimation using this method and resultant
risk evaluation, respectively. Selecting applicable option for each element one by one leads
to an applicable risk level. Each element is described below. Refer to Exhibit 2 for judging
criteria.
(1) Severity of harm
As risk judgment largely depends on the extent of physical injury, impact on the human
body shall be estimated from the energy or harmfulness of the hazard.
(2) Hazard exposure frequency and time
Frequency and time of exposure to hazard, which influence the probability of accident
occurrence, shall be estimated for all the persons who will be exposed to the hazard.
(3) Hazard avoidance
Possibility for any person encountering hazard to evade a hazardous event influences
the probability of accident occurrence. Estimation shall be made concerning the
occurrence speed of hazardous event or possibility of recognizing such event with the
five senses.
(4) Probability of occurrence of hazardous event
Probability of occurrence of hazardous event as a result of person’s exposure to hazard
largely depends on whether or not proper protective measures are implemented and
whether they are reliable, which in turn influences the probability of accident occurrence.
The probability of occurrence of hazardous event is essential to estimate the risk level.
Table 5: Example of risk estimation
Exposure Possibility of hazardous event occurrence
frequency
Severity Avoidance
S1 F1 A1 (possible) O1(low) O2 (moderate) O3 (high)
(low)㸧 (rare) A2 (impossible)
A1 (possible) 㸯 㸯 㸯
S2 F2 A2 (impossible) 㸯 㸯 㸯
(medium) (frequent) A1 (possible) 㸯 㸯 㸰
A2 (impossible) 㸯 㸰 㸱
S3 F1 A1 (possible) 㸯 㸰 㸱
(high) (rare) A2 (impossible) 㸰 㸱 㸲
A1 (possible) 㸰 㸱 㸲
F2 A2 (impossible) 㸰 㸱 㸳
(frequent) A1 (possible) 㸰 㸲 㸲
A2 (impossible) 㸰 㸲 㸳
F1 㸰 㸳 㸳
(rare) 㸰 㸳 㸳
F2 Risk level
(frequent)
Classification No. Safety GS Form 1 GSR-0Z-001
Page 7/8
Table 6: Example of Risk Evaluation
Risk Risk evaluation Action
level
Unacceptably Machine introduction is not allowed
㸳 major risk
Conditions for introduction
㸲 ࣭Reduction in risk level
࣭If introduction is needed, consultation with an applicable manufacturing
ࠉsection is required assuming the occurrence of major accident. The
ࠉEquipment Engineering Section shall provide residual risk information
ࠉto facilitate decision making during consultation. If machine introduction
ࠉis selected, the consultation result shalll be documented and preserved.
Risk difficult to Risk reduction per schedule is needed.
Conditions to introduce the machine
accept
࣭Same as stated above
㸱 Acceptable risk ࣭Continual risk reuction is necessary.
(major) ࣭Residual risk information needs to be provided to users as
ࠉusage information.
࣭Though there's no need for risk reduction, residual risk information
㸰 Acceptable risk ࠉneeds to be provided to applicable manufacturing section as usage
㸯 (minor) ࠉinformation.
࣭Continued implementation of cost-effective measures
࣭Mantenance of current risk level
࣭Though there's no need for risk reduction, residual risk information
ࠉneeds to be provided to applicable manufacturing section as usage
Acceptable risk ࠉLnformation.
࣭Continued implementation of cost-free measures
࣭Mantenance of current risk level
5. (Risk Evaluation)
Based on the estimated risk, it shall be judged if machine is acceptable. If the machine is
considered unacceptable as a result of judgment, which depends on estimation method and
judgment criteria, risk reduction must be implemented till the risk is reduced to an acceptable
level. Criteria for acceptable risk level must be clarified. Acceptable risk level does not mean
there’s no need for risk reduction effort, which must be carried out as far as possible.
6. (Risk Reduction)
Refer to Paragraph 5 (Risk Reduction Measure) and Paragraph 6 (3-step Method) of the
Machine Safety Design Standard (GSM-00-002).
7. (Risk Reevaluation)
Risk reevaluation shall be conducted by repeating the procedure of Paragraph 5 (Risk
Evaluation).
8. (Documentation)
After risk has been reduced to the acceptable level, risk assessment outcome shall be
documented. Though there’s no specific format, it is recommended to contain the following to
prove that machine safety has been reviewed and to provide users with information for use
clarifying residual risks.
Classification No. Safety GS Form 1 GSR-0Z-001
Page 8/8
Exhibit 3 (Design Risk Assessment Sheet) is attached for reference form in documenting
Design RA by means of the risk graph method as mentioned above.
(1) Specification of machine
(2) Explanation for operation
(3) Result of Design RA
ձ Design RA implementation date and responsible person
ղ Description for determination of machine limits
ճ Description for hazard identification
մ Result of risk estimation
յ Result of risk evaluation
ն Data used for risk estimation
(4) Description for risk reduction measure
(5) Description for residual risk (information for use)
(6) Method to notify users of information for use
Sumitomo Riko Group
Machine Design Risk Assessment
Sumitomo Riko Co. Ltd.
Global Safety Standard Promotion Office
Sumitomo Riko Group
Purpose of education
To have personnel understand the purpose and method to conduct risk
assessment so that it can be correctly implemented to ensure introduction
of safe machines.
To establish a system for taking preliminary safety measures by which
designers proudly prove that full consideration was made to ensure the
safety of machines voluntarily, not as a result of being forced to do so by
somebody.
P1/P58
Table of Contents Sumitomo Riko Group
1. Concept of Safety P3
2. Definition of Hazardous Situation P4
3. Definition of Risk P5
4. Risk Assessment P6
5. Risk Assessment Procedures
P14
5-1. Determination of the limits of machinery P19
5-2. Hazard identification P22
5-3. Risk estimation P32
5-4. Risk evaluation P33
5-5. Risk reduction P34
5-6. Reevaluation of risk P34
5-7. Documentation P36
5-8. Risk assessment flow
6. Specific examples P37
6-1. Determination of the limits of machinery P39
6-2. Hazard identification P44
6-3. Risk estimation/evaluation P50
6-4. Risk reduction P52
6-5. Reevaluation of risk P55
6-6. Residual risk information P57
6-7. Authorization P58
7. Practice
P2/P58
1.Concept of Safety
Sumitomo Riko Group
Japanese way of thinking
Global standard
日本地図(引用 chiri.com フリー地図素材集 http://www.chiri.com/) 世界地図(引用 世界地図フリーイラスト素材 http://free-world-map.com/jp/globe/194_earth.html)
No hazard is acceptable! There shall be no unacceptable risks!
Definitely safe or not? However safe it is, an accident may happen.
Accidents happen or not?
The dea that accident risk cannot be made zero.
Investment to ensure machine safety
To what degree should we do this? There’s no absolute safety!
Awareness of risk achieves safety.
P3/P58
2.Definition of a Hazardous Situation Sumitomo Riko Group
Definition depending on situation
danger ・・・Danger itself
hazard ・・・Situation where danger is present (risk source)
harm ・・・Physical injury or damage to health
risk ・・・Extent/possibility of harm that may be caused by encountering hazard
Example
隕石 (引用 著作者:NASA, ESA, M.A. Garlick (space-art.co.uk), University of Warwick, and University of Cambridge. http://free-illustrations.gatag.net/tag/%E9%9A%95%E7%9F%B3) 隕石 GATAG|フリー画像・写真素材集3.0著作者 State Farm http://free-images.gatag.net/tag/meteorite 隕石 GATAG|フリー画像・写真素材集4.0 著作者Undertow851 http://free-photos.gatag.net/tag/%E9%9A%95%E7%9F%B3
danger ・・・Meteorite Meteorites may fall.
hazard ・・・Meteorite is coming We may be hit and killed by a
risk ・・・Possibility of being hit by a meteorite meteorite.
→Risk generates uncertainty.
harm ・・・Hit by a meteorite→Death
P4/P58
3.Definition of Risk Sumitomo Riko Group
Risk・・・Combination of the probability of occurrence of harm and severity of that harm
(Defined in ISO 12100)
Probability: Accident may happen once per 5 years or 100,000
times of operation
Severity: Abrasion, fracture, loss of vision, death, etc.
Accident may happen in 1 minute or after 100 times of operation.
Accident may kill personnel in the worst cases, or may be avoided.
Uncertain factors
Example: Machine A: A deadly accident occurs once every
100,000 hours
Machine A: Personnel fracture accident
occurs once in 10 years Machine B: A loss of vision accident occurs once
every 50,000 hours
Machine B: Personnel fracture accident
occurs once in 5 years
Which machine has more risk? Severity is difficult to determine.
→ Evaluation standards are required.
P5/P58
4.Risk Assessment Sumitomo Riko Group
Risk Assessment・・・
Means to identify hazardous situations (hazards or risk sources) in
advance and theoretically evaluate the risk severity
“in advance” Prior to building(=in the design phase)
Kind of work to be implemented
“identify hazardous situation” Risk source that may be present
“evaluation of risk severity” Probability of occurrence (frequency/aboidability)
Severity and acceptability of risk
“theoretically” Establishing rules
Quantitative determination
After assessment→Reduce the identified risk to a satisfactory
level and document and maintain the results.
P6/P58
4.Risk Assessment Sumitomo Riko Group
ISO 12100 defines risk assessment as the
“overall process comprising a risk analysis and a risk evaluation”
Start Outline specification and usage
manner.
Risk analysis Determination of the Identify risk source.
limits of the machine
Quantify risk referring to criteria sheet.
Hazard identification
Set priority depending on severity
Risk estimation Consider and implement safety
measures
Risk assessment Risk evaluation
No Risk reduction
Has the risk been
adequately reduced? ISO 12100: International standard for machinery safety
Yes “Safety of machinery-General principles for design-Risk
Result documentation assessment and risk reduction”
Completed
P7/P58
4.Risk Assessment Sumitomo Riko Group
Purpose
① To ensure user safety by:
・Reducing estimated risk
・Notifying users of risks that could not be eliminated (residual risk information)
② To cut down on machine cost by:
・Taking action at the design phase to minimize modification after installation
・Clarifying risk reduction requirements (extent of reduction)
③ To provide public authorities with evidence of safety as a measure to:
・Comply with laws and acquire certification
・prepare for litigation risk(in case of hazardous events)
P8/P58
4. Risk Assessment Sumitomo Riko Group
Risk reduction level (global way of thinking)
Unallowable risk
ALARP range
Generally acceptable risk Acceptable risk Unacceptable
risk
Cost-efficiency
Residual risk Risk reduction
Safety
Risk Low High
This threshold must be determined. For example, developing vehicles anyone can drive costs
too much→ Limiting licensing age to 18 years or older;
ALARP(As Low As Reasonably Practicable) and obliging elderly drivers to take the course for safe
Address risk as far as reasonably practical. driving costs less.
P9/P58
4. Risk Assessment Sumitomo Riko Group
Evidence of safety (overseas requirements)
Certificate of each nation
(declaration of conformity)
・Conformance to standard
・Evidence that safety is
ensured.
Means to prove:
Risk assessment
各国の認証(引用 オムロン株式会社HP www.omron.co.jp/ecb/products/pdf/safety.pdf )
European Machinery Directive(2006/42/EC): Manufacturers are required to implement risk assessment.
USA (ANSI B11, RIA R15.06): National standard provides for risk assessment.
Chinese National Standards (GB/T15706-2012): Risk assessment is provided for as a national standard.
P10/P58
4.Risk Assessment Sumitomo Riko Group
Japanese only
Warrant of safety (Japan)
機械包括安全指針(厚生労働省HP http://www.mhlw.go.jp/bunya/roudoukijun/anzeneisei14/dl/ks04.pdf)
Guideline for comprehensive safety standards of
machinery published by the Ministry of Health, Labour
and Welfare
Machine manufacturer
Risk assessment at the design phase
Manufacture of safe machines
There still remains risk.
Using them without knowing the risks
may cause accident.
Residual risk
It is required to notify users.
Machine user
Utilization of information for use
Risk assessment prior to use
P11/P58
The words you are searching are inside this book. To get more targeted content, please make full-text search by clicking here.
GSS-M: Global Safety Standard for Machinery
Discover the best professional documents and content resources in AnyFlip Document Base.
Search