Implementing a hierarchy of automation safety

A layered approach for addressing industrial automation safety provides optimal results.

By Joshua Draa July 20, 2022

Safety Insights

  • Safety comes in many forms and is a critical aspect of manufacturing operations. It starts with fundamentals like awareness and having the right equipment on-hand. While a good starting point, it is really the first step in the journey and can go in much greater detail.
  • A hierarchy of controls is a good way to build a safety program in effectiveness and making a culture that emphasizes worker safety and wellness.
  • There are many safety solutions ranging from personal protective equipment (PPE) to alarms and sensors. Many advanced tools can be managed on a tablet or smartphone and users can tailor them to fit the company’s specific needs.

The considerations surrounding design and implementation of industrial automation safety are extensive, with specialized training required to fully address each potential issue. In fact, before planning for any safety-related systems, it is important certified experts perform a safety audit to assess the conditions and determine the proper design path. In part this is because safety standards and regulations evolve over time, so the concept “we’ve always done it this way” doesn’t hold up.

On the other hand, good industrial automation safety design almost always involves a multi-layered approach combining the right products, design practices, and operational training. The first step in achieving a safe workplace is to perform a risk assessment to identify potential issues, and the goal then changes to lowering risks through mitigation. A hierarchy approach of engineering and administrative controls is used to guide the most effective methods for protecting workers.

All personnel on the project and operation teams benefit from an understanding of the relevant safety concepts, even if their core task isn’t creating the actual detailed design of safety systems. It’s important to understand the most common topics involved with safety design, providing overview information required to inform staff.

Hierarchy of controls

Two of the most prominent safety organizations in North America are Occupational Safety and Health Administration (OSHA) and the National Institute for Occupational Safety and Health (NIOSH). OSHA creates and enforces regulations, while NIOSH is involved with research and investigation. In addition, there are many other regulatory agencies, codes, and standards associated with industrial safety.

For any equipment using industrial automation, the design of the automation systems certainly plays a role with regards to safety. However, safe design that protects workers is a much larger concept extending to the physical properties and usage of any equipment under consideration.

A traditional approach for personnel executing safe design is to consider several layers in a hierarchy of controls to provide a complete safety solution (Figure 1).

Figure 1: A hierarchy of controls approach to safe design prompts the consideration of the most effective methods first. Courtesy: AutomationDirect

Figure 1: A hierarchy of controls approach to safe design prompts the consideration of the most effective methods first. Courtesy: AutomationDirect


1. Elimination of the hazard to reduce risk

The best and most effective risk mitigation step is elimination, which means removing or deleting the potential hazard. Unfortunately, this is not a viable option most of the time because most machines and processes cannot be designed in a way to remove all possible hazards. However, designers should always consider elimination as an option.

For instance, a machine may have an easily opened inspection hatch, exposing users to potentially hazardous access. The hatch could be replaced by non-movable sheet metal, but that would be a problem for maintenance teams. Perhaps installing an interlocking safety switch and making the hatch openable only with tools is a better approach.

2. Substitution of the hazard to decrease risk

Even if a hazard can’t be eliminated, it may be possible to perform a substitution, replacing the hazard with something less severe or requiring less frequent access. Sometimes this isn’t possible. For example, when it comes to equipment using chemicals, perhaps a safer chemical — from the standpoint of flammability or toxicity — could be available. Even if the safer chemical costs more, it would often be worth it to realize benefits, such as more efficient work practices and fewer potential incidents.

Figure 2: This warehousing installation shows physical fencing to guard users from the moving equipment, and an e-stop button (lower left) so users can rapidly force all equipment to a safe state. Courtesy: AutomationDirect

Figure 2: This warehousing installation shows physical fencing to guard users from the moving equipment, and an e-stop button (lower left) so users can rapidly force all equipment to a safe state. Courtesy: AutomationDirect

Continuing with the previous access hatch example, maybe a shatter-resistant fixed window could be installed instead of a hatch so that users could inspect the equipment without being exposed to the mechanism.

3. Engineering controls to reduce risk

While it is always important to investigate the first two steps, the reality is that for modern automated equipment the next step of applying engineering controls is often where most risk mitigation will be accomplished. Engineering controls can be simple or complex, and they may take many forms.

  • Physical:Adding gates, guards, walls, cages, and bollards are a simple yet important way to safeguard users (Figure 2).
  • Sensors:Many types of sensors can detect dangerous conditions or that may be triggered by users to indicate and mitigate a hazard. These include emergency stop (e-stop) buttons, e-stop pullcords, light curtains, limit switches, and others. Any one of multiple sensors wired or programmed in series may be used to initiate an e-stop (Figure 3).
  • Interlocks:Some safety sensors are interlocking, which means they can be locked closed to prevent users from opening the associated equipment unless it is safe to do so.
  • Removing energy:传感器和联锁可以通过安全继电器或安全控制器连接,以断开与电机、执行器和任何其他设备的能量,否则可能会伤害用户。能量可以有几种形式:电气干线动力,电气装置动力,最常被忽略的是气压能,甚至水力能。传感器可能被连接以消除能量,或者它们可能被设计为更有能力的硬连线继电器或数字安全控制器电路的一部分。安全控制器是先进的数字设备,可通过软件进行配置,并可以与更高级别的系统通信。
  • Stop kinetic motion:某些物理系统需要额外的注意,以防止运动,即使在能量被移除的情况下,在紧急停车。气动回路可能需要一个快速排泄阀,以消除可能移动的钢瓶的压力。立式压力机或剪板机等设备可能需要机械挡块,以防止在电停后由于重力而移动。电机驱动的机械可能需要刹车来停止旋转运动后停止。
  • Software:当上述所有方法都得到应用时,可编程系统的另一个很好的增强是添加允许编程,它可以适当地检查传感器和系统参数,然后防止用户启用和e-stop电路,直到所有条件都安全。
  • Wiring:For the preceding methods involving safety sensors, interlocks, relays and controllers, these devices have specialized designs with dual-electrical contacts and other failsafe provisions. Standard non-safety devices often are not acceptable.

For the access hatch example, engineering controls could include installing an interlock switch, which only allows the inspection door to open if the machine is safe and prevents the machine from running if the door is open.



4. Administrative controls to lower risk

After the preceding steps have been incorporated, it is important to address the human element. This includes any design, engineering, maintenance, contractor, visitor or other personnel who will work with the equipment, or could potentially be in the area.

A training program is important for making users aware of safety concerns, work practices and proper procedures. Rigorous lockout/tagout (LOTO) procedures are essential for protecting workers who need direct access to equipment. In addition, clear warning labels, signage, and indicator lights provide an additional layer of protection.

5. Personal protective equipment (PPE) to decrease risk

In most industrial settings, PPE such as safety glasses, earplugs, respirators, safety toe boots, gloves, and the like are standard. Some situations call for more complex fall protection systems, along with associated training. Even though these items are indispensable for worker protection, they are at the bottom of the hierarchy of controls and should not be viewed as mitigating identified risks as they are a method of last resort. They also require ongoing worker effort to use PPE.

Mitigate, but validate

After a safety design has been created, the results must be validated in conformance with ISO 13849-2 to ensure that the target hazards identified in the risk assessment are truly mitigated. Sometimes the process can be a bit iterative, requiring some repeated steps.


此外,美国的一些标准要求定期进行风险评估(ANSI/RIA R15.06)。这促使最终用户重新评估工业设备,看看是否有任何变化的地区产生了新的危害。此外,每年的新产品和新想法都能提2022年足球世界杯入选名单高安全性。

A spectrum of safety solutions

创造安全的工业设备、系统和自动化从来不是一次性的任务。相反,它是一个持续的生命周期。此外,安全不仅是一名环境健康与安全(EHS)官员的责任。安全设计和操作对所有团队成员都有利害关系。从风险评估、缓解到验证的每一项任务都应由一个团队完成。另一个建议是引入一定程度的检查和平衡,例如由不同的人员执行安全工程和验证。This provides more awareness to the team and allows things to be viewed from a different perspective.

Many engineering considerations and products are required for creating safe industrial designs. To assist in these projects, team members in all company roles can access industrial automation supplier websites to see a wide range of products that can be implemented for providing layers of safety.

Joshua Draa

Author Bio:Joshua Draa is a product engineer at AutomationDirect. Over his 14-year career he has held controls/safety engineering positions for system integrators working in consumer product goods, pharma, and the food and beverage industries where he estimated, designed, assessed, validated, commissioned, and started up systems. Joshua holds a bachelor’s degree in Electrical Engineering from Georgia Institute of Technology and an associate’s degree in Engineering from University of North Georgia.