Incorporating the Minor Service Exception
Deploying programmable systems to streamline service procedures is an OSHA-sanctioned lockout / tagout option, under the right circumstances.
Traditionally, when operators or maintenance personnel required access to the hazardous section of machinery, employee health and safety regulations required removing all energy to that machinery. While that lockout/tagout approach did improve safety, in many cases it also negatively affected productivity by increasing the time required to access machinery and lengthening restart times. Today, many manufacturers are adopting practices to optimize machine uptime while maintaining focus on employee safety.
New application and product standards, as well as updates to existing standards, allow manufacturers to streamline their machine access strategies. This is accomplished by tailoring the operation of safety systems to the required task. This, in turn, allows employees to more quickly diagnose, perform minor service, and restore machinery to its production state, which can yield major improvement to machine uptime.
Within the United States, many manufacturers are taking advantage of what is commonly referred to as “Minor Service Exception to Lockout/Tagout” (OSHA CFR 1910.147(a)(2)(ii)(B)). The Minor Service Exception allows employees to access hazardous areas of the machine without performing lockout/tagout, so long as certain criteria are met. The criteria include:
(i) The servicing activity occurs during normal production operations;
(ii) The service provided is routine, repetitive, and integral to the production process; and
(iii) Alternative safeguards are installed to provide effective alternative protection.
The 2003 edition of the ANSI Z244.1 standard, Control of Hazardous Energy—Lockout Tagout and Alternative Methods, includes recommendations for developing safety programs incorporating the Minor Service Exception.
Streamlining Service Procedures
Many contemporary safety designs are using Programmable Electronic Safety (PES) systems, such as Safety PLCs, to assist with streamlining service procedures. Like standard controllers and networks, Safety PLC systems are programmable devices that can be programmed to function differently, depending on the task the employee is trying to perform.
A variety of techniques can be deployed to streamline service procedures and allow machine access for minor servicing functions. Some examples include:
Improved diagnostics. A machine stops unexpectedly due to a short-circuit in an E-stop string. This can be difficult and time-consuming to troubleshoot with a hard-wired series E-stop string in combination with a safety relay. The failure must first be isolated to the safety relay, and then the location of the short-circuit must be identified, which can be difficult if the short-circuit is in a closed cable tray. The fact that the machine stopped due to a wiring fault often is not obvious to the machine operator, and valuable production time will be spent trying to determine what caused the machine to stop before calling in maintenance for troubleshooting. Maintenance will then spend additional time isolating the failure to the short-circuit fault. Wiring individual E-stop devices into individual input channels of a safety I/O module will allow diagnostic tests of the input circuit and provide digital communications to an operator screen, immediately informing the operator of the source and location of the machine stop.
Monitored Power Control. Operators require multiple modes of operation to perform their job functions in a robot weld cell application. Operator modes include (i) enter a hazardous zone to teach a robot, (ii) enter a hazardous zone for tooling set-up or minor maintenance, and (iii) enter a hazardous zone to load or unload parts.
To teach the robot, power is required to perform the task. Using a Safety PLC, the system can be placed into a teach mode where power will remain to the robot(s) as long as the operator maintains his grip on an enable pendant. The safety system also may monitor jog speed and remove power if the robot tries to move too quickly. To set up tooling, the Safety PLC may remove power from robots but leave power on to other tooling, potentially allowing the operator to enter the cell without the use of lockout/tagout (based on the risk assessment). To load parts, the Safety PLC may permit the operator limited access to the cell without stopping production, as long as the operator remains within a monitored zone.
Exclusive Control. A machine needs to be jogged during a sanitation process with the guards open. The PES system can be designed to help minimize the realized risk during these tasks. Risk is reduced by providing a PES system that allows exclusive control of the jog function. The sanitation operator will place the machine in the jog mode and “lock” the selector switch so no one else can take control of the machine and cause unexpected motion. While in Jog mode, the PES system can manage which guard doors can be opened for the sanitation task, limiting exposure to moving equipment from outside the line of sight of the operator, and initiate controlled and monitored motion when the appropriate jog controls are permitted. In addition, the PES system can help prevent hazardous motion by removing the hazardous energy that is not required for the sanitation task to be performed.
Safe Speed Monitoring. An operator needs to clean a pair of rolls on a printing press. This can be hazardous to operators who accidentally reach into the rolls while they are turning inward, potentially pulling hands and arms into the rolls. This operation may traditionally require that power be removed from the variable frequency drives that provide power to the motors that turn the rolls. However, the operator requires the ability to jog the rolls in order to complete the cleaning task, making the removal of power impractical. With a PES system and a safe-speed monitoring device, the machine may be able to function in a “cleaning mode” where the jog speed of the rolls and the direction of the rolls are being monitored. If the PES system detects that the speed becomes too high or the rolls are turning in the wrong direction, then power will be removed and the rolls will be stopped.
Safe Torque Off. An operator needs to clean a minor spill on a rotary index tray. Removing power to the servo system requires a re-homing sequence and may create scrap materials. A servo drive with a safe-off function is installed. The safe-off feature disables the output of the servo drive, preventing the servo motor from generating the torque required to move the index table while maintaining control power and allowing for a rapid restart. Using this system, the operator is permitted to clean the spilled material with power remaining to the servo, helping to reduce system restart time.
In all of these examples, the uptime of the machinery is improved by helping the employee diagnose, perform service, and quickly restore the machinery to its production state. Stated another way, productivity is improved by optimizing the mean time to restore (MTTR) for the equipment. In financial terms, an MTTR improvement of 15 minutes per shift on a machine that generates $10,000 of revenue per shift can generate productivity improvements of $150,000 or more per year (in this case, two eight-hour shifts and 250 work days per year).
Risk Assessment is Key
The key to helping streamline service procedures is to perform a machinery risk assessment. Risk assessments provide manufacturers a process to 1) identify specific hazards on a machine, 2) quantify the risk these hazards present to employees working around the machine, and 3) evaluate various risk mitigation practices that can reduce the risk down to a tolerable level.
The risk assessment process should encompass all tasks and limits associated with interaction to a machine, including those performed by operations, maintenance, quality assurance, sanitation, and others. In addition, the risk assessment process is part of the specification of the appropriate safety circuit required for the initial risk rating determined by the risk assessment team.
There are a variety of risk assessment standards available to manufacturers and end users interested in setting up a risk assessment program. ANSI B11.TR3, RIA 15.06, and ISO 14121 are several of the frequently referenced standards.
A system design to streamline service procedures is most effective during the machine design process, when the basic machine operation and all mechanical, electrical, and other elements of the equipment are being determined. Consider updating machinery specifications to request that machine builders take streamlining of service procedures into consideration when developing their equipment proposals. For applications where equipment is already installed or being installed, the risk assessment process and resulting mitigation requirements can be completed to provide a workplace with reduced risks and with safety systems designed to help optimize productivity.
The concepts associated with designing machines for flexible minor servicing are well established and have been deployed in numerous safety applications. The time is now for manufacturers and OEMs to begin exploring how their design and safety practices can be updated to help improve employee safety while also helping to improve equipment productivity.
This article originally appeared in the September 2008 issue of Occupational Health & Safety.