Safety Strategy For Machines

From a purely functional point of view the more efficiently a machine performs its task of processing material the better it is. Life, however, is not that simple and in order for a machine to be viable it must also be safe.  Indeed safety must be regarded as a prime consideration.


In order to achieve a proper safety strategy there must be:


1 - RISK ASSESSMENT based on a clear understanding of the machine limits and functions which must then be analyzed to identify which ones pose a potential hazard. The degree of risk due to the hazard is then estimated in order to provide a basis for judgement at later stages. A risk evaluation is then required to determine if existing safety measures are satisfactory or whether additional measures are required to reduce the risk.


2 - RISK REDUCTION is then performed if necessary and safety measures are selected based on the information derived from the risk assessment stage.


After the implementation of these measures the process is repeated to determine whether safety has in fact been achieved.  The manner in which this is done is the basis of the SAFETY STRATEGY for the machine.


A checklist should be followed to ensure that all aspects are considered and that the overriding principle does not become lost in the detail.


The first step is to ensure that the whole process is documented.  Not only will this ensure a more thorough job but it will also make the results available for checking by other parties. It can also be included in the technical file which supports the Declaration of Conformity for the Machinery Directive. Because the process is likely to be repeated, the documenting of the results means that needless repetition can be avoided.


It should be noted here that if a machine is designed in conformity with a "C" type standard specific to that machine it should already incorporate all the measures necessary for its safety.  It is strongly recommended however that this process is still carried out to ensure that everything is considered.


Although this section may only seem to apply to machine manufacturers it is also relevant to machine users as machines are often used in circumstances unforeseen by the manufacturer.  The user (or employer) has a legal requirement to provide a safe working environment. Regulations make it clear that the safety of work equipment is addressed from three aspects :


(a) its initial integrity

(b) the place where it is used

(c) the purpose for which it is used.


For example, a milling machine used in a school workshop will need additional considerations to one which is used in an industrial tool room.


It should also be remembered that if a user acquires two or more independent machines and integrates them into one process they are, technically speaking, the manufacturer of the resulting combined machine.


Now let us consider the essential steps to a proper safety strategy. The following can be applied to an existing factory installation or a single new machine.


Risk Assessment

Why is a risk assessment necessary?


One reason is obvious - in the EC it is a legal requirement. Most of the directives and regulations regarding machinery safety state that a formal risk assessment should be carried out. Most of the harmonized European A & B type standards refer to it and the subject itself has a standard — EN 1050 "Principles for Risk Assessment". People concerned with the safety of machinery realize that risk assessment is an integral part of a safety strategy.


Risk assessment is not a burden. It is a helpful process which provides vital information and allows the user or designer to make logical decisions about ways to achieve safety.


Fig 22


Machine Limit Determination and Hazard Identification

A complete list of all machines should be made. Where separate machines are linked together, either mechanically or by control systems, they should be considered as a single machine. Each machine is then considered in turn to see if it presents any sort of hazard and the list marked accordingly.


It is important to consider all limits and stages in the life of a machine including installation, commissioning, maintenance, de-commissioning, correct use and operation. Also consider the consequences of reasonably foreseeable misuse or malfunction.


All hazards must be considered including crushing, shearing, entanglement, part ejection, fumes, radiation, toxic substances, heat, noise etc.


NOTE: If a machine relies on anything other than its intrinsic nature for its safety it should be indicated as a hazard source. A machine with exposed gears has an obvious and direct hazard. But if the gears are protected by an interlocked access panel they are a potential hazard which may become an actual hazard in the event of failure of the interlocking system.


Each machine with a hazard should be identified and marked on the list together with the types of hazard present. At this stage it is only the identity and type of hazard that concerns us. It is tempting to start estimating the degree of risk posed by the hazard but this should be dealt with as a separate process of risk estimation.  


Risk Estimation

This is a fundamental aspect of machinery safety. There are many ways of tackling this subject and the following pages give a simple, effective approach. The method should be amended as necessary to suit individual requirements.  An understanding of both its importance and method is absolutely essential.


All machinery that contains hazards presents risk. It is important to be able to describe at which point the risk lies on a relative scale from minimum to maximum. The following pages provide a practical method for achieving this. First, let us look at some of the fundamental points.


1-      The risk estimation must always be documented.


It is tempting to make a purely intuitive judgement. While often based on experience, it almost certainly will not take into account all the necessary considerations and cannot be easily checked or passed on to others.


You must follow a logical work pattern, write down the results and get other parties to check it.  Remember, it is your evidence that you have shown due diligence in the task.


2 - What is risk?


The term risk is often confused with the severity of an accident.  Both the severity of potential harm AND the probability of its occurrence must be considered in order to estimate the amount of risk present.


3 - It must take into account all foreseeable factors.


As with the Hazard Identification stage it is important to consider all stages of the life of a machine including installation, commissioning, maintenance, de-commissioning, correct use and operation as well as the consequences of reasonably foreseeable misuse or malfunction.


4 - It is an iterative process but work need not be repeated needlessly.


For example: A machine has an interlock guard door which, during an earlier risk evaluation, has been shown to be satisfactory. Provided that there are no changes which affect it, during subsequent risk assessments, no further measures will be required as the risk has been satisfactorily reduced (or eliminated).


But if the machine has never been subjected to a formal risk assessment or its usage circumstances have changed then it cannot be automatically assumed that the interlocking system is satisfactory and the risk estimation should be repeated to verify its suitability.


The suggestion for risk estimation given on the following pages is not advocated as the definitive method. Individual circumstances may dictate a different approach.


It is intended only as a general guideline to encourage a methodical and documented structure.


It is intended to explain and complement the risk estimation section in standard EN 1050 "Principles for Risk Assessment" It uses the same well established principles as the standard but has a few minor variations in the detailed approach. This reflects the fact that it has been strongly influenced by the need to develop a method which is straightforward and reliable and is specifically intended for assisting in the selection of protective systems.



Fig 23 – Remember: for this consideration we are presuming that an injury is inevitable and we are only concerned with its severity.



For this consideration we are presuming that the accident or incident has happened.  Careful study of the hazard will reveal the most severe injury that can be reasonably conceived.  The severity of injury should be assessed as:

            • FATAL

• MAJOR – (Normally irreversible) Permanent disability, loss of sight, limb amputation, respiratory damage, etc.

• SERIOUS – (Normally reversible) Loss of consciousness, burns, breakages, etc.

• MINOR – Bruising, cuts, light abrasions, etc.

Fig 24





Fig 25



The frequency of exposure to hazard can be classified as:

            • FREQUENT – Several times per day.


• SELDOM – Weekly or less.

Fig 26




Fig 27


You should assume that the operator is exposed to the hazardous motion or process.  By considering the manner in which the operator is involved with the machine and other factors such as speed of start-up, etc., the probability of injury can be classed as:

            • CERTAIN




Fig 28


The following factors are taken into account:

1. The severity of potential injury.

2. The probability of its occurrence, which is comprised of two factors:

a. Frequency of exposure.

b. Probability of injury.


Dealing with each factor independently, values are assigned to these factors.


Make use of any data and expertise available. You are dealing with all stages of machine life so base your decisions on the worst case.


Remember, you should assume that a protective system has not been fitted or has failed to danger.  For example, the machine power may not be isolated when a guard is opened or may even start up unexpectedly while the guard is open.


All headings are assigned a value and they are now added together to give an initial estimate.  For example:


Fig 29 – Note: This is not based on the previous example pictures


The next step is to adjust the initial estimate by considering additional factors such as those shown below. Often they can only be properly considered when the machine is installed in its operation location.


Depending on the type and usage of the machinery there may be other relevant factors which should also be listed and considered at this stage.




More than one person exposed to the hazard.

Multiply the severity factor by the number of people.

Protracted time in the danger zone without complete power isolation.

If time spent per access is more than 15 mins. Add 1 point to the frequency factor.

Operator is unskilled or untrained.

Add 2 points to the total.


Fig 30 – The results of any additional factors are then added to the previous total as shown.


Risk Reduction and Evaluation

Consider each machine and its risks in turn and take measures to address all of its hazards.


There are three basic methods to be considered and used in the following order:


• Eliminate or reduce risks as far as possible by inherently safe machine design.


• Take the necessary protection measures in relation to risks that cannot be eliminated.


• Inform users of the residual risks due to the shortcomings of the protection measures adopted, indicate whether any particular training is required and specify the need to provide personal protection equipment.  If the machine is still at the design stage it may be possible to eliminate the hazard by a change of approach.


If design methods cannot provide the answer other action needs to be taken.


The hierarchy of measures to be considered include:

(a) Fixed enclosing guards.


(b) Movable (interlocked) guards or protection devices e.g. light curtains, presence sensing mats, etc.


(c) Protection appliances (jigs, holders, push sticks etc). –Used to feed a workpiece while keeping the operators body clear of the danger zone. Often used in conjunction with guards.


(d) Provision of information, instruction, training and supervision. It is important that operators have the necessary training in the safe working methods for a machine. This does not mean that measures (a), (b) or (c) can be omitted. It is not acceptable merely to tell an operator that he must not go near dangerous parts (as an alternative to guarding them).


Personal Protection Equipment.

In addition to the above measures it may also be necessary for the operator to use equipment such as special gloves, goggles, respirators etc. The machinery designer should specify what sort of equipment is required. The use of personal protective equipment is usually not the primary safe-guarding method but complements the measures shown above.


Each measure from the hierarchy should be considered in turn starting from the top and used where practical. This may result in a combination of measures being used.


If access is not required to dangerous parts the solution is to protect them by some type of fixed enclosing guarding.


If access is required then life becomes a little more difficult. It will be necessary to ensure that access can only be gained while the machine is safe. Protective measures such as interlocked guard doors and/or trip systems will be required. The choice of protective device or system should be heavily influenced by the operating characteristics of the machine. This is extremely important as a system which impairs machine efficiency is likely to be removed or bypassed.


The safety of the machine in this case will depend on the proper application and correct operation of the protective system even under fault conditions. The proper application has now been dealt with by the appropriate choice of general type of protective system.


The correct operation of the system must now be considered.  Within each type there is likely to be a choice of technologies with varying degrees of performance of fault monitoring, detection or prevention.


In an ideal world every protective system would be perfect with absolutely no possibility of failing to a dangerous condition. In the real world however we are constrained by the current limits of knowledge and materials. Another very real constraint is, of course, cost. It becomes obvious, because of these factors, that a sense of proportion is required. Common sense says that it is ridiculous to insist that the integrity of a safety system on a machine that may cause mild bruising to be the same as that required to keep a jumbo jet in the air. The consequences of failure are drastically different and therefore we need to have some way of relating the extent of the protective measures to the level of risk obtained at the risk estimation stage.


Whichever type of protective device is chosen, it must be remembered that a "safety related system" may comprise many elements including the protective device, wiring, power switching device and sometimes parts of the machine's operational control system. All these elements of the system (including guards, fixings, wiring etc) should have suitable performance characteristics relevant to their design principle and technology. Standard EN 954-1 outlines various categories for safety related parts of control systems.


One of the most commonly encountered errors is the belief that a high risk level always equates directly to a high category level. This is not necessarily always the case.


The table shown below is a suggestion for part of a documented process of accounting for all safety aspects of the machinery being used. It acts as a guide for machinery users but the same principle can be used by machine manufacturers or suppliers. It can be used to confirm that all equipment has been considered and it will act as an index to more detailed reports on risk assessment etc.


It shows that where a machine carries the CE mark it simplifies the process as the machine hazards have already been considered by the manufacturer and the necessary measures have been taken. Even with CE marked equipment there may still be hazards due to the nature of its application or material being processed which the manufacturer did not foresee.



Facility – Tool room, East Factory

Date – 29/8/95

Operator profile – Apprentice/Fully skilled


Equipment Identity & Date

Directive Conformity

Risk Assmnt Report #

Accident History


Hazard Identity

Hazard Type

Action Required

Implemented & Inspected – reference

Bloggs Centre Lathe. Serial #8390726 installed 1978

None claimed



Electrical Equipment complies with BS EN 60204; E stops fitted (replaced 1989)

Check rotation with guard open




Fit guard interlock switch

25/11/94 J Kershaw

Report #9567






Cutting fluid


Change to non-toxic type

30/11/94 J Kershaw

Report #9714






Sward cleaning


Supply gloves

30/11/94 J Kershaw

Report #9715

Bloggs turret head milling m/c

Serial #17304294

Manuf 1995

Installed May 1995

M/c Dir.





Movement of bed (towards wall)


Move machine to give enough clearance

13/4/95 J Kershaw

Report #10064


This article is provided by Scientific Technologies, Inc.(STI). STI has grown to be a leading supplier of machine safeguarding products in the United States and is recognized throughout the world for its superior products and services. Request More Information on STI's Safety Mats and Other Products.