Safety Systems Must Be Designed For Productivity

I don’t care if your safety system is CAT 4, PL e or SIL 3, if it significantly interferes with the use of the machine then it’s unsafe. Anyone who works with machinery has seen safety systems that are designed as an afterthought in an ad hoc fashion. For example:

  • Machines where the operator needs to bypass the safety system to set-up  or clean the machine
  • Machines where guards don’t allow the visibility required for the task
  • Safety procedures that are time consuming and become ignored

So how do we avoid these common issues? Guidance is now at hand with the new Australian Standard for Interlocking Design and Principles, AS 4024.1602:2014.

This standard has a method to identify if the proposed safety system will create a motivation to defeat. Firstly the designer must identify the modes of operation, for example common modes would be; normal operation, manual operation, cleaning, maintenance, etc. The designer then needs to identify what tasks are performed in these different modes of operation.

The method will then assess if the safety system allows the task to be performed in the mode. If not, then a redesign of the safety system is required to allow for this activity.

If the safety system does allow the task to be performed, the designer still needs to analyse if the safety system interferes with this activity. For example there might be motivation to defeat the system because of these typical reasons:

  • The task can be performed much quicker if the safety system is defeated
  • The safeguard restricts visibility or audibility required to perform the task properly
  • The safety procedure requires much more physical travel
  • The safety system restricts movement and adds difficulty in performing the task

If motivation to defeat is discovered then design measures that will eliminate or minimize this motivation must be considered. For example, providing a transparent guard to allow the required visibility to perform the task. If there aren’t ways to minimize motivation for defeat then the standard recommends measures that can be used to make defeat difficult. For example, selecting highly coded safety interlock devices that are difficult to defeat.

Design of interlocking systems to reduce motivation for defeat has always been a consideration in the safety standards but now a formalised method is available for use. It is hoped that safety systems will be designed with the operation of the machine in mind so we can avoid non-productive safety systems that encourage defeat and create unsafe practices.

Published: 12 December 2014

What’s the hold-up with the new Conveyor Safety Standards?

For those not aware, the process of replacing the Australian Standard for Conveyor Safety, AS 1755, is well underway. This standard will be replaced by the following set of safety standards:
  • AS 4024.3610 – Safety of Machinery, Conveyors, General requirements
  • AS 4024.3611 – Safety of Machinery, Conveyors, Belt conveyors for bulk material handling
  • AS 4024.3612 – Safety of Machinery, Conveyors, Light duty belt conveyors
  • AS 4024.3613 – Safety of Machinery, Conveyors, Screw conveyors
  • AS 4024.3614 – Safety of Machinery, Conveyors, Mobile and transportable conveyors
The General requirements standard, AS 4024.3610, will replace the bulk of AS 1755. The major differences will include:
  • Updated references to current international and Australian standards
  • Updated control system requirements to allow for new design standards and current technology
  • Increased information on guarding options and methodology. This information should be used within the requirements of any state legislation (ACT/Regulations) or codes of practice.
  • Increased attention on the lifecycle activities of the equipment, such as risk assessment, installation,  commissioning, decommissioning, etc.
This General requirements standard will now be complemented by specific conveyor type standards, which will allow for more detailed guidance and compatibility of safety control measures. For example, with the AS 4024.3611 standard there will be improved information on aspects of belt conveyors for bulk material handling such as:
  • Hazard list specific for this type of conveyor
  • Safety considerations specific for this type of conveyor
  • Inclusion of current industry practices
  • Statistics on incidents involving belt conveyors for bulk material handling
For those who have been paying attention, there has been a significant delay since the public comment period of AS 4024.3610 and AS 4024.3611, which ended in February 2014. So why has it taken so long to publish these standards?

To avoid confusion, the new standards will only be released once all of the sections are ready for publishing. This allows AS 1755 to be fully superseded in one step.

So in conclusion the new set of standards will provide improved guidance for conveyor safety and the process is still moving forward, however the new standards will only be available once they are all ready to be published.

Unsure what all this mean for you? Want an overview of the different machine safety standards in Australia and how these tie in with OH&S requirements? Want to help on knowing how to select the applicable standard when designing a safety system? Well register and come along to the information session below.

NHP Electrical Engineering Products in conjunction with EngSpace are holding a Safety Standards session with guest presenters Frank SchreverChairman - Standards Australia Committee and Amy Whykes, Product Engineer - Safety & Sensing at NHP.

Published: 30 September 2014

New Revision of AS 4024.1 Series of Machinery Safety Standards

In order to keep Australian industry in-line with international practices, the AS 4024.1 series of machinery safety standards has been revised. The new parts are now available on the SAI Global website

Currently the parts are available individually because the application guide (part 1100) is yet to be released. It is expected that the AS 4024.1 series (collection of all AS 4024.1 parts) will become available once the application guide is finalised. Ordering the complete series is the recommended approach, as the AS 4024.1 parts should always be used together.

Below is a table that explains what parts will be included in the new series, this table indicates what international standard, each part is adopted from. The table also indicates which parts have been withdrawn and which parts are new.

Some major pointers on the new series:

  • The parts are now direct text adoptions of the international standards. This means all references in the parts refer to international standard numbers. This makes the below table very useful as the user must be familiar with the adopted international standard for each part to use the AS 4024.1 series.
  • The Application Guide, 1100 is a new part. This will be very useful in explaining to users where to find relevant information and how to use the complete series 
  • Part 1303 is a new part. This part provides practical examples of risk estimation models.Part 1503 is a new part. This part designs safety control systems to Performance Levels (PL). 
  • Part 1602 is the revised interlock guard part. This part is significantly different to the previous version and allows the user to design interlocking systems to the new PL method.

AS 4024 information sessions will be scheduled later in the year once the new AS 4024.1 series is complete. For more information, send Craig an email on 

All standards in the table below, less the highlighted fields, are the expected parts of the new AS 4024.1 series once the application guide (1100) is complete.

AS/NZS 4024 Part
International Equivalent
Application Guide for the AS 4024.1 series. Still at drafting stage
Available but will not be part of the revised AS 4024.1 series
ISO 12100:2010
This part supersedes the 2006 versions of parts 1201, 1202 and 1301

Superseded by AS 4024.1201:2014

Superseded by AS 4024.1201:2014
EN 626-1:1994+A1:2008
This part supersedes the 2006 version of part 1302
ISO/TR 14121-2:2012
New Part: This part provides guidance on risk estimation
EN 614-1:2006+A1:2009
This part supersedes the 2006 version of part 1401
ISO 13849-1:1999
This part will remain current and unchanged
ISO 13849-2:2003
This part will remain current and unchanged
ISO 13849-1:2006
New Part: This part designs control systems to Performance Levels (PL)
EN 953:1997+A1:2009
This part supersedes the 2006 version of part 1601
ISO 14119:2013
This part supersedes the 2006 version of 1602

This part will remain current and unchanged
ISO 13850-2006
This part supersedes the 2006 version of part 1604
ISO 7250-1:2008
This part supersedes the 2006 version of part 1701
EN 547-1:1996+A1:2008
This part supersedes the 2006 version of part 1702
EN 547-2:1996+A1:2008
This part supersedes the 2006 version of part 1703
EN 547-3:1996+A1:2008
This part supersedes the 2006 version of part 1704
ISO 13857:2008
This part supersedes the 2006 version of part 1801 and 1802

Superseded by AS 4024.1801:2014
ISO 13854:1996
This part supersedes the 2006 version of part 1803
EN 894-1:1997+A1:2008
This part supersedes the 2006 version of part 1901
EN 894-2:1997+A1:2008
This part supersedes the 2006 version of part 1902
EN 894-3:2000+A1:2008
This part supersedes the 2006 version of part 1903
IEC 61310-1 Ed 2.0
This part supersedes the 2006 version of part 1904
IEC 61310-2 Ed 2.0
This part supersedes the 2006 version of part 1905
IEC 61310-3 Ed 2.0
This part supersedes the 2006 version of part 1906
EN 981:1996+A1:2008
This part supersedes the 2006 version of part 1907

Published: 17 July 2014

Is one tongue interlock switch acceptable for CAT 3?

Category 3 is a very, if not the most, common risk level that appears in machine safety applications. The Category requires that a single fault cannot lead to a loss of the safety function. Many machines claim a Category 3 level with the use of 2 channels through one tongue interlock switch. However if the tongue was to mechanically fail, which is a single failure, this could lead to a loss of the safety function.

How is this possible?

This can only be achieved through fault exclusion. Fault exclusion can be claimed by the designer if there is evidence to suggest that the probability of the fault occurring is negligible. AS 4024.1502 Table A4 lists the considerations for mechanical fault exclusion for a device such as a tongue actuator, the following aspects need to addressed in the system design:
  • Wear/corrosion
  • Un-tightening
  • Fracture
  • Deformation due to over stressing
  • Sticking
This may be technically true but is it good design practice to use a single tongue interlock switch for a Category 3 system?

Thankfully a new international standard, ISO 14119:2013, has been developed to give some more guidance. This standard will soon be adopted into the new revision of the AS 4024.1 series.

This standard states that for risk levels equivalent to Category 4, it is not normally justifiable to exclude faults such as broken actuators. However for a risk level of Category 3 a full justification could be provided to exclude the fault of a broken actuator. The standard provides more guidance in Appendix G, where an example Category 3 system is shown. In this example two mechanically independent interlock switches are used to fulfill single fault requirements of Category 3.

The standard also provides guidance on how to avoid intentional tampering/defeating of the safety devices. In Table 3 a tongue interlock switch is classed as a Type 2 device, this means the shape of tongue provides a low level of mechanical coding. Due to the coding only being low level, it is recommended to provide a second interlock switch to reduce the probability of the system being defeated.

In conclusion, if a full fault exclusion is documented for the actuator failure ISO 14119:2013 does deem this acceptable for a Category 3 risk level. However I believe this new interlocking standard is recommending the use of a second mechanically independent device when using a tongue interlock switch for Category 3 or 4 systems, due to the single fault requirements and minimising the chance of defeat.

Published: 8 May 2014

Well-tried Safety Principles: what are they?

Previously on this safety blog I have addressed the topic of Basic Safety Principles, so here I will explore the requirements for well-tried safety principles.

Well-tried safety principles are requirements for safety systems designed to achieve Category 1 to 4. Well-tried safety principles set requirements for the design of the safety system and the behaviour / design of the components used.

Are you familiar with well-tried safety principles? They will probably help explain certain design features of safety components.

Let's have a look at some common Well-tried safety principles:

The circuit above shows a common safety interlock system, with some of the well-tried safety principles highlighted.
  • Positive mode actuation (direct opening action): this is a requirement for electromechanical safety devices. It requires the connection between the actuator and contacts to be mechanically rigid e.g. not relying on springs, gravity, etc.
    For NC contacts look for this symbolon your electromechanical devices such as E-Stops, Tongue Interlocks, Limit Switches, etc.
  • Positive guided auxiliaries (positive mechanically linked contacts): any contacts used for monitoring, such as contactor auxiliaries, should be mechanically linked. This ensures that the auxiliary is a true representation of the contactor state.

    Look for symbols such as:
     mechanically linked, or
    mirrored contacts on the auxiliary of the contactors.

  • Over-dimensioning: all components used in safety systems should be over-dimensioned to increase their reliability. This means that all mechanical aspects of the safety systems should have an appropriate safety factor. As for electrical components, such as contactors, they should be over-dimensioned by a factor of 2 for current, switching frequency and expected life of the product.
  • Separate safety function: keeping the safety functionality separate from the standard functionality will reduce the possibility of standard modifications contaminating validated safety systems. This can be achieved by having dedicated safety controllers carrying out the safety functions. Safety PLCs can also achieve this by separating the safety programs and standard programs in the controller and programming software.

Published: 19 February 2014