www.usa.siemens.com
Guide to machine safety standards
and safety terminology
White Paper | January, 2013
Objective of safety systems
The objective of safety systems is to keep potential hazards
for both people and the environment as low as possible by
using suitable technical equipment, without restricting
more than absolutely necessary, industrial production,
the use of machines and thereby increasing productivity.
There are different concepts and requirements to guarantee
safety in the various regions and countries around the
globe. For example, in the EU, there are requirements
placed both on the manufacturer of a plant or system as
well as the operating company, which are regulated using
the appropriate European Directives, Laws and Standards.
On the other hand, in the US, requirements differ both at
a regional and even at a local level.
However, throughout the USA there is a basic requirement
that an employer must guarantee a safe place of work. In
the case of damage, as a result of the product liability laws,
a manufacturer can be made liable for damage caused by
his product. On the other hand, in other countries and
regions, other requirements apply.
A white paper issued by: Siemens.
© Siemens Industry, Inc. 2013. All rights reserved.
What is important for machinery manufacturers and plant
construction companies is that the legislation and rules of
the location where the machine or plant is being operated
always apply. For instance, the control system of a machine,
which is operated and used in the US, must fulfill US
requirements, even if the machine manufacturer (i.e. the
OEM) is based in Europe. Although the technical concepts
with which safety is to be achieved are subject to clear
technical principles, it is still important to observe as to
whether legislation or specific restrictions apply.
White paper | Guide to Machine Safety Standard | January, 2013
Safety systems and functional safety
From the perspective of the object to be protected, safety
cannot be segregated. The causes of danger and also the
technical measures to avoid them can vary widely. This is
the reason that a differentiation is made between various
types of safety, e.g. by specifying the particular cause of a
hazard. For instance, the term “electrical safety” is used if
protection has to be provided against electrical hazards
and the term “functional safety” is used if the safety is
dependent on the correct function.
To achieve this, specifically qualified technology is required,
which fulfills the requirements described in the relevant
standards. The requirements to achieve functional safety
are based on the following basic goals: Avoiding systematic
faults, controlling systematic faults and controlling random
faults or failures. The measure for the level of achieved
functional safety is the probability of the occurrence of
dangerous failures, the fault tolerance and the quality
that should be guaranteed by avoiding systematic
faults. Various terminology is used to express this in
the standards. In IEC 61508: “Safety Integrity Level”
(SIL) and EN ISO 13849-1 “Performance Level” (PL)
and “Categories.”
This differentiation is now reflected in the most recent
standards, in so much that there are special standards
that are involved with functional safety. In the area of
machine safety, EN ISO 13849 (derived from EN 954) and
IEC 62061 specifically address the requirements placed on
safety-related control systems and therefore concentrate
on functional safety. In the basis safety standard IEC
61508 (also EN 61508 and DIN EN 61508 / VDE 0803) IEC
addresses the functional safety of electrical, electronic
and programmable electronic systems, independent of
any specific application area.
Standards ensure safety
The demand to make plant, machines and other
equipment as safe as possible using state-of-the-art
technology comes from the fact that manufacturers
and users of equipment and products are responsible
for their safety. By maintaining and fulfilling the machine
safety standards, it can be ensured that state-of-the-art
technology is achieved – therefore ensuring that a
company, erecting a plant or a manufacturer producing
a machine or a device has fulfilled his responsibility for
ensuring safety.
In order to achieve the functional safety of a machine
or plant, the safety-relevant parts of the protective
and control systems must function correctly and must
respond in the event of a fault in such a way that the
system remains in a safe state or is brought into a
safe state.
European standards for safety of machinery
European machine safety standards are hierchically structured as follows:
Basic
safety
standards
Type A standards
Basic definitions
for all machinery
Group
safety
standards
Type B1 standards
Higher-level safety
aspects
Specialist
standards
EN ISO 12100
Safety of machinery
- Basic terminology, general principles for design
- Principles for risk assessment
Maximum gaps
to avoid crushing
of parts of the
human body
Safety-related
parts of control
systems
Safety distances
to prevent danger
zones being
reached by the
upper limbs
Electrical
equipment
of machines
Safety of
machinery
interlocking
devices with and
without tumbler
EN 349
EN 62061
EN ISO 13849-1
EN 294
EB 60204-1
EN 1088
Type B2 standards
Requirements for
safety devices
(Reference to
special protective
device/guards)
Two-hand control
device
Emergency stop
equipment, functions,
aspects
- Principles for design
Light barriers,
light curtains
EN 574
EN ISO 13850
EN 614961-1
Type C standards
Specialist standards for
specific requirements on
specific machines
Lifts
Injection
molding
machinery
Presses & shears
EN 81-3
EN 201
EN 692
EN 693
A white paper issued by: Siemens.
© Siemens Industry, Inc. 2013. All rights reserved.
Numerically
controlled
turning
machines
EN ISO 23125
White paper | Guide to Machine Safety Standard | January, 2013
Recommendation
Technology is progressing at a tremendous pace, which
is also reflected in changes made to machine concepts.
For this reason, especially when using type C Standards,
they should be checked to ensure that they are up-to-date.
It should also be noted that it is not mandatory to apply
the standard, but instead, the safety objectives must
be achieved.
If there are no harmonized European standards, or they
cannot be applied for specific reasons, then a manufacturer
can apply “National Standards”. All of the other technical
rules fall under this term of the machinery directive, e.g.
also the accident prevention regulations and standards,
which are not listed in the European Council Journal
(also IEC or ISO standards, which were ratified as EN). By
applying ratified standards, the manufacturer can prove
that recognized state-of-the-art technology was fulfilled.
However, when such standards are applied, this does not
automatically represent a presumption of conformity as
for a harmonized standard.
US machine safety standards
Understanding machine safety standards and terms
remains a challenging first step to spotting and reducing
risks and increasing profitability. Sources for help are
many. Standards organizations covering machine safety
include American National Standards Institute (ANSI),
National Fire Protection Association (NFPA), Robotics
Industries Association (RIA), and U.S. Occupational
Safety & Health Administration (OSHA), among others.
Requirements are numerous; some are more obvious
than others.
Watch for these common safety violations
When doing any plant walk-through, open your eyes
(behind safety glasses, of course) to the most common
safety violations, which may include:
• E-Stop pushbutton: Must be red palm or mushroom head with yellow background;
• Non-inspected fire extinguishers: approx. $1,200 fine;
• Fan guard opening greater than 1/2-in.: approx.
$1,500 fine;
• If a machine is modified, a new risk assessment is
required; and
Almost all new or revised US machine safety standards
require risk assessment to be done.
General information
The Occupational Safety and Health Act (OSHA) from
1970 regulates the requirements for employers to ensure
safe working conditions.
The core requirements of the OSH Act are administered
through the Occupational Safety and Health Administration
A white paper issued by: Siemens.
© Siemens Industry, Inc. 2013. All rights reserved.
(also known as OSHA). OSHA deploys regional inspectors
to check whether workplaces comply with the valid rules
and regulations.
The rules and regulations of OSHA – relevant for safety
at the workplace – are defined in OSHA 29 CFR 1910.xxx
(“OSHA Regulations (29 CFR) PART 1910 Occupational
Safety and Health”) (CFR: Code of Federal Regulations),
Subpart O - Machinery and Machine Guarding.
Additional information can be found in the Internet
(www.osha.gov).
Minimum requirements of the OSHA
The OSHA Rules under 29 CFR 1910 Subpart O, include
general requirements for machines (1910.212) and a
series of specific requirements for certain machine types.
OSHA regulations define minimum requirements to
guarantee safe places of employment.
However, they should not prevent employers from applying
innovative methods and techniques, e.g. “state-of-the-art”
protective systems in order to maximize the safety of
employees.
In conjunction with specific applications, OSHA specifies
that all electrical equipment used to protect employees
must be certified for the intended application by a
Nationally Recognized Testing Laboratory (NRTL)
authorized by OSHA.
OSHA general duties clause section 5: It’s the LAW
Each Employer:
• Shall furnish to each of his employees employment and a place of employment, which are free from recognized hazards that are causing or likely to cause death or
serious physical harm to his employees;
• Shall comply with occupational safety and health
standards promulgated under this Act.
Each Employee:
• Shall comply with occupational safety and health
standards and all rules, regulations and orders issued
pursuant to this Act, which are applicable to his own
actions and conduct.
Application of other standards
In addition to the OSHA regulations, it is important to
carefully observe the up-to-date standards of organizations
such as ANSI, NFPA and RIA as well as the extensive product
liability legislation in the US. As a result of the product
liability, it is in the interest of manufacturers and operating
companies to carefully observe and maintain the regulations
– and they are more or less “forced” to fulfill the state-ofthe-art technology requirement.
White paper | Guide to Machine Safety Standard | January, 2013
Third-party insurance contracts generally demand that
the parties involved fulfill the applicable standards of the
standardization organizations. Companies who are selfinsured initially do not have this requirement. However,
|in the case of an accident, they must prove that they
had applied generally recognized safety principles.
NFPA 70 (known as the National Electric Code (NEC)) and
NFPA 79 (Electrical Standard for Industrial Machinery)
are two especially important standards regarding safety
in industry.
Both of these describe the basic requirements placed on
the features and the implementation of electrical equipment.
The National Electric Code (NFPA 70) predominantly applies
to buildings, but also to the electrical connections of
machines and parts of machines. NFPA 79 applies to
machines. The NFPA 79, 2012 is said to be the benchmark
for industrial machinery safety and is aligned with the
NEC and NFPA 70E.
NFPA 79
This standard applies to the electrical equipment of
industrial machines with rated voltages of less than
600 V. (A group of machines that operate together in a
coordinated fashion is considered to be a machine.)
• Original NFPA 79 1997 – Restricted machine safety t
electromechanical devices.
9.6.3 Where a Category 0 stop is used for the emergency
stop function, it shall have only hardwired electromechanical
components. In addition, its operation shall not depend
on electronic logic (hardware or software).
• NFPA 79 2002 – Allowed the use of safety PLC in
safety-related functions.
11.3.4 Use in Safety-Related Functions. Software and firmware-based controllers to be used in safety-related functions shall be listed for such use. [Annex to NFPA 79 2002,
A.11.3.4 IEC 61508]
• NFPA 79 2007 – Allowed drives as a final switching device.
9.2.5.4.1.4 Drives or solid-state output devices designed
for safety-related functions shall be allowed to be the final
switching element, when designed according to relevant
safety standards.
• NFPA 79 2012 – Allowed the use of cableless control,
see 9.2.7.1 below.
9.2.7.1* General. Cableless control (e.g., radio, infrared)
techniques for transmitting commands and signals
between a machine control system and operator control
station(s) shall meet the requirements of 9.2.7.1.1
through 9.2.7.1.4. The core requirements placed on
programmable electronics and buses include: System
requirements (refer to NFPA 79 2012 9.4.3.4.2).
A white paper issued by: Siemens.
© Siemens Industry, Inc. 2013. All rights reserved.
Control systems incorporating software- and firmware
based controllers performing safety related functions shall
be self-monitoring and conform to all of the following:
(1) In the event of any single failure, the failure shall:
– Not lead to the loss of the safety-related function(s)
– Lead to the shutdown of the system in a safe state
– Prevent subsequent operation until the component failure has been corrected
– Prevent unintended startup of equipment upon
correction of the failure
(2) Provide protection equivalent to that of control systems incorporating hardwired/hardware components
(3) Be designed in conformance with an approved
standard that provides requirements for such systems.
Requirements placed on programmable equipment (see
NFPA 79 2012 9.4.3.1) Software and firmware-based
controllers to be used in safety-related functions shall be
listed for such use. (OSHA states listed as being certified
by an NRTL)
UL
In order to implement the requirements listed in NFPA 79:
2007, UL has defined a special category “Programmable
Safety Controllers” (code NRGF). This category involves
control devices that contain software and are intended
to be used for safety-related functions.
IEC 62061 or EN ISO 13849-1 should also be considered
when taking into account functional safety and when
using new technologies, e.g. wireless-based suspended
operator panels incorporating electronic shutdown devices.
A precise description of the categories as well as a list of
the devices that fulfill these requirements are provided
in the Internet:
www.ul.com –> certifications directory –> UL Category
code / Guide information –> search for category “NRGF”
In addition to Underwriters Laboratories Inc. (UL), TÜV
SÜD Product Services GmbH (TUVPSG) and TUV Rheinland
of North America, Inc. (TUV) are also NRTL’s for these
applications.
UL functional safety mark program
With the advent and evolution of functional safety
standards in North America and Europe, UL is now
offering a UL Functional Safety Listing Mark that can be
added for those qualifying companies in the process of
getting a traditional Listing from UL. For more details visit
www.ul.com/functionalsafety
White paper | Guide to Machine Safety Standard | January, 2013
ANSI B11
The ANSI B11 standards are common standards, which
have been developed by associations -– e.g. the Association
for Manufacturing Technology (AMT), National Fire
Protection Association (NFPA) and the Robotic Industries
Association (RIA). For more details, visit www.ansi.org
Cooperation between OSHA and ANSI
The ANSI and OSHA memorandum of understanding
allows ANSI to use its technical resources to assist OSHA in
carrying out its responsibilities. Some applicable standards
and guidance follow.
ANSI B11.19 - 2010: Performance criteria for
safeguarding
Standards below are referenced in and are intended to be
used with “ANSI B11.19 - 2010: Performance Criteria for
Safeguarding.” Standards always are subject to revision;
investigate the possibility of applying the most recent
editions of any standard referenced.
• ANSI / NFPA 79 - 2007: Electrical Standard for Industrial Machinery.
Some standards below are for informative reference and
are included for information only, for full list see pages
9-11 of the ANSI B11.19 - 2010
• CFR 1910.147 ISO 13849-1 – 2008, IEC 60204-1, IEC 61496-1/2/3 ANSI / NFPA 70 – 2008,
• ANSI B11.1/.2/.3/.4/.5/.6/.7/.8/.9/.10/.11/.12/.13/.14/.15/.
16/.17/.18/.19/.20/.21/.22/.23/.24
See the appropriate ANSI B11 machine tool safety standard
for safeguarding selection requirements based on a
specific application. (See examples below.) Selection of
the safeguarding requires task and hazard identification,
and the application of risk assessment and risk reduction
of the total production system. (See ANSI B11.TR3 on risk
assessment and risk reduction).
• ANSI B11.3 – 2002 (R2007): Power Press Brakes
• ANSI/RIA 15.06: Safety Requirements for Industrial
Robots and Robot Systems
• ANSI B20.1: Conveyors
• TR-3 - 2000: Risk Analysis
• TR-4 - 2004: Failsafe PLC Application
• TR-6 - 2010: Safety Control Systems for Machine tools
• ANSI B11.19 - 2010 - 4.2.3: The user shall ensure that
when any change of the tooling, process or procedure occurs, the safeguarding continues to meet the
requirements of the standard and the ANSI B11.
“base” standard (the standard dealing with the specific
machine), see ANSI B11-0. Changes in the production system that may affect the safeguarding include, but
are not limited to tooling changes, addition or removal
A white paper issued by: Siemens.
© Siemens Industry, Inc. 2013. All rights reserved.
of auxiliary equipment, modification to the machine
systems, operation method (program) change in operation
personnel, adjustment location of safeguarding, and
part configuration. Adjustments to the safeguarding or
supplemental safeguarding may be necessary.
ANSI B11.19 - 2003 - 5: Hazard Control: Hazards associated
with the use of the safeguarding shall be identified and
controlled as part of the overall risk reduction strategy.
The overall hazard identification and risk reduction strategy
is identified in each ANSI B11 “base” standard or in ANSI
B11.0 (B11.TR3). These documents are used to select
safeguarding appropriate to the foreseeable tasks and
identified hazards.
Risk assessment standards
The risk analysis is used to assess the hazards that a machine
presents. Risk analysis is an important requirement
according to NFPA 79 - 2012, ANSI/RIA 15.06 1999, ANSI
B11.0 2010 and SEMI S10. A suitable safety technology/
system can be selected using the documented results of
a risk analysis - based on the specified safety class of the
particular application.
As a result of their design and functionality, machinery
and plants represent potential risks. Therefore, the
machinery directive requires a risk assessment for every
machine and, if relevant, risk reduction, so that the
remaining risk is less than the tolerable risk.
The following standards should be applied for the
techniques to evaluate and assess these risks:
• For Europe:
EN ISO 12100 “Safety of machinery – basic terminology, general principles for design – risk assessment and risk reduction”
EN ISO 12100 mainly describes the risks to be
considered and design guidelines to minimize risk
and also focuses on the iterative process with risk
assessment and risk reduction to achieve safety.
• For USA:
ANSI B11.0 - 2012, Safety of Machinery; General
Requirements and Risk Assessment
This standard applies to new, modified or rebuilt power driven machines, not portable by hand, used to shape and/or form metal or other materials by cutting, impact, pressure, electrical or other processing techniques, or a combination of these processes. Incorporates the bulk of ANSI B15.1-2000 (R2008) and ANSI B11.TR3
Safety standards reduce operating costs
By now it is well understood, as shown by numerous
safety research studies, customer application case studies
and testimonies that not only does safety protect plant
personnel but increases productivity and provides a cost
saving of at least 30%. Companies that implement safety
functions, perform functional safety evaluations, and
implement safety in manufacturing processes by following
the guidelines mentioned in the machine safety standards
and complying with their requirements are finding
benefits where few expected to – on the bottom line.
There are other financial benefits of implementing safety
standards. One, is global acceptance which opens up
the more global opportunities. Another important one is
insurance companies have started to recognize machine
safety compliance, its benefits and that can reflect
favorably on the insurance premiums.
Additional organizations and links:
For more information on these topics, reference the
following links.
Siemens Industry Inc. http://www.usa.siemens.com/safety
ANSI
(American National Standards Institute)
http://www.ansi.org
OSHA
(Occupational Safety and Health Administration)
http://www.osha.org
NFPA
(Occupational Fire Protection Association)
http://www.hfpa.org
TUV
Rheinland of N.A. Inc.
http://www.us.tuv.com
UL
(Underwriter Laboratories)
http://www.ul.com
CSA
(Canadian Standards Association)
http://www.csa.ca
CCOHS
(Canadian Center for Occupational – Health and Safety)
http://www.ccohs.ca
NIOSH
(National Institute of Occupational Health and Safety)
http://www.cdc.gov/niosh/homepage.html
NSC
(National Safety Council)
http://www.nsc.org
ASSE
(American Society of Safety Engineers)
http://www.asse.org
RIA
(Robotic Industries Association)
http://www.robotics.org
http://www.tuv-sud.com
A white paper issued by: Siemens.
© Siemens Industry, Inc. 2013. All rights reserved.
White paper | Guide to Machine Safety Standard | January, 2013
Machine safety definitions explained
Actuating control(s): An operator control(s) used to initiate or maintain machine motion(s) or other machine function(s).
Automatic start: A safety function is automatically restored (without an ON button). This for example is only permissible
for moving protective guards that cannot be bypassed.
However this is not permissible for an Emergency Stop
device. This start type is only permissible after the hazard
has been assessed.
B10: The B10 value for devices subject to wear is expressed in the number of switching cycles. The failure rate of
electromechanical components can be calculated using the B10 value and the operating cycle.
Blanking: Bypassing a portion of the sensing field of a presence-sensing safeguarding device (light curtain).
Cable-operated Switch: This is mainly used in EMERGENCY STOP protective safety devices and is a signal transmitter whose switching state changes if a cable / line - connected to the switch - is pulled or the line / cable breaks. This
device is used to monitor long lengths (for example, along conveyor belts).
Cascading input – Safety Relay: Safety, single-channel input of a safety relay that is internally evaluated just like a sensor signal; logical and operational with the other signal
transmitter / sensor inputs. If a voltage is not connected, the safety relay safely disables the enable circuits (outputs).
CCF (Common Cause Failure): Failure with a common cause (short-circuit).
Contact less electro-sensitive protective device (laser scanners, light grids, and light curtains). Contact less / electro-sensitive protective devices that essentially comprise
the sensor function and the associated control monitoring
function with output switching element – also known as
OSSD (output safe switching device).
Control reliability: The capability of the machine control system, the safeguarding, other control components and related interfacing to achieve a safe state in the event of a
failure within their safety-related functions.
Cross-circuit fault: This can occur for multi channel control circuits for equipment/devices and is a short circuit between channels (e.g. in a two-channel sensor circuit)
Cross-circuit fault detection: This is the ability of the safety device to detect cross-circuit faults – either immediately or as part of a cyclic monitoring routine: The device goes into a safe condition after the fault has been detected.
Discrepancy time: The discrepancy time monitoring tolerates, within a defined time window that associated signals
not available at the same time.
Diversity: The use of different means, such as use of different
processors or other hardware such as relays, storage media,
programming languages and software to perform the
same function.
A white paper issued by: Siemens.
© Siemens Industry, Inc. 2013. All rights reserved.
Emergency stop: A manually actuated control device that can be used to initiate an EMERGENCY STOP function (red mushroom button with yellow background). Note: The EMERGENCY STOP function is initiated by a single action
of a person and must always be available and capable of
functioning irrespective of the operating mode.
Enabling switch: An enabling switch is a manually operated signal transmitter which can be actuated to withdraw the protective effect of protection equipment. It is not possible or permissible to initiate hazardous states using the enabling
switch alone – a “second, conscious” start command is
required for this.
Energy source: Any electrical, mechanical, hydraulic, pneumatic, chemical, thermal, potential, kinetic or other sources of power / movement.
Feedback circuit: This is used to monitor controlled
actuators (e.g. relays or load contactors with positively-driven
contacts). The evaluation unit can only be activated when the
feedback circuit is closed. Note: The NC contacts (these are
positively-driven contacts) of the load contactors to be
monitored are connected in series and integrated into the
feedback circuit of the safety controller/relay. If a contact
welds in the enable circuit, then it is no longer possible to
re-activate the safety controller/relay because the feedback
circuit remains open. The (dynamic) monitoring of the feedback circuit does not have to be safety-related because it is
only used for fault detection. The ON button is generally
switched using the positively-driven contacts of the actuator
in series (fault detection when starting)
Hand tool: Any device used for manual feeding or removal or a work piece, freeing of a jammed work piece or removal of scrap.
Harmonized standard: Type A (Basic Standards), Type B (Group Standards) and Type C (Products Standards) are listed in the Machinery Directive and therefore allow an assumption to be made that the Machinery Directive is complied with.
Hazard: The hazard (as the result of a specific event)
represents danger for the user and can result in injury (potential source of damage).
Hazard assessment: Evaluation of a danger (resulting from a
hazard) for the user.
Interlocking equipment and devices: This is a mechanical, electrical or another interlocking device that has the function
of preventing the operation of a machine under certain
specific conditions (generally as long as a guard is not closed).
Life cycle of a machine: The phases of a machine including design and construction, transport and commissioning,
re-assembly, installation, initial adjustment, relocation, use (such as setting, teaching / programming or process change- over, operation) and care (cleaning, trouble shooting,
maintenance (planned or unplanned) de-commissioning, dismantling and, as far as safety is concerned, disposal.
White paper | Guide to Machine Safety Standard | January, 2013
Listed for use: Equipment, materials or services included in a list published by a Nationally Recognized Testing Laboratory
(NRTL) and concerned with evaluation of products or services,
that maintains periodic inspection of production of listed
equipment or materials or periodic evaluation of services,
and whose listing states that either the equipment, material
or services meets identified standards or has been tested and
found suitable for a specified purpose.
Positively-opening: For positively-opening contacts, the contacts separate as a direct result of a defined motion of the switch actuator using non-spring mechanical linkage. For the electrical equipment of machinery, the positively-
opening contacts are expressly specified in all safety circuits.
Note: Positively-opening contacts are designated according
to IEC 60947-5-1 by the symbol (arrow in a circle) (function
to protect persons).
Manual reset: A function to restore one or several safety functions before the machine restarts. After a stop command
has been initiated by a protective device, the stop state must
be maintained until a manual reset device is actuated and the
safe state has been reached for a restart.
Presence-sensing device: A device that creates a sensing
field, area or plane to detect the presence of an individual
or project.
Mirror contact: A typical application of mirror contacts is to provide high reliable monitoring of the switching state in the
control circuits of machinery.
Monitored start: The safety function is restored by
monitoring a dynamic signal change, e.g. using an ON
pushbutton. This is absolutely mandatory to achieve a higher
safety level for an emergency stop protective device since it
provides protection against manipulation. This start type is
only permissible after a hazard has been assessed.
Muting: A type of bypass function: The safety-related
function is correctly and deliberately disabled using
additional sensors for a limited time. Note: This is used in the field to make a differentiation between persons and objects.
Performance level: Capability of safety-relevant parts to
execute a safety function under predictable conditions (that should be taken into account) to fulfill the expected risk minimization. From PLa (the highest probability of failure) to PLe (the lowest probability of failure)
Proof test: Repeated test that is executed to detect faults in a SRECS so that – if necessary – the system can be brought into an “as new state”, or as close as is practically possible to an “as new state.”
Protective device: Device (other than a guard), which reduces a risk, either alone or associated with a guard (does not
include personal protective equipment).
Residual risk: That risk that remains after safeguarding
devices have been applied and a risk assessment performed.
Risk: A combination of the probability and the degree of the possible injury or damage to health in a hazardous situation in order to select appropriate safeguards.
Risk assessment: The process by which the intended use of the machine, the tasks and hazards, and the level of risk are performed.
Safeguarding: Guards, safeguarding devices, awareness
devices, safeguarding methods and safe work procedures.
Safety distance: The calculated distance between a hazard
and its associated safeguard.
PES (Programmable Electronic System): A system for
control or monitoring using one or more programmable
electronic devices, including all elements of the system, such
as power supplies, sensors and other input devices, data links
and other communication paths, and actuators, and other
output devices.
Safety function: Function of a machine, the malfunction of
which would increase the risk of harm.
Positively-driven contacts: For positively-driven contacts
of a relay/contactor, the NC contact and the NO contact may never be simultaneously closed over the complete lifetime
of the device. This also applies if the relay/contactor is in an incorrect state (faulted). E.g. If a NO contact is welded, then all of the other NC contacts of the relay/contactor involved remain open no matter whether the relay/contactor is
energized or not.
Tolerable risk: Risk that is accepted for a given task and
hazard combination (hazardous situation).
Siemens Industry, Inc.
3333 Old Milton Parkway
Alpharetta, GA 30005
www.siemens.com
Order No. SIWP-SSTDS-0113
All rights reserved. All trademarks used are
owned by Siemens or their respective owners.
A white paper issued by: Siemens.
© Siemens Industry, Inc., October 2013. All rights reserved.
SIL: One of three possibilities to define safety integrity
specifications of the safety function that can be assigned
to an SRECS. Safety integrity level 3 (SIL 3) is the highest
possible level and level 1 (SIL1) is the lowest.
Two hand control device: An actuating control that requires
the concurrent use of the operators hands to initiate machine
motion during the hazardous portion of the machine cycle.
Validation: Confirmation by examination and testing that the
particular requirements for a specific intended use are met.
Verification: The process or act of confirming that a device or
function conforms or performs to its design.