Last edit: 03/11/2023
Keeping a machine in a stopped condition while persons are present in danger zones is one of the most important conditions of the safe use of machinery and hence, one of the major aims of the machine designer and machine user.
In the past, the concepts of “operating machine” and “stopped machine” were generally unambiguous; a machine was
- operating when its movable elements or some of them were moving;
- stopped when its movable elements were at rest.
Machine automation has made the relationship between “operating” and “moving” on one hand and “stopped” and “at rest” on the other hand, more difficult to define. Automation has also increased the
potential for unexpected start-up and a significant number of hazardous events have occurred where machines, stopped for diagnostic work or corrective actions, started up unexpectedly.
The reference Technical Standard is ISO 14118 “Safety of machinery — Prevention of unexpected start-up” latest edition in 2017; it defines the methodologies to be followed when entering, safely, a dangerous area of the machine (safeguarded zone).
The general rule is Isolation and Energy Dissipation. In other words, before entering a dangerous area, the maintenance team should open the general electrical disconnector, open the manual pneumatic (normally 3/2) valve required as first element is a machinery Pneumatic distribution system, switch off the hydraulic unit. If applicable the gas train needs to be put in a zero energy state.
In other terms, in order to guarantee an unespected start up, a zero energy state nedds to be established. However, that is not always possible:
[ISO 14118: 2017] 4.3 Other means to prevent unexpected (unintended) start-up.
If the use of manual isolation and energy dissipation is not appropriate for frequent short interventions, the designer shall provide, according to the risk assessment in accordance with ISO 12100, additional automatic controlled functions (see Clause 6) to prevent unexpected startup.
Other means are therefore detailed, like the use of interlocked keys. However those are more the exception then the rule, and they need to go through a risk assessement, to deside their suitability
One of the important aspects added in the ISO edition is the following statement:
[ISO 14118: 2017] 6.3.2 Maintained stop command generated by a stop control device (level A)
The control system shall be designed so that the stop commands from the stop control device have priority over the start commands. To prevent unexpected (unintended) start-up due to unintended generation of start commands (including those generated within the control system itself), the stop manual control (or the stop control device) can be secured in the OFF/STOP condition. Depending on the risk assessment, securing in the OFF/STOP condition can be achieved by means of:
— a latching-in or key-operated stop control device which applies a maintained stop command until the device is reset manually;
NOTE: The emergency stop function cannot be considered as a measure of prevention of unexpected startup as described in ISO 12100 (see also ISO 13850:2015, 188.8.131.52).
In other words, it is not correct to use the Emergency Function in order to enter a dangerous area of the machine and perform a maintenance job or even for quick operational checks.
A good solution is the use of Interlocks or of Trapped Keys.