Safety of manufacturing equipments: methodology based on a work situation model and need functional analysis

This paper describes some results of ongoing work, in the joint INRS-ENSAM laboratory, on the integration of risk prevention in specifications for future working equipment (specialized machines, individual workstations, assembly lines, etc.).
The concept of “integrated prevention” has been widely shared by European countries since the 1990s. It consists of applying safe design principles as early as possible in the design process. The aim is to conduct a preliminary risk analysis in order to achieve a lower level of risk in the design of future work equipment. Despite the many safety documents that exist (e.g., design instructions, guides and standards), many companies, particularly SME/SMIs, do not yet apply these safe design principles correctly. This is largely because the different participants in the design process (engineers, technicians, project leaders) are not prevention specialists and lack of appropriate methods and tools. As a result, it is difficult to make the correct choices in a timely manner without penalizing the project cost or delaying project completion. Consequently, integration of safety in the design process is mainly based on the individual knowledge or experience of the designers and is not conducted in any formalized way. Discussions with both designers and final users from SME/SMIs have confirmed that “health, safety and ergonomy” requirements are not as detailed as those that are purely functional. Safety requirements are usually addressed in formulaic sentences such as “the equipment should respect regulations and standards” or “should be safe, ergonomic and easy to use” etc. As a result, prevention issues and technical requirements are often handled separately and the safety problems are often dealt with at the end of the project once the concepts and technical solutions have already been defined. At this point, the measures implemented are mainly corrective, merely to satisfy the regulations. This cannot be considered to constitute true safety integration, which takes into account the future activity of the operators, including “reasonably foreseeable misuse”. In order to answer to this problem, the methodology we propose to involve engaging stakeholders in dynamic dialogue and a framework so that they may together define the information necessary for implementing safe design principles during the functional specification.
Safety requirements may be integrated in the functional analysis at three possible levels, the choice of which can lead to different results:
- General constraints: as enacted by EN 1325-1,functional analyssis holds the working group to define the general constraints which contain explicit safety requirements and standards that must be conformed to. However, although this is necessary, it is not sufficiently detailed and may lead to the designer developing the prevention apart from the technical and functional requirements: a situation that should be avoided.
- Function: the second level at which prevention can be integrated is to express it as a specific function. INRS has adopted this approach in many industrial projects. This approach is relevant only when the objective is to design a safety-related system.
- Function performance criteria: the goal is to identify all parameters which have a direct impact on safety, in other words, it should be specified that each function is safe through the performance criteria. The functional decomposition of the system is then used to define the future user tasks on the work equipment. This task analysis will thus facilitate the risk assessment according to the EN 12100 methodology.
Our proposed methodology is based on this last approach because it better deals with the objectives of the integrated prevention principles. The “user/designer” should be guided to obtain a complete picture of a design task. To do this, it is necessary to ask what the possible work situations are and which entities are involved for each function therefore needs to be divided into two different phases: description and characterization.
For description phase, after performing several tests, we propose to use a tool such as “5Ws and an H”, which is often used in industrial problem solving; the work team must answer “What”, “Who”, “Where”, “When”, “Why” and “How”.
The objective of the characterization step is to define the performance criteria that characterize each previously identified entity. If this step is performed by an individual designer, the results must be shared and validated by the work team involved in the previous step. Each performance criterion should be measurable, testable or verifiable at each successive step in the development process. To achieve this, it is necessary to first associate one or several MOSTRA model. MOSTRA (Work situation model) is the result from previous research on safety integration which allows to consider the concepts that mainly concern the users, the tasks to be performed, and the associated risks (for example, dangerous zones, hazards, dangerous events, or safety measures). The MOSTRA-based questionnaire allows completion and verification of the data coherence with regard to the function concerned. The final step is to add a quantitative or qualitative value to each criterion so its facilitates and enhances the risk analysis.
In order to progressively evaluate the relevance and acceptability of the approach, we intend to apply the proposed methodology to industrial cases in SME/SMIs companies. Our main industrial test-case was the design of a specialized machine with several optional functions (drilling, stamping, and sawing machining transfer line) for working with steel beams. The technical manager’s initial impression of the methodology was positive in that unsafe work situations were revealed that had not been identified in the original design. During the functional analysis, designers expressed technical issues based on previous experience, for example, prohibited or recommended technical solutions and potential hazards. In order not to forget this last information, a new column, “Alert point”, was added with three types of information: potential incoherence or contradiction between functional requirements, potential hazards, solution principles (prohibited use or range of applications).