The Robotics Industries Association (RIA) recently balloted its Technical Report (TR) R15.306 for industrial robot systems and cells. The report is a supplement to the ANSI/RIA R15.06-2012 standard and provides updated guidance on a methodology for conducting task-based risk assessments to meet the standard’s requirements.
The concept of the R15.06 risk assessment has not changed. What’s new is that this updated risk-assessment methodology now has three levels of severity, exposure, and avoidability.
Users and suppliers, including OEMs and integrators, benefit from TR R15.306 because it provides step-by-step instructions for evaluating and reducing risks.
In the previous 1999 methodology, risks were reduced following the hierarchy of controls, where the first step was to change the design, which meant either eliminating the hazard or eliminating the potential for exposure. The next step was safeguarding, referred to as engineering controls, followed by administrative controls.
As a part of global harmonization, terminology has sharpened. Although the hierarchy still exists, two views are recognized: those of the supplier and of the user. For example, Europe requires suppliers to meet the Machinery Directive, which has no equivalent in the United States. This means that the specific product, machine, system, and robot cell must reduce risks to the extent practicable by the supplier.
After risk reduction by the supplier, the user needs to validate that the risks have been addressed, add warnings if needed, develop safe operating procedures, develop and implement training programs, address change management, and handle safety management of the system (and plant).
But it is possible that the validation process could reveal that additional safeguarding and/or complementary measures are needed. This could be a result of unidentified tasks and/or hazards, adjacent equipment unknown to the supplier, or the facility’s layout. When the equipment is installed at the user’s facility, the cost and difficulty of reducing risks increases greatly as compared with tackling the challenge during the supplier’s design-and-build stage.
Suppliers have a great influence on safety because they design the equipment and select the components and materials used in them. They also are responsible for conducting a risk assessment, which is typically a failure mode effects analysis (FMEA) of machine components and designs. End users, on the other hand, must make the best of the equipment they receive. One way users do this is by conducting task-based risk assessments. However, users rarely change the design, as this is not practical.
Generally, few risk-assessment methodologies map risk levels to minimum risk-reduction requirements. Both the original R15.06-1999 standard and the new TR R15.306 provide this mapping, but the latest TR R15.306 takes it to a deeper level.
The previous R15.06-1999 assessment methodology used a 2 × 2 × 2 matrix. This included two rating levels for three different safety factors: severity (serious and slight), exposure (frequent and infrequent), and avoidability (likely and not likely). Machine designers used this matrix to determine the risk-reduction category for each task or hazard and then to identify the required safeguard and circuit performances.
The new methodology outlined in RIA TR R15.306 uses a 3 × 3 × 3 matrix (see Table 1). The safety factors remain the same, but their rating levels have been expanded from two to three:
- Severity: serious (normally nonreversible), moderate (normally reversible), and minor (first aid)
- Exposure: prevented, high, and low
- Avoidability: not possible, not likely (but possible), and likely
Designers and engineers today are more comfortable with risk assessments than they were when R15.06-1999 was introduced. As a result, they want more granularity, particularly for assessing severity. The three severity levels can be reasonably mapped to industry and company definitions.
Additionally, the new rating levels provide some important clarity in areas where mistakes were being made. For example, the “prevented” rating level was added to the exposure factor after it was found that some users of the R15.06-1999 methodology erroneously skipped key steps in the assessment process. They skipped the decision matrix and used only Table 2, which was to be used only after the first round of risk assessment and risk reduction.
RIA TR R15.306 clearly states the “not possible” rating is not used on the first round, because this is when the assessment is without any safeguarding. Therefore, nothing is prevented yet. After selecting the protective measures, the second round can consider whether these selections actually result in the exposure being “prevented.”
The “not possible” rating was added for avoidability to help people understand that the “not likely” rating was being erroneously selected at times.
A “not possible” example to avoid is a hand-fed part-revolution press. Without the appropriate safeguards and functional safety (safety integrity of the control system and its integration), serious or potentially fatal safety incidents are inevitable. However, robot applications often fit better to either “likely” or “not likely.” Keep in mind that a “not likely” selection can still mean that it is possible to avoid the hazard.
The new methodology
In a task-based risk assessment, an engineer starts by identifying all tasks associated with operating and maintaining the machine or system. Next, the engineer identifies all hazards associated with each task. Then, the risk level is determined for each task-hazard pair based on the injury severity, exposure, and avoidability.
During the initial round, safeguarding and functional safety requirements are not yet defined for each task/hazard pair. In this first round, the “not possible” rating cannot be used.
Once the risk level has been identified, the required minimum risk reduction is determined. If functional safety is needed because a control system is involved in the risk reduction, then the minimum requirements per ISO 13849-1 (Safety-Related Parts of Control Systems [SRP/CS]), based on the risk level, are as shown in Table 3.
After determining the risk reduction and minimum functional-safety performance of any risk-reduction measure, the task-hazard pair is re-evaluated as if it had been implemented.
Validation is the next step after the risk assessment. This evaluation identifies whether the risk-reduction measures implemented actually perform as intended or whether additional risk assessment and reduction measures are needed.
A more-rigorous assessment
ANSI RIA R15.06-2012, ISO 10218-1, and ISO 10218-2 require performing a task-based risk assessment.
When engineers review each step of a task, it can lead to valuable “a-ha” moments when hazards that had previously been missed are identified. Guards, protective devices and safety control systems are critical. However, proper operating procedures, training, and managing change are also necessary layers in assisting with safety during operation.
Suppliers and users should try the new robot system risk-assessment methodology and decide whether it works better for their needs. To download TR R15.306, visit www.robotics.org.