Bringing the resources together for a more efficient factory.
Sunday 28/5/2017
Bookmark and Share

 Featured Links

For supplier companies who want to offer their customers comprehensive 24 hour online product ordering facilities, Netalogue b2b web catalogue and ordering plug-ins link instantly to any existing web page and are easily maintained via any standard product or component database.

  Leuze electronic White Paper - Risk Assessment in Harmony

27  February  2017

  The European Machinery Directive as well as its implementations on a national level (in Germany ProdSG and 9 ProdSV) require machine manufacturers to perform a risk assessment as part of their design process. Where applicable, only safe machines may be put into circulation in Europe after sufficient risk reduction measures have been taken.

The German Industrial Safety Regulation requires operators of machine systems to perform regularly recurring risk assessment. The aim is to protect operating and maintenance staff of production systems in line with state-of-the-art technology by retrofitting safety technology, if necessary.

Both risk and hazard assessment are important steps in this process

* A hazard analysis: list of all relevant hazards, meaning potential possibilities of persons being harmed, in every stage of the lifetime and operation of the machine(s) such as automatic operation, calibration, cleaning, repairs, etc.

* A risk evaluation: estimation of the degree of risk for every hazard. This is the combination of the severity of a possible human injury and the probability of this injury occurring, which can, for example, be expressed
as the required Safety Performance Level PLr or required Safety Integrity Level SILCL for control- technology-related measures.

Basic standard ISO12100:2010 describes the iterative approach for minimizing risks. It also specifies a series of measures for minimizing risk as follows:

1. Constructive measures: first, all possibilities for changing the construction of a machine or a process must be exhausted to prevent risks from arising.

2. Technical measures: not until all possibilities for changing the construction or the process have been exhausted are technical measures taken. In addition to constructive/technical measures such as hard guards, flaps,
hoods, etc., these can also be control-technology-related measures such as the use of optical protective devices.

3. Organizing measures: if, after the use of protective devices has been exhausted, there are still residual risks or there is no suitable safety technology available on the market, warning messages or markings must be attached to the machine. Manufacturers must make these risks known in their machine documentation and can thereby make machine operators responsible for taking personal safety measures.

4. Personal safety measures: must be taken by the operator of the machine and
include, for instance, hearing protection, protective helmets, protective goggles, gloves, etc.

For every hazard, the risk must be estimated and documented before and after measures are taken in order to establish the effectiveness of the selected measures. It is not sufficient to establish compliance with the requirements on the above-named PLr or SILCL of control-technology-related measures with suitable tools (e.g. SISTEMA), because constructive/technical, organizing and personal safety measures do not have a PL or SIL.

Typically, various procedures are used for assessing the risk of hazards and for determining the required control-technology-related key figures. None of these processes are prescribed by the Machinery Directive, the Ordinance on Industrial Safety and Health or by a standard; both when selecting the process and when estimating the respective risk parameter, the user must make the choice – and that doesn’t make it any easier.

The risk of a hazard can be determined from the following risk parameters, whose combination results in the degree of risk:

* S (Severity): extent of damage when injury occurs
* F (Frequency) or E (Exposure): frequency and duration of presence of persons
* O (Occurrence): probability of a hazard occurring
* P (Probability) or A (Avoidance): possibility of preventing or minimizing an injury

Possible methods for risk evaluation, in addition to simple tabular methods such as the Nohl method and the like, are

* the graphic method in accordance with ISO 13849-1, Appendix A,
* the computational method in accordance with IEC 62061, Appendix A,
* and less known, the HRN (Hazard Rating Numbers) computational method,
which will be presented in brief in the following.

ISO 13849-1
Fig. 1 shows the risk graph which derives from ISO 13849-1:2015, Appendix A. The required PLr Safety Performance Level for control-technology-related measures is determined as the result per safety function. The approach seems clear and simple at first. In practice, however, it has been shown that less experienced people have problems choosing between two values due to the lack of
concrete value range specifications for the risk parameters and tend to take the higher of the two values to be on the safe side; this can make the safety technology more expensive than necessary.

The assessment of measures other than control-technology-related measures is not intended here, just as the determination of a risk adequately diminished
after measures in order to end the iterative method in accordance with ISO 12100 is not – a PLr is always the result, i.e. there is still something to do.

IEC 62061

In Appendix A of this standard, a computational method is recommended whose risk parameters are listed in Fig. 2. Instead of limiting the selection to two
possible values, as in the graphic method in accordance with ISO 13849-1, up to five values are available per parameter. The specification of concrete values for the “Frequency” parameter is also advantageous.

Adding up the individual risk parameters initially results in Risk Class K
K = F + P + O

Together with the severity (S) of the possible injury, the required SILCL of a safety function is calculated as shown in Fig. 3.

Degree of risk R of a hazard is now determined by multiplying the risk parameters and then assessed.

R = S x N x F x O

A big advantage of multiplication is that, when only one of the independent risk parameters is very small, the degree of risk is also small. This is particularly useful for risk evaluation after (a) measure(s) when only one of the parameters, e.g. the probability of occurrence of a hazard, is greatly reduced by the measure(s). For the assessment of control-technology-related measures, however, the HRN method lacks the derivation of a PLr or . SILCL from the degree of risk. In addition, not every risk parameter can be assessed as negligible and thereby with virtually zero in order to be able to assess the residual risk after measures as sufficiently low.

This was the exact motivation for the development of this method into “HaRMONY”, which is presented in the following.


The further development of the presented risk evaluation methods for the usability during the entire iteration process of risk minimization acc. to ISO
12100:2010 is the aim of the HaRMONY (Hazard Rating for Machinery and prOcess iNdustrY) method explained in the following. It is based on the computational
approach of the HRN method, but contains the following supplements:

* I ncorporation of risk parameters A (Avoidance) and N (Number)
* Evaluation of frequency and duration of exposure to hazard
* Supplement of a value (0.01) for the assessment of parameters after (a) measure(s)
* Definition of requirements on control-technology-related safety functions: PLr and SILCL
* Adaptation of risk assessment and the value ranges of the risk parameters to the parameters of standards ISO 13849-1 and IEC 62061

HaRMONY applies the following risk parameters:

S (Severity) – Extent of damage, severity of possible injury

Death: 20
Loss of 2 limbs, eyes (irreversible): 15
Loss of 1 limb, eye (irreversible): 11
Major break or serious illness(reversible): 8
Minor break or minor illness (reversible): 2
Cut, minor injury (accident insurance consultant): 0.5
Scrape /Bruise /Contusion /Hematoma (first aid): 0.1
Normally no injury after suitable measures: 0.01

Assessment 0.01 can be used for the completion of a risk reduction process in accordance with ISO 12100, for example when a dangerous movement comes to a
stop on time due to suitable measures and injuries can no longer occur.

E (exposure) – Frequency and duration of exposure to hazard

Parameter E, in addition to the frequency of presence of persons in the danger zone, determines the duration of this presence. The 3 limit values specified in the table above divide the duration in the respective row into 4 areas – they represent the slashes in the “Assessment” column. So, for instance, the value 8 is used for presence lasting for between 3 and 15 minutes occurring hourly, and value 12 is used for much longer durations. In principle, the user is free to
deviate from the assessments in the time range.

Presence of 20 minutes occurring hourly could also be assessed with 9.

The values on the left side (0.02 … 0.5) are solely intended for easily avoidable hazards in existing systems in combination with sub-optimum protective
devices in whose vicinity no workplace is situated.

For instance, the crushing or shearing of upper body parts in roller conveyors could be largely avoided by subsequently installing an optical protective device as access guarding, even if the minimum distance prescribed in the standard cannot be upheld due to structural circumstances ˇ the duration of exposure is shortened from “permanent” to “a few (milli-)seconds” through this measure. These measures cannot be used for non-avoidable hazards, such as
movements on presses or robots.

Assessment 0.01 can complete the risk reduction process in accordance with ISO 12100 if accessing a point of operation is effectively prevented, for example by a hard guard which no longer allows exposure to hazard.

O (Occurrence) – Probability of a hazard occurring

Certain – no doubt (> 99%) 15
Very probable – to be expected (90 % … 99 %) 10
Probable – not surprising (70 % … 90 %) 8
Maybe – can happen (30 % … 70 %) 5
Possible – though unusual (10 % … 30 %) 2
Improbable – although it can occur (2 % … 10 %) 1.5
Very improbable – though imaginable (0.1 % … 2 %) 1
Normally impossible after suitable measures 0.01

The estimation of the probability of occurrence of hazards is often difficult with textual descriptions. That is why additional percentage values are given, which, for example, refer to the period of time in which a hazard must be assumed. In the area of machine safety, extreme values can often be assumed with
mechanical and electrical hazards – so you often see “certain” or “very probable” or “normally impossible” after measures. Assessment 0.01 can be assigned, for example, if the hazard considered no longer arises due to constructive measures or changes to the process.

A (Avoidance) – Possibility of avoiding a hazard or its effect

Avoidance impossible: 5
Avoidance possible: 3
Avoidance probable, easily possible: 1
Normally no injury when there is awareness of the hazard and instructions or orders are followed (organizational): 0.1

Assessment 1 can, for example, be used when a movement can be controlled with safely reduced speed or with an enabling switch in step operation. Rate 0.1 makes it possible to assess the flow of organizing measures. Since an organizing and therefore deliberate measure is not equal to a protective measure not dependent on intention, an assessment of 0.1 is used instead of 0.01 as with S, E, and O. Please note that organizing measures cannot be used and assessed with 0.1 until constructive and technical protective measures have been exhausted. The statement "The employees have been instructed, so safety technology is not necessary" conflicts the approach of ISO 12100!

(Number) – Number of persons affected simultaneously Description Assessment

50+ persons: 12
16 – 50 persons: 8
8 – 15 persons: 4
3 – 7 persons: 2
1 – 2 persons: 1
No one: 0

N is usually 1 in machine safety. In the areas of process reliability and traffic safety, several to many persons can be affected by one hazard – e.g. an
explosion hazard or a train accident. The risk is therefore higher and the safety-related measures must accordingly be higher in quality. Assessment 0 can
be assigned, for example, when operating personnel is no longer needed due to changes in the production process (measure) and therefore no one can be
damaged by the observed hazard. This is expressed simultaneously by parameters S and E.

Degree of risk R is ultimately calculated by multiplying the risk parameters:
R = S x N x E x O x A

It might be easier to remember the sequence

R = E x A x S x O x N

because it spells the word "reason".

Requirements on control-technology-related measures are present as is the numerical degree of risk for assessing non-control-technology-related measures.
Safety Performance Level PL a in accordance with ISO 13849-1 does not have an SIL equivalent and is not used by HaRMONY. SIL 4 is not defined by IEC 62061, but by basic standard IEC 61508. HaRMONY thereby permits risk assessment during
the entire iterative process of risk reduction in accordance with ISO 12100, both before and after measures. An example will demonstrate this.

On a hydraulic press brake (in common terms, bending press), there is a danger of several fingers being cut off when setting the upper work piece on the work piece when work is not done in a protected manner. Without or before protective measures, the following evaluation of the risk can result with HaRMONY:

* S = 15; Severity: loss of 2 or more limbs
* E = 20; Exposure: Permanent, since the operator constantly works on the press
* O = 15; Occurrence: hazard certainly occurs during every downwards movement
* A = 5; Avoidance: avoiding the hazard is impossible
* N = 1; Number: One, max. two operators work on a press

This results in a degree of risk before measures of R = 15 x 20 x 15 x 5 x 1 = 22,500 ˇ PLr = PL e, SILCL = SIL3

Possible protective measures are:

* Light curtain with blanking or reduced resolution, if large sheets are bent,
* Special protection systems for hydraulic press brakes such as AKAS from Fiessler or protective devices from LazerSafe,

which stop the dangerous movement by interrupting the protective field when used correctly. The following risk parameters result after application of one of these measures:

* S = 0.01; Severity: Usually no injury, movement stopped
* E = 20; Exposure: Permanent, since the operator constantly works on the press
* O = 0.01; Occurrence: No longer a hazard – stopped
* A = 5; Avoidance: Prevention of the potential risk remains impossible
* N = 1; Number: One, max. two operators work on a press

After an effective measure, a degree of risk of R = 0.01 x 20 x 0.01 x 5 x 1 = 0.01ˇ Risk has been sufficiently reduced


With HaRMONY, it is possible to very precisely quantify the entire process of risk reduction in accordance with ISO 12100. The advantage of this multiplicative method is that the process can be completed via every one of the risk parameters used.

For more information, please contact:

Leuze electronic Ltd
Terek House
Phoenix Park
St. Neots
PE19 8EP
Tel:  01480 408 500
Fax:  01480 403 808
Web: are not responsible for the content of submitted or externally produced articles and images.
Click here to email about any errors or omissions contained within this article.


Bookmark and Share
Reg. no 3733110  Email Editor   Email Webmaster
(c) Copyright 2005-2017