mic said:
We have done a risk assesment in the past but with the exception of the E-stop buttons the devices in our safety system are standard components, not "safety" components with a known fail state. Do any of the standards require that the "safety" version of the device must be used. (example relays, plc's, limit switches...)
If it isn't obvious, I am trying to initiate a redesign to incorporate new technologies in safety design. A regulatory requirement would have made my life a lot easier.
Chris
the standards require that you make an evaluation of all the possible hazards, including the possibility that a component could fail (to include the estop circuit).
then you have to decide how serious each of the 4 million hazards you have identified is.
then you have to redesign the machine to eliminate the hazard, or reduce it to an acceptable level.
as an example. some controls may not require much more than a start and estop pb, if the hazard is minimal. it may cause machine or process damage, but not harm a human being, which is all that matters in making these determinations.
other controls may require redundancy and self checking if there is a hazard associated with a failure of the estop circuit.
the hazard assessment can be long and involved, so it may make some sense to come up with a standardized list of things you plan to do (such as using a safety relay with redundancy and self checking) in your estop circuit so you do not have to look real close at those areas. you can spend an enormous amount of time on this the first few times you do it, and a lot of it is not well defined as to just what is required.
in the long run though, you will eventually come up with some standardized way of dealing with the most common hazards, and incorporate them into your specs so you don't have to worry about them next time around.
<added>
One thing to keep in mind - the estop is not necessarily there to protect human beings. it is required, but it may not add anything to the protection picture.
for instance, you cannot claim it is there to stop the machine as a means of reducing the hazard of someone being sucked into the machine. you have to prevent someone from being sucked into the machine directly (such as by guarding).