The European Machinery Directive and the Machinery Regulation that is replacing it require a risk analysis for every machine before being brought to market or after a modification. A key part of the risk analysis is the risk assessment. In addition to the legal fundamentals, various processes for the risk assessment are introduced and their properties explained in the following.
Legal fundamentals
In accordance with EC Machinery Directive 2006/42/EC and Machinery Regulation EU 2023/1230, which will replace it in 2027, machines must not pose a danger, including following a modification. For the purpose of written confirmation, a risk analysis is performed as part of the CE conformity assessment. The CE marking may only be affixed to the machine if the machine poses no danger.
The Machinery Directive describes the process of the risk analysis in very general terms. You can find a more exact description in standard ISO 12100 – Risk assessment and risk reduction. It defines an iterative process in which one identifies, assesses and evaluates the hazards. Unacceptable hazards must be minimized. The procedure for minimizing hazards is divided into three levels: constructive, technical and organizing measures. It is mandatory that the sequence of these levels be followed.
Parameters for the risk assessment
How does one assess whether a hazard is unacceptably high and poses a risk?
In accordance with the Machinery Directive, two parameters must be taken into account for the risk assessment of a danger: the extent of damage and the probability of an injury. These two parameters can – depending on the process used for the risk assessment – be divided into further parameters.
Process for risk assessment
The risk assessment quantifies the risk and represents it by means of a risk indicator as a numerical value. There are no legal or normative specifications for the process. Sources for processes may be informative appendices in standards, technical reports from standards organizations or other publications.
In general, the processes for the risk assessment can be divided into three classes:
- Graphical processes
- Tabular processes
- Numerical processes
Graphical processes determine the risk through a graph. Each parameter is represented by a node; the branches define the values of the parameter. The values are described in text form and each node usually has only two branches, as the graph otherwise becomes confusing. Due to the limited number of options, the risk is usually only classified roughly, but the graph is simple and easy-to-understand.
Tabular processes have more than two values per parameter; the values are likewise described in text form. There are thus more options per parameter than with graphical processes. The classification is nonetheless rough here as well, as the number of parameters is limited in order to preserve the clarity of the table.
Numerical processes determine the risk indicator through multiplication of the parameter values. Many parameters with many different values are possible. Due to the many parameters and options, numerical processes are not as simple and easy to understand as graphical or tabular processes. In exchange, they determine the risk in greater detail. Risks can thereby be better compared with one another and the greatest risk identified. This can be important for prioritizing the steps for overhauling a system.
Risk reduction through technical measures
Unacceptable hazards must be reduced through appropriate measures. If constructive measures are not possible, technical measures are to be taken.
These are often realized with safety-related control systems and consist of safe components, i.e., safe sensors, a safe control and safe actuators. The components are available with various safety levels. It defines the robustness with respect to dangerous failures of the component and must be larger the greater the hazard is. The necessary safety level is therefore defined by means of a risk assessment.
Standards of functional safety contain processes for risk assessment in informative appendices for determining the necessary safety level. Standard ISO 13849-1 designates the safety level as performance level PLr, while standard IEC 62061 describes the safety level with Safety Integrity Level, SILCL.
Risk estimation in accordance with HARMONY
The described process shows that the risk assessment is performed twice with different methods and different goals: First with process 1 to assess the initial and final risk of a hazard and also with process 2 to determine the safety level of the control system.
This procedure appears unnecessarily complex. It would be simpler if a single process defined a risk indicator and simultaneously a safety level for technical measures. For this reason, Leuze created the HARMONY process, which satisfies this requirement. The term HARMONY is the abbreviated form of Hazard Rating for Machinery and process industry.
HARMONY is based on the HRN (Hazard Rating Numbers) numerical process and determines a risk indicator R through multiplication of parameter values. Value ranges of the risk indicator are directly assigned a performance level PLr in accordance with ISO 13849-1 and a Safety Integrity Level SILCL in accordance with IEC 62061.
Summary
The risk assessment is an important but complicated part of the risk analysis. The specialists from Leuze support system manufacturers and operating companies during the risk analysis and the entire CE marking process. For the risk assessment, they use the HARMONY process developed by Leuze by means of which the risk can be determined efficiently and in a detailed manner.