Is It OK to Bypass a Machine Safety Function?

Is It OK to Bypass a Machine Safety Function?

Find out why overriding a safety function still can allow a safe workplace and standards compliance — and why you need to assess how it might happen.

Machine safety is vital to operational success, but doing safety wrong can lead to both increased risk and decreased productivity. For many years, the concept of “bypassing” safeguards has been a taboo topic, almost always frowned upon by safety professionals.

However, if bypassing isn’t part of an overall risk-reduction strategy when evaluating equipment, employees will inevitably attempt to defeat the safeguards in place to perform their required tasks.

There can be some confusion interpreting the regulatory requirements and industry consensus standards when it comes to knowing when if and when bypassing might be allowed. This can create frustration when firms are attempting to strike a balance between safety and productivity.

Many advantages exist when organizations look beyond compliance and see safety as an integral part of their processes; properly including bypassing into your risk reduction process and safety management programs can be one of those advantage.

What is Bypassing?

A variety of definitions and connotations exist for bypassing, all dependent on what regulation or industry consensus standard is being examined. In addition, word choices used to describe the concept are inconsistent: Bypassing, defeating, overriding, disabling, suspending and muting. This can leave companies in a difficult position, without uniformed guidance.

How to Properly Implement Bypassing -- Bypassing can be used in some instances when a company wants to improve productivity while also keeping safety an integrated aspect of the enterprise. There is also some confusion across various standards about bypassing. This video explains how to implement bypass technology and helps firms realize the potential cost savings and productivity advantages of integrating machine safety. [CLICK IMAGE ABOVE]

Therefore, as a starting point, it’s recommended that employers define a set of terms that resonates with employees: One term for a “good” or “authorized” act, and another for a “bad” or “unauthorized” act. Here is an example:

  • Bypassing: The manual suspension of a safety function.
  • Defeating: The intentional and unauthorized act which renders a safety function or safety device ineffective.

When Can Bypassing be Used?

Once a common set of definitions has been established, it’s important to establish a process and set of criteria for where and when bypassing can be allowed. If the engineering group uses different definitions than the operations group, procurement, safety, HR groups, etc., there will be problems in the future and a much higher likelihood that a defeating action will occur.

The most important part of determining where and when to use bypassing is to conduct a Task Based Risk Assessment (TBRA), such as what’s described in ANSI B11.0. This will help evaluate which tasks actually need access to the equipment and which safeguards need to be temporarily suspended to perform the task.

Another major factor to consider is how a bypassing solution fits into a control of hazardous energy (lockout/tagout) program. Evaluate which takes require lockout, which can rely on safeguarding devices, and which can be bypassed to perform a task. ANSI/ASSE Z244.1 is a great source to help guide users through this decision process.

Requirements of Bypassing

ANSI B11.19:2010 is currently the only major standard that references a set of requirements around how to properly apply bypassing. The major requirements include:

  1. Bypassed safety functions require other protective measures, either alternative safeguarding devices or supplemental safeguarding devices. This means that just shutting off all machine safeguards is not allowed, because if the machine safeguard is turned off, another alternative safeguard must be turned on. These devices can include any of the safety devices listed in ANSI B11.19, as long as one is activated when the original machine safeguard is being bypassed. Emergency stop functions shall remain active at all times
  2. The bypassing function shall have the same circuit performance as the safety function being bypassed
  3. The means of selecting or facilitating bypassing shall be capable of being supervised (examples include key, HMI login, RFID, etc.)

Indication that the bypass is active shall be readily observable by individuals protected by the safeguarding device or the safety-related function. This is typically accomplished by a strobe light or buzzer.

Common Mistakes

There are some common mistakes that arise when engineers look to implement bypassing design.

  1. Using a PLC to control the means of bypassing will drastically low the circuit performance of the entire safety function. Even if the rest of the safety function is designed very well (e.g. light curtain wired dual channel into a safety monitoring relay with monitored redundant contacts), the introduction of a PLC into the circuit weakens the reliability and ability to detect faults. Using a separate safety controller to build the bypassing system can protect against this.
  2. Wiring safeguarding devices parallel with bypassing switches also drastically lowers the circuit performance of the entire safety function, eliminating the ability to detect faults or prevent the solution from being accidently in bypass forever.
  3. Using “OR Logic” in a safety controller often isn’t enough to verify all desired conditions are met before a safeguard can be bypassed. Although it’s possible still to maintain a high circuit performance rating with OR Logic, it’s often easy to allow for conditions to accidently turn the bypass function on. Generally speaking, it’s more common to use “XOR Logic” or a combination of multiple logic blocks, and not just an OR Gate.
  4. Lastly, forgoing a TBRA could result in Bypassing being used as a universal capability that bypasses all safeguards for potential possible things that could go wrong.  Bypassing really should be designed with specific tasks in mind, not just as a “catch all.” Otherwise, employees will be tempted to use the bypass function for many more tasks than needed.

Grantek Systems Integration Inc., with 17 offices across the globe, is a Solution Partner in the Rockwell Automation PartnerNetworkTM program. The firm is a systems integrator providing solutions and services tin the areas of building automation, packaging, control systems design, panel fabrication, information management, process design, IT design and support, project management, electrical design, RFID solutions, ERP integration, simulation, MES implementation and web-enabled solutions.

The Journal From Rockwell Automation and Our PartnerNetwork™ is published by Putman Media, Inc.

The JOURNAL

Check Out the February Issue

The JOURNAL from Rockwell Automation and Our PartnerNetwork™ is a bimonthly magazine, published by Putman Media, Inc., designed to educate engineers about leading-edge industrial automation methods, trends and technologies.