Safety Analysis

Note: This is an exemplary document. The risk assessment is considering a real demonstrator system, but should not be considered complete and/or correct.

In order to assure the safety of the bin-picking use case, we execute a Safety Analysis, including Hazard And Risk Analysis (HARA), Safety Concept Derivation, and Verification.

First, we explore the regulatory landscape for the domain:

Norms Landscape

In the following we execute the HARA according to ISO12100. Here are some abbreviations:

  • RI: Risk Index (1: Before Safety Measure, 2: After Safety Measure), computed according to risk graph in ISO TR 14121
  • PL: Performance Level (concept from EN/ISO 13849-1 for technical measures)
  • SIL: Safety Integrity Level (concept from IEC/EN 62061)
  • C: Constructive Measure (inherently safe construction)
  • T: Technical Measure
  • CT: Control-Technical Measure
  • U: User Information

Mechanical Hazards & Countermeasures

HazardConsequenceLocation / LifecycleRI (1)Risk Reduction MeasuresPL RequiredPL AchievedResidual RiskRI (2)
Collision of Person w/ Robot ArmBruise, Fracture, LacerationCommission, Operation4C: Lightweight Robot
CT: Stepwise Speed Scaling
PL dPL dFast Approach of Robot or malicious circumention can lead to collision1
Pinch of body parts in between robot and obstaclesBruiseCommission, Operation4CT: Four vertical safety layers constrain robot movement
U: Correct installation
PL dPL dInadequate deployment makes control-technical measure ineffective1
Pinch of hand/arm between effector and tableBruiseCommission, Operation2CT: Force of effector limited to 140N. Max. value for hands/fingers acc. to ISO/TS 15066PL dPL d--
Overthrowing tablesBruiseCommission, Operation, Setup, Teardown1C: Connect tables with eath other to ensure safe stand----
Pinch of fingers/hand due to grip of effectorBruiseCommission, Operation2CT: Grip force limit to 100NPL dPL dLow force bruise1
Fall down of work material due to ineffectiv gripBruiseCommission, Operation2U: only use work material that is light enough to not cause injuries----

Here, we describe the safety measures in more detail:

  • Stepwise Speed Scaling:
    • Humans near the robot are detected via laser scanner.
    • The speed of the robot is, at any time, scaled according to the current minimal distance between the human and the robot. Scaling is done in accordance with ISO/TS 15066, Sec. 5.5.4.
    • If a minimal distance is no longer mainted, the robot executes a safe stop. The minimal distance is derived from ISO 13855, Sec. 6.3.
  • Correct Installation:
    • No obstacles should reach into the workspace of the robot.
    • Minimal distances between safety layers and surrounding obstacles must be ensured, according to ISO 13854.
  • Force Limitation:
    • In this operation mode, it is required that for all possible collision scenarios, the resulting collision force and collision pressure are below certain body-part specific limits which are specified by ISO/TS 15066.
    • Possible collision scenarios and affected body parts are determined in a risk assessment procedure before commissioning.
    • Collision force limitation can be achieved by constructive measures (e.g. reduced robot mass, compliant joints), software measures (speed limitation, collision detection), or combinations of both.
    • Compliance with the force limitation requirements can be validated through a calculation model or measurements.

Electrical Hazards & Countermeasures

HazardConsequenceLocation / LifecycleRI (1)Risk Reduction MeasuresPL/SILResidual RiskRI (2)
Touching parts with present voltageElectric ShockCommission, Operation, Setup, Teardown5C: Avoid contact of parts with present voltage
T: Robot Control Device
U: Only briefed staff can open cabinet
U: Warning on harmful voltage
U: Visual inspection of isolation
-Isolation could be damaged or warnings can be ignored2

Here, we describe the safety measures in more detail:

  • Avoid Contact of Parts with Present Voltage:
    • Robot and Robot Control Device: only use original components of vendor, no eletric modifications
    • Laserscanner, Scanner Control Device: use low voltage (<= 24V), guard from touching through locked switch cabinet.
    • Power Supply Gripper: use low voltage (<= 24V)
    • Power Supply, Power Adapter: guard from touching through locked switch cabinet.

Other Hazards & Countermeasures

HazardConsequenceLocation / LifecycleRI (1)Risk Reduction MeasuresPL/SILResidual RiskRI (2)
Bystanders could unintentionally / maliciously interfere with controlVarious injuriesOperation5T: Areas not covered by scanner must be made inaccessible by other means
U: Operators have to oversee operation
-Unintentional / malicious activation of control2
Emergency stop is not reachable in critical situationVarious injuiresCommission, Operation3U: During operations, emergency stop button must be within operator's reach-Emergency stop button cannot be reached in time (e.g. slow reaction).1