Risk Reduction processes follow a hierarchy of risk reduction measures to determine what risk reduction method(s) will be used. The hierarchy represents the different types of measures that may be available and lists them from most preferred to least preferred – ranging from Inherently Safe Design to Administrative Controls. It is important to realise that, even though the most preferred type of risk reduction measure is to design out the hazard, it may be difficult or impossible to use that method because of how the machine functions and/or, especially, if the machine has already been designed and built. Quite often, the most feasible options is to use a combination of the different types of risk reduction measures such as guards, control devices, procedures, and personal protective equipment (PPE).
Reference B11.0 Table 3 - The Hazard Control Hierarchy
![]() |
Classification | Risk Reduction Measures | Examples | Influence on Risk Factors |
---|---|---|---|---|
Inherently Safe by Design | Design Out (Elimination or Substitution) |
|
|
|
Engineering Controls | Guards, Control Functions and Devices |
|
|
|
Administrative Controls | Awareness Means |
|
|
|
Information for Use (Training and Procedures) |
|
|
||
Administrative Safeguarding Methods |
|
|
||
Supervision |
|
|||
Control of Hazardous Energy |
|
|||
Tools |
|
|
||
Personal Protective Equipment (PPE) |
|
|
Inherently safe design measures include elimination or substitution. Elimination could include things like redesigning the machine, automating a portion of the machine to eliminate a dangerous task, or changing the sequence to completely do away with the potential hazard. Substitution could include implementing measures that reduce speed, pressure, force, and direction to reduce the hazard to an acceptable level, rendering it safe. Engineering controls (safety systems) reduce risk or eliminate the frequency of exposure to the hazard. This can be done with physical guarding and/or safety systems that control the electrical, pneumatic, hydraulic, and other energy sources in a way that meets the safety level determined by the risk assessment for that task/hazard pair.
Selecting the most appropriate risk reduction measures will be application-specific and may take multiple steps. ANSI B11.19 and many ISO Type B standards provide performance requirements. They include information on the use of fixed and moveable guards, control functions, and control devices, as well as administrative controls.
Below is an example list of recognised safety functions for electrical control systems from ISO 13849-1. See Tables M.1 & M.2 below for details.
Some International Standards applicable to typical machine safety functions and certain of their characteristics | |||
---|---|---|---|
Safety function / characteristic | Requirements | For additional information, see: | |
This part of ISO 13849 | ISO 12100:2010 | ||
Safety-related stop function initiated by a safeguard a | 5.2.1 | 3.2.8.8, 6.2.11.3 | IEC 60204-1:2005, 9.2.2, 9.2.5.3, 9.2.5.5; ISO 14119; ISO 13855 |
Manual reset function | 5.2.2 | - | IEC 60204-1:2005, 9.2.5.3, 9.2.5.4 |
Start/restart function | 5.2.3 | 6.2.11.3, 6.2.11.4 | IEC 60204-1:2005, 9.2.1, 9.2.5.1, 9.2.5.2, 9.2.6 |
Local control function | 5.2.4 | 6.2.11.8, 6.2.11.10 | IEC 60204-1:2005, 10.1.5 |
Muting function | 5.2.5 | - | IEC/TS 62046:2008, 5.5 |
Hold-to-run function | - | 6.2.11.8 b) | IEC 60204-1:2005, 9.2.6.1 |
Enabling device function | - | - | IEC 60204-1:2005, 9.2.6.3, 10.9 |
Prevention of unexpected start-up | - | 6.2.11.4 | ISO 14118; IEC 60204-1:2005, 5.4 |
Escape and rescue trapped persons | - | 6.3.5.3 | - |
Isolation and energy dissipation function | - | 6.3.5.4 | ISO 14118; IEC 60204-1:2005, 5.3, 6.3.1 |
Control modes and mode selection | - | 6.2.11.8, 6.2.11.10 | IEC 60204-1:2005, 9.2.3, 9.2.4 |
Interaction between different safety-related parts of control systems | - | 6.2.11.1 (last sentence) | IEC 60204-1:2005, 9.3.4 |
Monitoring of parameterisation of safety-related input values | - | - | - |
Emergency stop function b | - | 6.3.5.2 | ISO 13850; IEC 60204-1:2005, 9.2.5.4 |
Including interlocked guards and limiting devices (e.g., over-speed, over-temperature, over-pressure). Complementary protective measure, see ISO 12100:2010. |
Some International Standards applicable to typical machine safety functions and certain of their characteristics | |||
---|---|---|---|
Safety function / characteristic | Requirements | For additional information, see: | |
This part of ISO 13849 | ISO 12100:2010 | ||
Response time | 5.2.6 | - | ISO 13855:2010, 3.2, A.3, A.4 |
Safety-related parameter such as speed, temperature or pressure | 5.2.7 | 6.2.11.8 e) | IEC 60204-1:2005, 7.1, 9.3.2, 9.3.4 |
Fluctuations, loss, and restoration of power sources | 5.2.8 | 6.2.11.8 e) | IEC 60204-1:2005, 4.3, 7.1, 7.5 |
Indications and alarms | - | 6.2.8 | ISO 7731; ISO 11428; ISO 11429; IEC 61310-1; IEC 60204-1:2005, 10.3, 10.4; IEC 61131; IEC 62061 |
Potential safety functions for pneumatics include:
Pneumatics | |||||||
---|---|---|---|---|---|---|---|
Safety Function Type | Energy Isolation | Safe Exhaust | Safe Return | Safe Return "Dual Pressure" |
Safe Control and Safe Load Holding | Safe Pressure Select | |
![]() |
PUS - Prevention of Unexpected Start-up (Lockout - Tagout) B11.26 11.3.3.4 |
||||||
![]() |
SDE - Safe Deenergisation (Safe Exhaust) B11.26 11.3.3.10 |
||||||
![]() |
SEZ - Safe Energisation (Safe Exhaust with Soft-Start) B11.26 11.3.3.10 |
||||||
![]() |
STO - Safe Torque Off (Safe Exhaust) B11.26 11.3.3.10 |
||||||
![]() |
SBC - Safe Brake Control B11.26 11.3.3.10 B11.26 11.3.3.11 |
||||||
![]() |
SDI - Safe Direction (Safe Return) B11.26 11.3.11 |
||||||
![]() |
SS1 - Safe Stop 1 (Controlled Stop) (Safe Stop with Holding) B11.26 11.3.13 |
||||||
![]() |
SS2 - Safe Stop with Blocking (Safe-Holding) B11.26 11.3.13 & 11.3.14 |
||||||
![]() |
SLP - Safe Limited Pressure (Torque) B11.26 11.3.17 |
Potential safety functions for hydraulics include:
Hydraulics | |||||||
---|---|---|---|---|---|---|---|
Safety Function Type | Energy Isolation | Block & Bleed | Block & Stop | ||||
![]() |
SDE - Safe Deenergisation (Block & Bleed) B11.26 11.4.3 |
||||||
![]() |
SEZ - Safe Energisation (Block & Bleed) B11.26 11.4.3 |
||||||
![]() |
STO - Safe Torque Off (Block & Bleed) B11.26 11.4.3 |
||||||
![]() |
SBC - Safe Brake Control B11.26 11.4.3 |
||||||
![]() |
SS1 - Safe Stop 1 (Controlled Stop) (Safe Stop with holding) B11.26 11.4.3.7 |
||||||
![]() |
SS1 - Safe Stop 1 (Controlled Stop) (Safe Stop with holding) B11.26 11.4.3.7 |