Issue 4/2007


07/02/07

Risk assessment in accordance with ISO/TS 14 798:2006

Dr.-Ing. Gerhard Schiffner

As prescribed by the Lifts Directive or the Machinery Directive, all deviations from harmonized standards and all additional hazards associated with a product will have to be examined using risk assessment techniques and an adequate safety level (equivalent to that described in the harmonized standard) has to be demonstrated. This report explains the procedures used to conduct risk assessments, as set down in the revised ISO/TS 14 798 technical specifications. This procedure is based on the general procedures published in ISO Guide 51, ISO 12 100-1/2 (previously EN 292-1/2) and ISO 14 121 (previously EN 1050); it was specially modified for lifts, escalators and moving walks.
Category: Issue 4/2007
Posted by: Editor

When compared with the original version released in 2000, the 2006 revised version contains modifications and additions in to the concepts and terms and to the instructions for conducting the procedure along with changes in the definitions and allocations of the steps for severity and probability. Essentially, however, the new risk categories are comparable with those found in the previous edition (e.g. the new “2 D” category corresponds to the old “II D”).

Fundamental principles
There is no absolute safety. Safety results from the search for an ideal balance between the goal of absolute safety and the demands imposed on a product or a process in regard to customer utility, achieving its purpose, cost effectiveness and society’s expectations. The safety level has to be reviewed regularly, particularly where experience based on actual incidents make this appear to be necessary and where technological developments lead to feasible improvements that enable a further reduction of residual risk.
The concept of risk assessment
Risk assessment is a series of logical steps that make possible systematic examination of hazards and risks. The individual categories and their sequence are shown in Figure 1. Repeated application of these steps results in an iterative process to eliminate hazards or reduce risks by way of safety measures.
Step 1 – Determination the reasons for risk assessment
A risk assessment can become necessary for any of a number of reasons:
1. When drafting and reviewing safety requirements in standards
2. While engineering and/or developing safety-critical components or systems where no safety standards have been adopted
3. To demonstrate an acceptable and equivalent safety level in the event of deviations from harmonized standards
4. To demonstrate an acceptable safety level, should there be additional hazards not covered by the harmonized standards
5. When examining methods for assembling, maintaining and testing components and lifts
Step 2 – Formation a risk assessment team
Risk assessments should always be carried out in a team. Whenever risk assessment is carried out by an individual, it is impossible to eliminate the possibility that individual hazards will be overlooked and the evaluation of the risk is too strongly influenced by subjective factors. The size of the team will depend on the scope and the significance of the risk assessment to safety.
The team should comprise professionals who have theoretical knowledge about the product and, if at all possible, practical experience in dealing with the product. In addition to the specialist who is handling the product, at least one impartial expert and a specialist with practical experience should participate in the team.
When dealing with larger and more complex components, systems or processes, a moderator should be appointed for the conduct of the risk assessment who
  • has a comprehensive understanding of the product or the process to be examined,
  • understands the risk assessment procedure and has already taken part in several risk assessments,
  • is able to adopt an impartial stance, without preconceived notions,
  • is able to lead a team,
  • acts as a mediator and not as a participant in the discussions, and
  • is able to arbitrate and bring about a settlement where the team cannot reach consensus.
Additional detailed information on the moderator’s tasks are found in Annex E to the standard.
Step 3 – Determination of the subject to be examined and relevant documentation
To be described exactly in this step is the product or process for which the risk assessment is to be conducted and the conditions under which the product or process is to be employed. To disclose all the hazards and to achieve a correct estimate of the risks it is necessary, beforehand, to achieve clarification as to the conditions under which the product or process is to be used. In the case of lifts it is necessary in particular to take into account the purpose for which the system is intended to be used.
The life cycle of the system or component should be defined in the descriptions of the topic to be examined, since the occurrence probability for any given risk has to be observed in relationship to this life cycle. Whenever the components are to be replaced at prescribed intervals, the life cycle of a component may be considerably shorter than the life cycle of the lift as a whole.
Moreover, all the information and data that might be of interest for risk assessment are to be exchanged in this step. These might include reports and investigations of accidents and incidents, for instance.
Step 4 – Identification the scenarios
A systematic procedure is used to ascertain and identify all the hazards associated with the product. Typical hazards are listed in Annex B to the standard. In the case of more complex risk assessments, the team should systematically comb through these hazards and examine whether they are relevant for the product being considered and whether they could be the basis for concrete scenarios.
A further option for discerning hazards is to be found in identifying the deviations of the product from the harmonized standards and to derive from that the hazards covered by these points. The risks deriving from these hazards will have to be reduced, in the course of the risk assessment and with other safety measures, to an acceptable safety level, one that is equivalent to the level prescribed in the harmonized standard.
As soon as the fundamental hazards have been identified, it is then possible to derive from them the scenarios, comprising the hazardous situation, the cause and the effect. In the case of more complex risk assessments it makes sense to organize the scenarios according to the persons affected, the location of the hazard and/ or the activities conducted by the persons.
Step 5 – Estimation of the risks
When estimating risks, the severity of the potential damage and the probability of the occurrence of this damage will have to be appraised. Severity is divided into four categories, as shown in Table 1, and the probability into six categories, as shown in Table 2. The definition of the categories can be modified to suit the assignment for risk assessment, e.g. for firefighters’ lifts or for elevators to be used by the disabled persons.
One single elevator is always to be considered when appraising the occurrence probability for the risk. It is possible, however, to use statistical records for a group of similar lifts to arrive at the acceptable occurrence probability for an individual lift. If, for example, a society sees one event per 100,000 similar lifts per year as being within acceptable limits, then the occurrence probability for this event for an individual lift may not be greater than 10-5 per year or, referenced to a life cycle of 20 years, for instance, no greater than 5 · 10-3.
The occurrence probability depends upon:
  • The frequency and the period during which a person is exposed to the hazard
  • The frequency at which this scenario arises and
  • Technical and personal capabilities to prevent or limit the damage.
The following aspects should also be taken into account when estimating the risks:
  • Reliability of the safety functions
  • The possibilities for bypassing safety measures
  • Human behavior and failures
  • Predictable misuse
  • Vandalism.
Step 6 – Evaluation of the risks
The evaluation as to whether a risk can be acceptable and an adequate safety level is present is undertaken on the basis of the risk profile in Annex D. Risks in the dark gray fields (Group 1) cannot be accepted under any circumstances. In these cases, additional safety measures will have to be adopted in order to eliminate the hazards or to further reduce the risk. Risks in the light gray fields (Group 2) may, following an additional review, be accepted only if no further reduction of risk can be achieved with a reasonable amount of effort. Only the white fields (Group 3) can be accepted without further measures.
Step 7 – Has the risk been sufficiently mitigated?
If the risk evaluation reveals that the risk falls into Group 1 or 2, then suitable safety measures will have to be instituted. Such measures having been adopted, the risk assessment will have to be carried out and examined once again, beginning with Step 4, to determine whether
  • The risk has been sufficiently reduced
  • New hazards have arisen from the safety measures selected
  • The prevailing residual risks require no further reduction.
Step 8 – Risk-reduction measures
Potential safety measures should essentially be selected in accordance with the following priorities:
a) Eliminating the hazard by way of better or alternate technical solutions.
b) If the hazard cannot be eliminated, then implementing technical measures to reduce the risk as far as possible. Included here are improved technical solutions, additional safety equipment, guards etc.
c) If the risk cannot be reduced by technical means, then the users of the product or the persons who execute a process will have to be informed of the residual risks. This will include providing information and training, affixing warning signs, personal safety equipment etc.
Documentation
Documentation for risk assessment comprises the following:
a) Description of the reasons for undertaking the risk assessment
b) Listing of the persons involved and the dates for the team meetings
c) Description of the product
d) Recording the scenarios on forms as per Annex A, to include the safety measures selected, the risk estimates before and after the safety measures were implemented, and residual risks
e) Risk evaluation before and after the employment of safety measures; entering data in the risk profile as per Annex D
f) All the relevant data, information, calculations, examinations etc. that were included in the assessment
g) All the assumptions made during the process.
Examples
Annex F of the standard lists five sample scenarios for lifts and escalators to explain the practical application of the methods.
Summary
The revised risk assessment methods as per ISO/TS 14 798:2006 have been re - fined in comparison with the previous version and formulated for greater intelligibility. Practical examples for lifts and escalators illustrate the application of the methods. The moderator’s significance and tasks, directed to achieving the most impartial results possible, have been strengthened. When classifying the probabilities, the “impossible” category has been changed to “highly improbable”; this makes it more possible to achieve the most favorable probability level when applying the revised methods. On the other hand, the “improbable” level implies greater compulsion to examine further improvements in order to take the leap into the “highly improbable” level, if at all possible. The remaining level for the, probabilities and the severity of the damage or injury have been retained, making the revised procedure quite comparable with the prior procedure.
Lecture delivered on the occasion of the 2007 Heilbronn Lift Conference, organized by the Heilbronn Technical Academy.

Dr. Gerhard Schiffner studied mechanical engineering at the University of Stuttgart, graduating in 1981. He then worked as a scientific associate at the Institute of Mechanical Handling and Logistics, where he earned his doctorate in 1986, specializing in the field of wire ropes. From 1986 to 2004 he worked for a major elevator company, discharging assignments in research and development, international product coordination, and codes and standards. At mid-2004 Dr. Schiffner founded his own firm, STC Lift Consulting, and now offers consulting services in the fields of product safety, lift technology and codes and standards. He is a member of various national, European and international committees on regulations and standards.

4/2007

^ Top