Merican Ational Tandard

ANSI/ASSE Z590.
3 – 2011
AMERICAN NATIONAL STANDARD
ANSI/ASSE Z590.3 – 2011
Prevention through Design

Guidelines for Addressing Occupational Hazards
and Risks in Design and Redesign Processes
ANSI/ASSE Z590.3 – 2011
AMERICAN SOCIETY OF
SAFETY ENGINEERS
The information and materials contained in this publication have been developed from sources believed
to be reliable. However, the American Society of Safety Engineers (ASSE), as secretariat of the ANSI
Z590 Committee, or individual committee members accept no legal responsibility for the correctness or
completeness of this material or its application to specific factual situations. By publication of this
standard, ASSE or the Z590.3 Committee does not ensure that adherence to these recommendations will
protect the safety or health of any persons, or preserve property.
ANSI®
ANSI/ASSE Z590.3 – 2011
American National Standard
Prevention through Design

Guidelines for Addressing Occupational Hazards
and Risks in Design and Redesign Processes
Secretariat
American Society of Safety Engineers

1800 East Oakton Street
Des Plaines, Illinois 60018-2187
Approved September 1, 2011
Effective January 23, 2012
American National Standards Institute, Inc.

Approval of an American National Standard requires verification by ANSI that the
American requirements for due process, consensus, and other criteria for approval have
National been met by the standards developer. Consensus is established when, in the
judgment of the ANSI Board of Standards Review, substantial agreement has
Standard been reached by directly and materially affected interests. Substantial
agreement means much more than a simple majority, but not necessarily
unanimity. Consensus requires that all views and objections be considered, and
that a concerted effort be made toward their resolution. The use of American
National Standards is completely voluntary; their existence does not in any
respect preclude anyone, whether he/she has approved the standards or not,
from manufacturing, marketing, purchasing, or using products, processes, or
procedures not conforming to the standards. The American National Standards
Institute does not develop standards and will in no circumstance give an
interpretation of any American National Standard. Moreover, no person shall
have the right or authority to issue an interpretation of an American National
Standard in the name of the American National Standards Institute. Requests for
interpretation should be addressed to the secretariat or sponsor whose name
appears on the title page of this standard.
Caution Notice: This American National Standard may be revised or withdrawn

at any time. The procedures of the American National Standards Institute require
that action be taken periodically to reaffirm, revise, or withdraw this standard.
Purchasers of American National Standards may receive current information on
all standards by calling or writing the American National Standards Institute.
Published October, 2011 by
American Society of Safety Engineers

1800 East Oakton Street
Des Plaines, Illinois 60018-2187
(847) 699-2929 • www.asse.org
Copyright ©2011 by American Society of Safety Engineers

All Rights Reserved.
No part of this publication may be reproduced

in any form, in an electronic retrieval system or
otherwise, without the prior written permission
of the publisher.
Printed in the United States of America

FOREWORD
This standard was developed to provide consistent procedures for addressing occupational
hazards and risks in the design and redesign processes, and to replace Technical Report ASSE
TR-Z790.001 – 2009.
In the late 1990s, the Advisory Committee of the Institute for Safety through Design at the
National Safety Council concluded that significant benefits will be derived if decisions affecting
safety, health and the environment are integrated into the early stages of the design and
redesign processes. The benefits noted were:
• Significant reductions will be achieved in injuries, illnesses and damage to property

and the environment, and their attendant costs.
• Productivity will be improved.
• Operating costs will be reduced.
• Expensive retrofitting to correct design shortcomings will be avoided.
Developments since then have given additional importance and credence to management,
design engineers and safety and health professionals having knowledge of the principles and
practices applied in addressing occupational risks in the design and redesign processes. For
example, there has been a more frequent inclusion of provisions in safety standards and
guidelines requiring that hazards and risks be addressed in the design and redesign processes.
This standard is related to, and provides assistance in, fulfilling those requirements.
Another development supports the need for this standard. The National Institute for
Occupational Safety and Health (NIOSH) held a workshop in July 2007 to obtain the views of a
variety of stakeholders on a major National initiative to “create a sustainable national strategy
for Prevention through Design.”
Some participants in that workshop expressed the view that the long-term impact of the NIOSH
initiative could be “transformative,” meaning that a fundamental paradigm shift could occur
resulting in greater emphasis being given to the higher and more effective decision levels in the
hierarchy of controls. For this initiative, the NIOSH Mission is:
To reduce the risk of occupationally related injuries, illnesses, fatalities and exposures
by including prevention considerations in all designs that affect individuals in the
occupational environment.
This NIOSH initiative is based on its stated premise: “One of the best ways to prevent and
control occupational injuries, illnesses and fatalities is to design out and minimize hazards and
risks early in the design process.”
Enthusiasm for additional knowledge of prevention through design principles and practices was
significant. Several attendees at the workshop said that a guideline, regulation or standard is
needed that sets forth the principles and the methodologies to address hazards and risks in the
design and redesign processes. Technical Report Z790 temporarily addressed those needs.
This standard refines, expands and replaces the content of the Technical Report.
One of the most significant subjects discussed at the July 2007 workshop was the need to
incorporate design concepts pertaining to occupational hazards and risks into academic
curricula for all disciplines because of the recognition that few curricula include segments on
addressing hazards and risks in the design and redesign processes.
This standard also is in concert with the stated intent of the American Society of Safety
Engineers, in a Position Paper that was approved by the Board of Directors in 1994 to promote
acquisition of knowledge of and application of “Designing For Safety” concepts. The opening
paragraph of that Paper reads as follows.
Designing for Safety (DFS) is a principle for design planning for new facilities,
equipment, and operations (public and private) to conserve human and natural
resources, and thereby protect people, property and the environment. DFS advocates
systematic process to ensure state-of-the-art engineering and management principles
are used and incorporated into the design of facilities and overall operations to assure
safety and health of workers, as well as protection of the environment and compliance
with current codes and standards.
In August 2007, the ASSE Engineering Practice Specialty group within the American Society of
Safety Engineers published an article in a Special Issue of its Newsletter “By Design,” the title of
which was “Prevention through Design: Addressing Occupational Risks in the Design and
Redesign Processes.” This article, by Fred A. Manuele, CSP, P.E., was also published in the
October 2008 issue of Professional Safety. That article formed an early basis for the Z790.001-
2009 technical report, and now this standard.
On September 23, 2008, NIOSH held a “Kick-off meeting” with respect to its initiative on
Prevention through Design. One of the action items discussed was to: “Develop and approve a
broad generic voluntary consensus standard on Prevention through Design that is aligned with
international design activities and practice.” That gave impetus for ASSE to consider further
immediate action that resulted in the development of its Technical Report and this standard.
The continuum of similar initiatives is also important as cited in the two references below.
Namely, ANSI/AIHA Z10, the Occupational Health and Safety Management Systems
standard sets a benchmark provision requiring that processes be in place “to identify and
take appropriate steps to prevent or otherwise control hazards and reduce risks
associated with new processes or operations at the design stage.” Z10 also states that
“The design review should consider all aspects including design, construction, operation,
maintenance, and decommissioning.” Several stakeholders have pointed out that Z10
states what needed to be done, but more information needs to be provided on how to
meet its performance requirements.
Secondly, the OSHA Alliance Construction Roundtable developed a video training

program titled “Design for Construction Safety” to reduce construction injuries by
incorporating features in the design stage of a construction project that make a building
or structure safer to build and maintain.
On November 18, 2008, the ASSE Standards Development Committee discussed further
developing the paper published by ASSE into a technical report or a standard. A decision was
made by the committee to consider further immediate action that resulted in developing a
Technical Report and then this standard
Several standards and guidelines were used as references in the preparation of this standard.
Particular note is made of the several versions of MIL-STD 882, the Department of Defense,
Standard Practice for System Safety.
Requirements in the standard are identified by the word “shall.” An organization that chooses to
conform to this standard is expected to fulfill those “shall” requirements. Explanatory comments
and recommended practices preceded by the word “Note” are informative and not requirements
of the standard. Also, addenda are informative and are not normative requirements of the
standard.
Revisions: The Z590.3 Committee welcomes proposals for revisions to this standard. Revisions
are made periodically (usually five years from the date of the standard) to incorporate changes
that appear necessary or desirable, as demonstrated by experience gained from the application
of the standard. Proposals should be as specific as possible, citing the relevant paragraph
number(s), the proposed wording, and the reason for the proposal. Pertinent documentation
would enable the Z590.3 Committee to process the changes in a timelier manner.
Interpretations: Upon a request in writing to the Secretariat, the Z590.3 Committee will render
an interpretation of any part of the standard. The request for interpretation should be clear,
citing the relevant paragraph number(s) and phrased as a request for a clarification of a specific
requirement. Oral interpretations are not provided. No one but ASSE is authorized to provide
any interpretation of this standard.
This standard is effective 90 days after the publishing of this standard. The committee
recognizes that some period of time after the approval of this document is necessary for
organizations, suppliers and users to develop new designs and/or modify existing standards or
procedures in order to incorporate the new and/or revised requirements of this standard into
their operations. The committee recommends that entities that choose to adopt this standard
begin implementing the requirements within 12 months of the approval date.
Approval: Neither ASSE nor the Z590.3 Committee approves, certifies, rates or endorses any
item, construction, proprietary device or activity.
Committee Meetings: Persons wishing to attend a meeting of the Z590.3 Committee should
contact the Secretariat for information.
Standard Approval: This standard was processed and approved for submittal to ANSI by the
American National Standards Committee on Prevention through Design, Z590.3. Approval of
the standard does not necessarily imply (nor is it required) that all Committee members voted
for its approval. At the time this standard was approved, the Z590.3 Committee had the
following members:
Fred A Manuele, P.E., CSP, Chair
Bruce W Main, P.E., CSP, Vice Chair
Timothy R. Fisher, CSP, CHMM, ARM, CPEA, Secretary
Jennie Dalesandro, Administrative Technical Support
Organization Represented Name of Representative
ABB Inc. Darryl Hill, Ph.D., CSP

Aon Corporation Leslie Batterson, CSP, CPEA
Arthur J. Gallagher & Co. James D. Smith, CSP
AXA Matrix Risk Consultants Walter Beattie, CSP, CFPS
Bechtel Jacobs Company LLC Reggie Suga, CHMM
BioEchoes, Inc. Martha Bidez, Ph.D.
Black & Decker, HHI Group Lorraine Sedlak, CSP, CIH
Booz Allen Hamilton Inc. Doug Parrish
Bresnahan Consulting Associates Thomas F. Bresnahan, Jr., CSP
CDC / NIOSH Donna Heidel, CIH
CNA Insurance William Phillips, Jr., P.E.
Christensen Consulting for Safety Excellence Wayne C. Christensen, P.E., CSP
Columbia Construction Co. Neil Webster, CSP, OHST
Comprehensive Loss Management Inc. Richard A. Pollock, CSP
Construction Safety & Health Inc. Gregory L. Smith, CSP
County of San Bernardino Christopher Gates, ARM
CTJ Safety Associates David Coble, CSP
Design Safety Engineering Bruce W Main, P.E., CSP
Jack H. Dobson, Jr. Jack H. Dobson, Jr., CSP
Dynamic Safety Inc. David Natalizia
East Carolina University Hamid Fonooni, Ph.D., CPE
Eastern Alliance Insurance Group Frank Baker, CSP, CFPS, ALCM
Ellis Fall Safety Solutions J. Nigel Ellis, Ph.D., P.E., CSP, CPE
Embry Riddle University Michael F. O’Toole, Ph.D.
Gabriel Environmental Services Judy Freeman
GE Healthcare Jeremy Harris, CSP
Hartford Steam Boiler Timothy Healey
Hazards Limited Fred A Manuele, P.E., CSP
Henkel Corporation Bryant Winterholer, P.E., CSP
Kaiser-Permanente Erica Stewart, CIH
Kuwait Oil Co. (HSE-E&PD Team) Ashok Garlapati, CSP, QEP
Laborers Health & Safety Fund Scott P. Schneider, CIH
LJB Inc. Thomas Kramer, P.E., CSP
Liberty Mutual Insurance John Rabovsky, CSP, ARM
Marshall University James McIntosh, CIH, CSP
Healthcare Industry Joseph Klancher, CSP
National Electrical Contractors Association Jerry E. Rivera
NAVFAC Southwest Division Ronson Kung
Northeast Consulting Engineers, Inc. John Mroszczyk, Ph.D., P.E., CSP
NuStar Energy L.P. David Bascom, REM
OccuHealth, Inc. Eric Stager, CSP, CIH
Owens Corning David Walline, CSP
PMUSA Michael Hagerty, CSP
Pamela B. Perrich Pamela Perrich, CIH
Professional Safety Consultants Jim Lapping, P.E., CSP
PSM Consulting George Pearson, CSP, ARM
Risky Biz Services Inc. C. Gary Lopez, CSP
RRS / Schirmer Thomas Lawrence, Jr. P.E., CSP
Safety Compliance Services Roberta Nelson Shea
Safety Management Consultants Inc. J. Terrence Grisim, CSP, ARM, CPSM
Safety Management Group Inc. Kim Fulford, CHST
Safety Solutions James C. Howe, CSP
Sierra Pacific Industries Howard C. Hughes
SPAN International Daniel J. Snyder, CSP
U.S. Army Corps of Engineers Charles Colbert, P.E., CSP, CIH
U.S. Department of Commerce Fred Fanning
Virginia Beach City Public Schools James H. Morris, III
Walt Disney World Gail House, CSP
Warren Brown Consulting Warren K. Brown, CSP, ARM, CSHM
WRC Safety William R. Coffey, CSP, CPEA
Zander Construction Company Robert Potts, CSP
Contents SECTION ............................................................................................................ PAGE
1. Scope, Purpose and Application ..................................................................... 10

1.1 Scope .................................................................................................... 10
1.2 Purpose ................................................................................................. 10
1.3 Application ............................................................................................. 10
2. Referenced and Related Standards ................................................................ 11

2.1 Referenced Standards and Guidelines ................................................. 11
2.2 Referenced American National Standards and Technical Reports ....... 11
3. Definitions ........................................................................................................ 12
4. Roles and Responsibility ................................................................................. 14
5. Relationships with Suppliers ........................................................................... 15
6. Design Safety Reviews ................................................................................... 16
7. The Hazard Analysis and Risk Assessment Process ..................................... 17

7.1 Management Direction .......................................................................... 17
7.2 Select a Risk Assessment Matrix .......................................................... 18
7.3 Establish the Analysis Parameters ........................................................ 18
7.4 Anticipate/Identify the Hazards.............................................................. 19
7.5 Consider the Failure Modes .................................................................. 20
7.6 Assess the Severity of Consequences .................................................. 20
7.7 Determine Occurrence Probability ........................................................ 21
7.8 Define the Initial Risk ............................................................................. 21
7.9 Select and Implement Risk Reduction and Control Methods ................ 21
7.10 Assess the Residual Risk ...................................................................... 22
7.11 Risk Acceptance Decision Making ........................................................ 22
7.12 Document the Results ........................................................................... 23
7.13 Follow Up on Actions Taken .................................................................. 23
8. Hazard Analysis and Risk Assessment Techniques ....................................... 23
9. Hierarchy of Controls....................................................................................... 24
Addenda:
A – The Risk Assessment Process ................................................................. 27

B – Progression of Occupational Hygiene Issues Flow Chart ........................ 28
C – Procurement Guidelines ........................................................................... 29
D – Risk Assessment Report .......................................................................... 31
E – A Design Safety Review Guide................................................................. 32
F – Examples of Risk Assessment Matrices and Definitions of Terms ........... 34
G – Comments on Selected Hazard Analysis and Risk
Assessment Techniques .......................................................................... 40
H – Potential Failure Mode and Effects Analysis Sequence ........................... 44
I – The Logic Supporting the Hierarchy of Controls ........................................ 45
J – Bibliography ............................................................................................... 50
ANSI/ASSE Z590.3 – 2011
AMERICAN NATIONAL STANDARD Z590.3

PREVENTION THROUGH DESIGN
GUIDELINES FOR ADDRESSING OCCUPATIONAL HAZARDS
AND RISKS IN DESIGN AND REDESIGN PROCESSES
1. SCOPE, PURPOSE AND APPLICATION
1.1 Scope. This standard provides guidance on including prevention through design
concepts within an occupational safety and health management system. Through the
application of these concepts, decisions pertaining to occupational hazards and risks can be
incorporated into the process of design and redesign of work premises, tools, equipment,
machinery, substances, and work processes including their construction, manufacture, use,
maintenance, and ultimate disposal or reuse. This standard provides guidance for a life-cycle
assessment and design model that balances environmental and occupational safety and health
goals over the life span of a facility, process, or product.
This standard complements but does not replace performance objectives existing in other
specific standards and procedures.
The goals of applying prevention through design concepts in an occupational setting are to:
• Achieve acceptable risk levels.
• Prevent or reduce occupationally related injuries, illnesses, and fatalities.
• Reduce the cost of retrofitting necessary to mitigate hazards and risks that were
not sufficiently addressed in the design or redesign processes.
1.2 Purpose. This standard pertains principally to the avoidance, elimination, reduction or
control of occupational safety and health hazards and risks in the design and redesign process.
Note: Incidents or exposures that have the potential to result in occupational injuries
and illnesses can also result in damage to property and business interruption, and
damage to the environment. Reference is made in several places in this standard to
those additional loss potentials which may require evaluation and resultant action.
1.3 Application. This standard may be applied in any occupational setting. This standard
applies to the four major stages of occupational risk management as follows:
1. Pre-operational stage – in the initial planning, design, specification, prototyping,

and construction processes, where the opportunities are greatest and the costs
are lowest for hazard and risk avoidance, elimination, reduction or control.
2. Operational stage – where hazards and risks are identified and evaluated and
mitigation actions are taken through redesign initiatives or changes in work
methods before incidents or exposures occur.
10
ANSI/ASSE Z590.3 – 2011
3. Post incident stage – where investigations are made of incidents and exposures
to determine the causal factors which will lead to appropriate interventions and
acceptable risk levels.
4. Post operational stage – when demolition, decommissioning or reusing/rebuilding

operations are undertaken.
2. REFERENCED AND RELATED STANDARDS
2.1 Referenced Standards and Guidelines.
BS OHSAS 18001/18002, Occupational Health and Safety Management Systems –

Requirements
CSA Standard Z1000, Occupational Health and Safety Management
ISO 12100: Safety of Machinery –General Principles for Design Risk assessment and risk
reduction
ISO/IEC Guide 51. Safety aspects – Guidelines for their inclusion in standards
MIL-STD-882D, Standard Practice for System Safety
SEMI S2-0706, Environmental, Health, and Safety Guideline for Semiconductor Manufacturing
Equipment
SEMI S10-0307, Safety Guideline for Risk Assessment and Risk Evaluation Process
2.2 Referenced American National Standards and Technical Reports.
ANSI/AIHA Z10, Occupational Health and Safety Management Systems
ANSI/ASSE Z244.1, Control of Hazardous Energy: Lockout/Tagout and Alternative Methods
ANSI-GEIA STD-0010, Standard Best Practice for System Safety Program Development and
Execution
ANSI/PMMI B155.1, Safety Requirements for Packaging Machinery and Packaging-Related

Converting Machinery
ANSI/RIA R15.06, Industrial Robots and Robot Systems – Safety Requirements
ANSI B11.0 Safety of Machinery - General Safety Requirements and Risk Assessment
ANSI B11.TR7 ANSI Technical Report for Machines – A Guide on integrating safety and lean
manufacturing principles in the use of machinery
ANSI-ITAA GEIA STD-0010, Standard Best Practices for System Safety Program Development
and Execution
11
ANSI/ASSE Z590.3 – 2011
3. DEFINITIONS
3.1 Acceptable Risk. That risk for which the probability of an incident or exposure
occurring and the severity of harm or damage that may result are as low as reasonably
practicable (ALARP) in the setting being considered.
Note: See 7.13.1 for appropriate management decision levels.
3.2 As Low As Reasonably Practicable (ALARP). That level of risk which can be further
lowered only by an increase in resource expenditure that is disproportionate in relation to the
resulting decrease in risk.
3.3 Design. The process of converting an idea or market need into the detailed
information from which a product, process, or technical system can be produced.
3.4 Dose Response Evaluation. Shows the relationship between the dose of a
contaminant and the anticipated incidence of an adverse health or environmental effect in an
exposed population.
3.5 Exposure Assessment. For occupational health and environmental purposes,

exposure assessment is the multi-disciplinary field that identifies and characterizes workplace
exposures, develops estimates of exposure-response and makes risk assessment studies, and
evaluates the significance of exposures and effectiveness of intervention strategies.
3.6 Hazard. The potential for harm.
Note: Hazards include all aspects of technology and activity that produce risk. Hazards
include the characteristics of things (e.g., equipment, technology, processes, dusts,
fibers, gases, materials, and chemicals) and the actions or inactions of people.
3.7 Hazard Analysis. A process that commences with the identification of a hazard or
hazards and proceeds into an estimate of the severity of harm or damage that could result if the
potential of an incident or exposure occurs.
3.8 Hierarchy of Controls. A systematic approach to avoiding, eliminating, controlling,

and reducing risks, considering steps in a ranked and sequential order, beginning with
avoidance, elimination, and substitution. Residual risks are controlled using engineering
controls, warning systems, administrative controls, and personal protective equipment.
3.9 Lifecycle. The phases of design, construction, operation, maintenance, and disposal
for a facility, equipment, process, and material.
3.10 Occupational Exposure Limit (OEL). The generic term applied to the amount of a
chemical, physical, or biological agent to which a worker can be exposed for a period of time,
below which it is believed health is not impaired. OELs for air contaminants and noise are
expressed as full shift time-weighted average values (8, 10, 12 hours, etc.), short-term exposure
limits (STELs), Excursion Limits and Ceiling limits (C). Biological OELs are available for some
chemicals and are employed where the main route of exposure is skin absorption and/ or
inadvertent ingestion. OELs for ionizing radiation are generally expressed as a cumulative dose.
Specific terms and values are established by 1) governmental regulatory agencies, 2)
authoritative organizations, 3) internal company limits, or 4) working limits or guidelines.
12
ANSI/ASSE Z590.3 – 2011
3.11 Organization. A public or private company, corporation, firm, enterprise, government

agency, non-governmental organizations, authority, or institution, or part or combination thereof,
whether incorporated or not, that has its own management functions. This can consist of one or
many sites or facilities.
3.12 Prevention through Design. Addressing occupational safety and health needs in the
design and redesign process to prevent or minimize the work-related hazards and risks
associated with the construction, manufacture, use, maintenance, retrofitting, and disposal of
facilities, processes, materials, and equipment.
3.13 Probability. An estimate of the likelihood of an incident or exposure occurring that

could result in harm or damage for a selected unit of time, events, population, items or activity
being considered.
3.14 Process. A series of progressive and interrelated steps by which an end is attained;
continuous action, operation, or a series of changes taking place in a definite manner; the action
of going forward.
3.15 Reasonably Foreseeable Misuse. The predictable use of facilities, equipment, or

materials in a way not intended in the original design.
3.16 Redesign. A design activity that includes all retrofitting and altering activities affecting
existing facilities, equipment, technologies, materials, and processes, and the work methods.
3.17 Residual Risk. The risk remaining after risk reduction measures have been taken.
3.18 Risk. An estimate of the probability of a hazard-related incident or exposure occurring

and the severity of harm or damage that could result.
3.19 Risk Assessment. A process that commences with hazard identification and analysis,
through which the probable severity of harm or damage is established, followed by an estimate
of the probability of the incident or exposure occurring, and concluding with a statement of risk
(see Section 7).
3.20 Safety. Freedom from unacceptable risk.
3.21 Severity. An estimate of the magnitude of harm or damage that could reasonably
result from a hazard-related incident or exposure.
3.22 Supplier. Any entity that provides or makes available equipment, material, or
professional services.
3.23 System. An integrated composite of people, products, and processes that provide a
capability to satisfy a stated need or objective.
3.24 Tolerable. See Acceptable Risk.
3.25 Top Management. The person(s) who has responsibility for, and give direction to, an
organization and bears the ultimate authority for defining acceptable risk levels for the
organization.
13
ANSI/ASSE Z590.3 – 2011
3.26 Worst Conceivable Risk. The worst conceivable consequence from an incident that
could occur, but probably will not occur, within the lifetime of the system.
3.27 Worst Credible Consequence. The worst credible consequence from an incident that
has the potential to occur within the lifetime of the system.
4. ROLES AND RESPONSIBILITY
4.1 Top management shall provide leadership to institute and maintain a policy and
effective processes for the design and redesign processes through which:
1. Hazards are anticipated, identified, and evaluated for avoidance, elimination, or

substitution.
2. Risks deriving from identified hazards are assessed and prioritized in accordance
with accepted hazard analysis and risk assessment techniques (see Section 7).
3. Risks are reduced to an acceptable level through the application of the hierarchy
of controls as described in Section 9.
4. The knowledge, skills, experience, insight, and creativity of employees close to

the hazards and risks are utilized in the risk assessment process.
5. Design and/or redesign process effectiveness is monitored through feedback

between employees and management to provide for continuous improvement.
6. Appropriate recordkeeping systems are developed and used to document design

reviews and to track feedback and safety and health reports over the life cycle.
Note: The processes of identifying and analyzing hazards and assessing risks improve
if management establishes a culture where employee knowledge is valued and
respected and they collaborate in significant aspects of the design and redesign
activities. Employees who do the work can make valuable contributions in identifying
and evaluating hazards, in risk assessments, and proposing risk reduction measures.
4.2 Top management shall carry out the responsibilities of 4.1 when:
• New facilities, equipment, technologies, materials, and processes are being

planned, designed, acquired, or installed.
• Alterations are made in existing facilities, equipment, technologies, materials, and

processes.
• Incident investigations are made and corrective actions are taken.
• Demolition, decommissioning or reusing/rebuilding operations are undertaken.
4.3 Top management shall apply the applicable portions of Section 7 to achieve
acceptable risk levels.
14
ANSI/ASSE Z590.3 – 2011
• Top management shall make clear to all personnel (and subcontractors) that the
goal of the risk assessment process is to achieve acceptable risk levels.
• The development of acceptable risk levels begins with the establishment of

occupational safety and health goals during conceptual design, at the same time
when occupational hazards are anticipated.
• During preliminary design, acceptable risk targets for the hazards that cannot be
eliminated are established. These acceptable risk targets will assist in the
design/identification of risk control alternatives. See also Addenda A and B.
4.4 Top management shall establish policies and procedures to assure that the design
process includes input from those who have design responsibilities, safety and health
professionals, maintenance personnel, supervisors, and operations personnel who will be
affected, to the extent practicable.
4.5 Top management shall use one or more of the following methods, as deemed
appropriate, to meet the responsibilities of 4.1 – 4.3.
• Designate personnel within the organization who have the necessary knowledge
and skills to anticipate, identify and analyze hazards and assess the risks deriving
from them and determine that appropriate training to acquire the necessary
knowledge and skills is given.
• Engage outside consultants with expertise in hazard identification and analysis and
risk assessment to assist with the acquisition or redesign of existing or new
facilities, equipment, technologies, materials, or processes.
• Enter into written contracts/arrangements with suppliers of newly acquired facilities,

equipment, technologies, processes, or materials to fulfill these responsibilities
(see Section 5).
4.6 Since application of and adherence to prevention through design principles requires
coordinated efforts of multiple parties along the lifecycle continuum, top management shall
establish effective and appropriate communication plans. These plans should address design
and redesign specifications and the risk assessment process. They should be communicated to
all persons who are involved or who could be impacted by the design decisions made.
5. RELATIONSHIPS WITH SUPPLIERS
5.1 When new facilities, equipment, technologies, processes, or materials are considered,
and when alterations are to be made in existing operations by engineering firms, contractors,
and suppliers, top management shall establish and document its occupational hazard and risk
design specifications and objectives to:
• Have detailed discussions with, and put into writing the details of those
discussions, so the suppliers, engineering firms, and contractors agree to the
requirements of the expected construction, use, and service of the facilities,
equipment, technologies, processes, and materials.
15
ANSI/ASSE Z590.3 – 2011
• Include safety and health performance specifications in procurement documents

and purchase orders and contracts to avoid bringing hazards and their related risks
into the workplace.
Note: Addendum C provides Procurement Guidelines.
• Require that suppliers of equipment, technologies, processes, and materials

provide documentation establishing that a risk assessment has been conducted
and that an acceptable risk level, as specified by the procuring organization, has
been achieved for all reasonably foreseeable users.
Note: Addendum D provides an example of a risk assessment report.
• Develop the relevant inspections and test protocols to be performed during factory
acceptance, site acceptance, and/or equipment commissioning for all equipment
that include or can present a safety or health hazard. Inspection and test protocols
should assure that acceptable risk levels will be achieved during start-up,
operation, changeover, and maintenance.
• Have persons on the organization’s staff who are familiar with the how, when, and
where the equipment will be used visit suppliers of equipment, technologies,
processes, and materials that the staff may consider hazardous, or for which
design specifications have been provided the supplier, before the equipment is
shipped to assure that safety and health requirements have been met, where
practicable.
• Have a test run of the equipment made at the supplier’s facility in accord with pre-
described test criteria, where practicable, and document the results of the test run.
• Have an additional validation test run made after the equipment, technology,
process, or material has been installed at the facility during which management,
operations and maintenance personnel, and the safety and health staff sign off that
safety and health requirements have been met.
• Establish a process and develop and implement procedures for ongoing testing
and maintenance of systems.
6. DESIGN SAFETY REVIEWS
6.1 Design safety reviews are an important management process tool for integrating safety
and health into the design process. This includes designs related to new facilities, processes, or
operations, and for changes in existing operations. Design safety reviews are most effective
when performed at an early stage when design objectives are being discussed.
6.2 Top management shall arrange to have appropriate safety standards and
specifications included in the design process.
6.3 Top management shall designate a project design review manager who shall be
responsible for developing and updating the design hazard assessment process, and
16
ANSI/ASSE Z590.3 – 2011
scheduling and facilitating the design review. The design review manager shall report directly to
the person or group with overall project management responsibilities, e.g. the project manager,
or an executive with oversight responsibilities for the project design specifications and
documents.
6.4 Design professionals shall not deviate from established safety standards unless the
deviation has been approved and documented by management or their designated staff.
6.5 Top management should identify by discipline, duties, responsibilities, and authorities
all persons responsible for safety design reviews.
6.6 The level, frequency, and methods of design review should be established, but at least
one thorough design safety review shall be performed during the design process to insure that
qualified personnel:
• Identify hazards not given appropriate attention in the design processes, and to
recommend solutions to attain acceptable risk levels.
• Assure that prescribed design specifications and goals have been met.
• Avoid the cost of retrofitting in the operational mode.
• Assure compliance with applicable laws, codes, regulations, and standards.
6.7 The design review process shall establish procedures to require that a written
certification is signed by the lead design professional verifying that design safety reviews have
been completed.
Note: Addendum E provides a safety design review guide.
7. THE HAZARD ANALYSIS AND RISK ASSESSMENT PROCESS
7.1 Management Direction. Top management shall apply those aspects of the following
hazard analysis and risk assessment elements that are pertinent to a given design situation to
achieve acceptable risk levels.
• Select a risk assessment matrix (see 7.2).
• Establish the analysis parameters (see 7.3).
• Identify the hazards (see 7.4).
• Consider failure modes (see 7.5).
• Assess the severity of consequences (see 7.6).
• Determine occurrence probability (see 7.7).
• Define initial risk (see 7.8).
17
ANSI/ASSE Z590.3 – 2011
• Select and implement hazard avoidance, elimination, reduction and control

methods (see 7.9).
• Assess the residual risk (see 7.10).
• Risk acceptance decision making (see 7.11).
• Document the results (see 7.12).
• Follow-up on actions taken (see 7.13).
Note 1: For many hazards the proper level of acceptable risk can be attained without
bringing together complex teams of people. Safety and health professionals and
design engineers with the proper experience and education can reach the proper
conclusions of what constitutes acceptable risk. For the more complex risk situations,
management should have processes in place to seek the counsel of experienced
personnel who are close to the work or processes. Reaching group consensus is a
highly desirable goal. Sometimes, for what an individual considers obvious, achieving
consensus is still desirable so that buy-in is obtained for the actions taken.
Note 2: Addenda A and B serve as examples of suggested approaches to risk

assessment processes.
7.2 Select a Risk Assessment Matrix. An organization shall create and obtain broad
agreement on a risk assessment matrix or other validated process that is suitable to the hazards
and risks with which it deals.
An organization shall use the selected risk assessment matrix or other validated process to
determine risk.
All personnel involved in the risk assessment processes must understand that definitions of the
terms used for incident probability and severity and for risk levels vary greatly in the many risk
assessment matrices in use.
Note 1: A risk assessment matrix provides a method to categorize combinations of

probability of occurrence and severity of harm, thus establishing risk levels. A matrix
helps in communicating with decision makers on risk reduction actions to be taken.
Also, risk assessment matrices assist in comparing and prioritizing risks, and in
effectively allocating mitigation resources.
Note 2: Examples of risk assessment matrices and definitions of terms used in such
matrices are presented as resources in Addendum F.
7.3 Establish the Analysis Parameters. The analysis parameters shall be established. A
manageable task, material, system, process, or equipment to be analyzed shall be selected,
and its boundaries, operating phases and time within operations (e.g., construction, standard
operation, startup, and maintenance) shall be established.
Define the interfaces that the task, material, system, process, or equipment to be analyzed has
internally and with other tasks or systems.
18
ANSI/ASSE Z590.3 – 2011
Determine the scope of the analysis in terms of whom or what needs to be protected from harm
or damage: people (employees, the public); processes, property; equipment; or the
environment.
7.4 Anticipate/Identify the Hazards.
7.4.1 Top management shall require that personnel who are to perform the hazard
analysis/risk assessment have been trained in identifying hazards and how to mitigate them.
7.4.2 Determine the aspects of technology or activity that produce risk. Establish whether
there is a reason to believe that a situation could be harmful (e.g., an abnormal process,
high/low pressure or temperature, etc.) in the system being assessed.
7.4.3 Identify the characteristics of things (equipment, technology, processes, dusts,

materials, chemicals, etc.) or the actions or inactions of people that could result in an unwanted
energy release or a hazardous material release presenting a potential for harm.
7.4.4 Depending on the complexity of a hazardous situation, apply the following as

appropriate:
• Use a systems approach, considering the hazards in an individual system and the
risks that may be associated with its integration into other systems.
• Use intuitive engineering (the use of intuition in the application of engineering

practices).
• Examine system specifications, expectations, operations and maintenance

procedures.
• Identify and review applicable codes, regulations, internal standards, and

consensus standards.
• Interview current or intended system users or operators.
• Consult checklists.
• Review hazard analysis and risk assessment studies from other similar systems.
• Consider the potential for unwanted energy releases.
• Take into account possible exposures to hazardous environments.
• Review historical data – industry experience, incident investigation reports, NIOSH

health hazard evaluations, OSHA and manufacturer’s literature.
• Determine whether a qualitative or quantitative evaluation is required, considering

the complexity of the process and the hazards involved.
19
ANSI/ASSE Z590.3 – 2011
7.4.5 Where there are multiple and diverse hazards (e.g., noise and an electrical hazard),
and they do not, in combination, present an added and multiplying effect, each hazard is to be
treated independently, with the intent of achieving acceptable risks for all.
7.4.6 If the hazards complement each other and the combined result in a higher risk level
(e.g., noise and toluene, cold stress and hand vibration, heat stress and lifting), the combined
effect must be considered, measurement for which is difficult. Experienced personnel should be
engaged to assess the totality of the risk.
Note: Care needs to be taken so that addressing one hazard does not inadvertently
increase another hazard.
7.4.7 Particular attention should be given to hidden hazards, hazards that are not obvious
from a review of engineering plans, standards, generally accepted practices, checklists, etc.
7.5 Consider the Failure Modes. The possible failure modes that could result in
hazardous situations shall be considered, including the reasonably foreseeable uses and
misuses of facilities, materials, and equipment.
Credible circumstances that could arise that would result in the occurrence of an undesirable
incident or exposure shall be identified. Determine how and under what circumstances this
situation could be harmful.
An evaluation shall be made to determine whether there are controls in place to mitigate against
the occurrence of such an event or exposure, the effectiveness of such controls, whether they
can be properly maintained, whether the condition of controls can cause failures, and whether
they can be easily defeated.
Note: More information on failure modes can be found in Section 8 and in Addenda C,
D and E.
7.6 Assess the Severity of Consequences. Using objective information, past experience
and best engineering practices, the following shall be considered in determining the severity of
consequences:
• The likely number of injuries or illnesses and their severity.
• Value of property or equipment damaged.
• Time for which the business will be interrupted and productivity will be lost.
• Extent of environmental damage.
• Loss of market share while the business is down.
Note 1: See Addendum F, Tables 7, 8, and 9 for examples of severity categories.
Note 2: Historical data can be of great value as a baseline. Expert or informed opinions
can be made to initially estimate the consequences of an incident or exposure.
20
ANSI/ASSE Z590.3 – 2011
Note 3: The goal shall be to assess the worst credible consequences if an incident or
exposure occurs, and not the worst conceivable consequence.
7.7 Determine Occurrence Probability. Estimate the likelihood or probability of a

hazardous event or exposure occurring.
Note: See Addendum F, Tables 5 and 6 for examples of probability categories.
Determine the frequency and duration of exposure. For each harm or damage category selected
for the scope of the analysis (people, property, environment, business interruption, etc.), the
frequency and duration of the exposure for each of the identified hazards shall be considered.
To do so, establish:
• How often a task or process is performed.
• The duration of the exposure period and whether the exposure is continuous or
intermittent.
• The number of people exposed.
• The occupational health and environmental exposures.
• The potential production loss.
If necessary, have dose response analyses and exposure assessments made.
Note: For the more complex hazardous situations, appropriately qualified people and
resources can be used to assess the matter adequately, which may lead to a
determination that more sophisticated risk assessments may be needed.
Probability shall be related to an interval base such as a unit of time or activity, events, units
produced, or the life cycle of a facility, equipment, material, process, or a product.
7.8 Define the Initial Risk. A risk assessment matrix shall be used to identify initial risk
categories. A matrix assists in communicating with the decision makers on the risk levels.
Note: See Addendum F for examples of risk assessment matrices.
Defining the risk shall establish the:
• Probability of an incident or exposure occurring;
• Expected severity of adverse results; and
• Risk category or level (for example – high, serious, moderate, or low).
7.9 Select and Implement Risk Reduction and Control Methods. When the initial risk
assessment so indicates, risk avoidance, elimination, reduction or control methods shall be
selected and implemented to achieve an acceptable risk level for each identified hazard. See
Section 9.
21
ANSI/ASSE Z590.3 – 2011
1. Risks shall be prioritized to give decision makers the information needed on the
potential for harm or damage so that appropriate resource allocations can be made
for risk avoidance, elimination, reduction, or control.
2. Alternate proposals for the design and operational changes necessary to achieve
an acceptable risk level shall be recommended.
3. The action outline in accordance with the hierarchy of controls in Section 9 shall be
the basis upon which remedial proposals are made, in the order of their
effectiveness.
4. Cost for each risk elimination or reduction proposal should be determined, where
applicable to aid in prioritizing. In the absence of accurate cost data, a cost
estimate may be given.
5. A tracking system shall be established to assure completion for the risk elimination,
reduction or control methods undertaken to assure completion.
Note: In many instances, risk reduction decisions are based on informal judgments
without cost data which can be adequate for the situation.
7.10 Assess the Residual Risk. After remedial action is taken, the residual risk shall be
assessed to determine whether it is acceptable.
1. If the risk is not acceptable, further risk elimination, reduction or control methods
are to be applied where feasible.
2. The risk assessment process shall continue until an acceptable risk level is
attained.
3. If an acceptable risk level cannot be achieved, operations shall not continue,

except in unusual and emergency circumstances or as a closely monitored and
limited exception circumstance with approval of the person having authority to
accept the risk.
4. Documented residual risks shall be clearly communicated to relevant

downstream stakeholders so they can use this information in their own risk
assessments.
Note: Even though the residual risk may be acceptable, management should consider
taking additional risk reduction measures for which the cost is reasonable, particularly
if so doing resolves concerns of employees.
7.11 Risk Acceptance Decision Making. Risk acceptance decisions shall be made at the
appropriate management levels.
• Temporary acceptance of high risks shall be made at the top management level.
• Responsibility for moderate or low risks may be assigned to lower management.
22
ANSI/ASSE Z590.3 – 2011
7.12 Document the Results. Documentation, whether compiled under the direction of
location management or by the provider of equipment or services, shall include the:
• The names and job titles/qualifications of the persons who did the risk assessment.
• Risk assessment method(s) used.
• Hazards identified.
• Risks deriving from the hazards.
• Avoidance, elimination, reduction, and control measures taken to attain acceptable

risk levels.
• Additional relevant information about use, effectiveness of design, problems during

startup and continued use, and changes to designs over the life cycle of the
design.
7.13 Follow Up on Actions Taken. The effectiveness of the risk avoidance, elimination,
reduction, and control actions taken shall be determined. Follow-up activity shall establish that:
1. The hazard/risk problem was resolved, only partially resolved, or not resolved.
2. The actions taken did or did not create new hazards.
3. An acceptable risk level has been achieved.
If the risk level is not acceptable, or new hazards are introduced, steps shall be taken to re-
evaluate the risk and other risk reduction measures shall be proposed and taken.
Note: See Addenda A and B for examples of risk assessment processes. Addendum B
is specifically related to occupational health issues.
8. HAZARD ANALYSIS AND RISK ASSESSMENT TECHNIQUES
Top management shall assure adoption and application of the hazard analysis and risk
assessment techniques suitable to the organization’s needs and provide the training necessary
to employees who will be involved in the process.
Note 1: Over the past forty years, a large and unwieldy number of hazard analysis and
risk assessment techniques have been developed. Descriptions of eight selected
techniques are presented in Addendum G. As a practical matter, having knowledge of
three risk assessment concepts will be sufficient to address most, but not all, risk
situations. They are: Preliminary Hazard Analysis and Risk Assessment; the What-
If/Checklist Analysis Methods; and Failure Mode and Effects Analysis.
Note 2: Addendum H displays a Failure Mode and Effects Analysis process.
Note 3: It is important for personnel applying the risk assessment techniques selected
to understand that each of them complements, rather than supplants, the others.
23
ANSI/ASSE Z590.3 – 2011
Selecting the technique or a combination of techniques to be used to analyze a

hazardous situation requires good judgment based on knowledge and experience.
Note 4: For all but complex risks, qualitative judgments rather than quantitative
judgments will be more likely. Sound quantitative data on incident and exposure
probability and severity are seldom available, but early involvement in the design
process provides additional opportunities for objective collection of qualitative
information to support sound decision making. Safety and health professionals need to
be willing to elevate the need for quantitative data commensurate with potential risks
and uncertainty. Assumptions and judgments should be documented.
9. HIERARCHY OF CONTROLS
Top management shall achieve acceptable risk levels by adopting, implementing, and
maintaining a process to avoid, eliminate, reduce, and control hazards and the risks that derive
from them. The process shall be based on the following hierarchy of controls shown in Figure 1,
applying each element in the sequential ranking and order of effectiveness set forth.
Most
Risk Avoidance: Prevent entry of hazards into a workplace by
Preferred
selecting and incorporating appropriate technology and work
methods criteria during the design processes.
Eliminate: Eliminate workplace and work methods risks that have

been discovered.
Substitution: Reduce risks by substituting less hazardous methods

or materials.
Engineering Controls: Incorporate engineering controls/safety

devices.
Warning: Provide warning systems.
Administrative Controls: Apply administrative controls (the

organization of work, training, scheduling, supervision, etc.).
Personal Protective Equipment: Provide Personal Protective

Least Equipment (PPE).
Preferred
Figure 1. Risk reduction hierarchy of controls
Note 1: Decision makers should understand that, with respect to the seven levels of
control shown in the preceding hierarchy of controls that the ameliorating actions
described in the first through the fourth control levels are more effective because they:
• Are preventive actions that eliminate or reduce risk by design, elimination,

substitution, and engineering measures.
24
ANSI/ASSE Z590.3 – 2011
• Rely the least on the human behavior – the performance of personnel.
• Are less defeatable by unit managers, supervisors, or workers.
Actions described in the fifth, sixth and seventh levels are contingent actions and rely greatly on
the performance of personnel for their effectiveness. Inherently, they are less reliable.
Note 2: In so far as is practicable, the goal shall be to assure that the design selected
attains the following:
• An acceptable risk level is achieved, as defined in this standard.
• The probability of personnel making human errors because of design inadequacies

is at a practical minimum.
• The ability of personnel to defeat the work system and the work methods
prescribed is at a practical minimum.
• The work processes prescribed take into consideration human factors – the
capabilities and limitations of the work population.
• Hazards and risks with respect to access and the means for maintenance are at a
practical minimum.
• The need for personal protective equipment is at a practical minimum, and aid is
provided for its use where it is necessary (e.g., anchor points for fall protection).
• Applicable laws, codes, regulations, and standards have been met.
• Any recognized code of practice, internal or external has been considered.
Note 3: Feasible application of this hierarchy of controls shall take into account the
following:
• The practicality, effectiveness and cost of the risk reduction measures to be taken,
in relation to the amount of risk reduction to be achieved.
• Avoiding, eliminating, or reducing the probability of an incident or exposure

occurring.
• Reducing the severity of harm or damage that may result, if an incident or

exposure occurs.
• The nature and extent of the risks being controlled, and the degree of risk
reduction needed.
• Applicable code, standards, regulations, recognized best practices, available

technology, and internally established standards.
25
ANSI/ASSE Z590.3 – 2011
Note 4: Comments can be found in Addendum I on each of the action elements listed
in the preceding hierarchy of controls, including the rationale for actions to be taken in
the order prescribed.
Within the scope of the work activity, top management shall achieve acceptable risk levels
throughout the life cycle of the system.
Note 1: Figure 2 represents a typical design concept through to the decommissioning

process.
Design Preliminary Detailed Build or Commission Production Decommission

Concept Design Design Purchase (Install and Maintenance
Debug)
Figure 2. Typical design concept through decommissioning process
In the early design phases, there are no risks to be avoided, eliminated, reduced, or controlled.
Designers start with a blank sheet of paper, or an empty screen in a CAD system. They have
opportunities to avoid hazards altogether in the design concept, preliminary design, and detailed
design stages. Designers can choose design criteria that serve to reduce the probability and
severity of harmful incidents or exposures, thereby attaining acceptable risk levels. As designers
make selections from an organization’s prescribed specifications and requirements, and from
codes, rules, regulations, and standards that must be met or exceeded, the need to eliminate,
reduce or control risks later in the operational mode is diminished.
Note 2: Where most successfully applied, the risk assessment process is a continuum
and is repeated as needed in each phase of the design processes, and throughout the
later stages in a system’s life cycle. As the design proceeds, if it is found that the initial
design choices were inappropriate and hazards become apparent, the elimination and
substitution elements in the hierarchy of controls can be applied.
26
ANSI/ASSE Z590.3 – 2011
Addendum A – The Risk Assessment Process (Informative)

1) Data gathering –
Injury and protective data
2) Set scope or
Limits of the Assessment
3) Develop and charter risk

reduction team
Reevaluate
tasks and 4) Identify tasks and hazards
Identify
hazards
current
controls
5) Assess risk – Initial risk
scoring system Test/verify
current
controls
6) Reduce risk – Hazard control
hierarchy
Identify
new
controls
7) Assess Risk – Residual risk
scoring system
No Residual risk
acceptable?
Yes
8) Results/Documentation
Evaluation complete
10) New 9) Controls measurement

hazard ID system
Figure A-1. Example risk assessment process

(Others are acceptable)
27
ANSI/ASSE Z590.3 – 2011
Addendum B – Progression of Occupational Hygiene Issues Flow Chart (Informative)
Figure B-1. Example occupational hygiene issues process

Duplicated with permission of J. K. Seaman, MS(A)
28
ANSI/ASSE Z590.3 – 2011
Addendum C – Procurement Guidelines (Informative)
Including safety specifications in procurement documents and in purchasing orders reduces the
probability that hazards and their accompanying risks are brought into a work place. A good
reference on that point is Section 5.1.3 – Procurement – in ANSI/AIHA Z10 – 2005,
Occupational Health and Safety Management Systems.
Z10 requires organizations to identify and establish requirements for supplies, equipment, raw
materials, and other goods and services purchased to control potential health and safety risks,
and to ensure that what is procured or purchased meet the organization’s health and safety
requirements. But, little guidance is provided in safety-related literature on how to get it done.
This addendum will provide assistance in that regard. All of the references cited here are
available on the internet and downloadable without charge.
The Mechanical Engineering magazine makes available “A procurement Process for Capital
Equipment” by Stephen Greer, P.E. which may be obtained at http://memagazine.asme.org/.
Many safety professionals have experienced situations in which equipment was acquired
without adequate attention given to safety requirements and safety then became an expensive
add-on in a retrofitting process. The opening paragraphs of the article speak of the results of
procurement not being prioritized and “having to deal with downstream consequences of missed
schedule milestones, poorly specified equipment…delays and project overruns.” The article
addresses:
• Defining what’s needed – doing a thorough job of writing specifications.

• Requesting bids – dealing with vendors “with clarity on all the primary needs.”
• The purchase agreement – “good practice [includes] as much definition as needed
to establish clearly the specifications of what is being chased.”
• Quality assurance in the purchasing practice – assuring that corporate design
standards, quality assurance programs, maintenance inspection protocols are met;
assuring that vendor’s are familiar with an organization’s standards; witnessing
testing at the vendor’s location to find problems before equipment is shipped.
• Post-delivery inspection – performing a comprehensive inspection of the
equipment after it is delivered to find flaws that were not detected previously.
• Accounting for costs – determining whether budgets were met and if not, the
causes for the cost overruns.
• Miscellaneous suggestions – continuous troubleshooting, keeping communication
open with the purchasing department, maintaining a friendly relationship with
vendors.
International SEMATECH is a non-profit endeavor of semiconductor manufacturing companies

which “strives to be the most effective global consortium influencing semiconductor
manufacturing technology.” SEMATECH makes available without charge a “Uniform
Environment, Safety, and Health (ESH) Specification for Equipment Procurement (v.1.3).” This
document can be downloaded from http://www.sematech.org/docubase/abstracts/01064135B-
ENG.htm.
Although the purpose is to provide EHS procurement guidelines for the semiconductor industry,
it is a good management system reference from which elements can be taken for use in all
industries. For example, the guidelines say: “These requirements may also be applied to any
29
ANSI/ASSE Z590.3 – 2011
support system….such as pumps; chillers and compressors; facilities systems used in air
conditioning; gas management; utilities supply; water treatment; abatement systems; energy
supply; and chemical management.” These guidelines take into consideration regulatory
compliance and European Union directives.
Intel makes available “Facilities Equipment Procurement Requirements-Environmental, Health,

and Safety (EHS) at https://supplier.intel.com/static/EHS/FEPP_Requirements_EHS.htm. This
document contains several checklists on environmental, health, and safety from which items
can be selected to suit an organizations procurement system.
“Rationale for DFEHS” is the title of a presentation made by Bob Duffin, Motorola Corporation
as a part of a doctoral requirement. DFEHS stands for Design for Environmental, Health, and
Safety. To acquire the paper, enter the title into a search engine. Duffin says that DFEHS
“represents a systematic approach to the design, manufacture, use, and final disposition of
semiconductors that incorporates consideration of EHS impacts at the earliest possible stage.
He makes the business case for DFEHS, and gives several examples of its use.
30
ANSI/ASSE Z590.3 – 2011
Addendum D – Risk Assessment Report (Informative)
Application: Transfer Line, Machine #334185

Description: Sample assessment for demonstration
Analyst Name(s): Steve, Rick, Rob plant operators, Bruce Jones, safety, Tom Woods, engineering
Company: ABC Company
Facility Location: Washington, DC
Product Identifier: Model 89RX-1
Assessment Type: Detailed
Limits: This initial risk assessment is for certain operator tasks
Sources: on site investigators, discussions w/plant personnel
Risk Scoring System: ANSI B11 TR3 Two Factor
Guide sentence: When doing [task], the [user] could be injured by the [hazard] due to the [failure mode].
Initial Final
Assessment Assessment Status /
Item User / Hazard / Severity Risk Risk Reduction / Severity Responsible /
ID Task Failure Mode Probability Level Comments Probability Risk Level Reference
1-1-1 operator mechanical : Moderate Low gloves / issue to all Minor Negligible Complete
tool change cutting / Unlikely new hires Remote (6/7/2010)
severing Joe
1-1-2 operator mechanical : Moderate Low lift assist, standard Minor Negligible Complete
tool change impact Unlikely procedures Remote (6/7/2010)
dropping
heavy tool
1-1-3 operator mechanical : Minor Negligible standard Minor Negligible Complete
tool change pinch point Unlikely procedures Remote (6/7/2010)
1-1-4 operator mechanical : Minor Negligible standard Minor Negligible Complete

tool change head bump on Unlikely procedures Remote (6/7/2010)
overhead
objects
1-1-5 operator ergonomics / Minor Negligible look into lift assists Minor Negligible Complete
tool change human factors Unlikely or quick release Unlikely (6/7/2010)
: lifting / fasteners Jane
bending /
twisting
1-1-6 operator slips / trips / Serious High graded floors, non- Serious Low In-process
tool change falls : slips Likely slip flooring, Remote Jane
contain coolant,
footwear
1-2-1 operator mechanical : Moderate Negligible gloves Minor Negligible Complete
remove cutting / Remote Remote (6/7/2010)
reject parts severing
1-2-2 operator mechanical : Catastrophic High interlocked Catastrophic Low In-process
remove drawing-in / Likely barriers, presence Remote John
reject parts trapping / sensing devices,
entanglement stop line to pull part
/ requisition
submitted
1-2-3 operator mechanical : Moderate Low standard Moderate Negligible Complete
remove impact by Unlikely procedures Remote (6/7/2010)
reject parts dropped part
1-2-4 operator ergonomics / Moderate Negligible standard Moderate Negligible Complete
remove human factors Remote procedures Remote (6/7/2010)
reject parts : lifting /
bending /
twisting
31
ANSI/ASSE Z590.3 – 2011
Addendum E – A Design Safety Review Guide (Informative)
Formal design safety reviews are effective processes for delivering inherently safer designs.
Design reviews are systematic processes for carefully reviewing design attributes, applications,
misapplications, energy control systems, and human interactions. Safety design reviews attempt
to identify hazards and hazardous conditions that are foreseeable throughout the lifecycle of a
product or process, and to develop mitigation strategies.
In most cases, a design review is best conducted by a team comprised of stakeholders and at
least one objective, disinterested engineer. Typical participants include representatives from
Engineering, Production, Maintenance, and Health and Safety. Both the system designer(s) and
the review team share responsibility for the safety of the final design.
Safety design reviews should be approached as important problem-solving events. A spirit of

cooperation, and even fun, can be maintained by restricting criticism to constructive debate on
specific design features. Although the focus should always be on safety, review teams
frequently identify additional opportunities to reduce costs and improve productivity.
Constructability and maintainability issues often surface, and these alone can pay huge
dividends for the comparatively short time invested in reviewing a project. While it is the role of
the facilitator to assure that these topics do not derail or compromise the safety focus, such
opportunities should obviously be captured as value-added by-products. Review sessions also
provide some of the best possible training for both novice and experienced engineers, as
collective knowledge and experience are openly shared.
A common approach for conducting a formal design safety review is to methodically work
through a design safety checklist. Some organizations use a generic checklist, supplemented
with additional checklists for specific disciplines, such as electrical or chemical systems. For
each system element, reviewers address the various forms of energy present and the steps
taken to control unwanted hazardous energy release.
A typical design safety review meeting proceeds as follows:
1. Project manager distributes drawings and copies of checklists.

2. Review team chooses a facilitator, often a disinterested engineer; i.e., an
engineer not assigned to or intimately familiar with the project.
3. Project engineer/manager describes the project and its scope, and answers
general questions about major areas of concern.
4. Project engineer/manager keeps notes; a.k.a. design punch list.
5. Facilitator leads a methodical review using a generic checklist, with team
members asking detailed questions to ensure thorough consideration of hazards
and their control. Checklist items and sections that are not applicable are so
noted.
6. Additional discipline checklists are reviewed as appropriate.
7. A marked up copy of the checklists, along with signatures of the participants, is
retained with project documents.
32
ANSI/ASSE Z590.3 – 2011
Specific deliverables from a design review typically include:
• A set of marked-up drawings and specifications.

• A list of design modifications requiring attention prior to release for bid or
construction/fabrication.
• A list of specific items to be checked during installation and the final walk-down or
post-fabrication inspection. (There are often items identified as potentially
problematic that cannot be adequately assessed at the time of the review due to
lack of detailed knowledge.)
• Assignments for resolving specific details or making design corrections.
Following the review, it is the responsibility of the project engineer/manager to follow up and
ensure that all issues raised during the design safety review are resolved and appropriate
revisions are completed. Verification through a post-construction/fabrication inspection should
be completed prior to release of the process or system.
Done well, design reviews diminish the likelihood of bringing hazards and risks into the
workplace. Having the right facilitator is important in the design review process. In one
company, it is standard practice to engage a consultant facilitator to lead safety design reviews
to assure that one individual’s views do not dominate and that all participants are given an
opportunity to be heard.
33
ANSI/ASSE Z590.3 – 2011
Addendum F – Examples of Risk Assessment Matrices and Definitions of Terms (Informative)
A. Examples of Risk Assessment Matrices
Table 1 is adapted from a matrix in MIL-STD-882 D, the Department of Defense Standard

Practice for System Safety.
Table 1. Example Risk Assessment Matrix: Word Descriptive Grading and Scoring
Severity of Consequences
Occurrence
Probability Catastrophic Critical Marginal Negligible
Frequent High High Serious Medium
Probable High High Serious Medium
Occasional High Serious Medium Low
Remote Serious Medium Medium Low
Improbable Medium Medium Medium Low
Table 2 is a composite of matrices that include numerical values for probability and severity
levels and their combinations are expressed as numerical risk scorings. It is presented here for
people who prefer to deal with numbers rather than qualitative indicators.
Note: A word of caution: the numbers in the following Table 2 matrix were judgmentally
determined and are qualitative. They have value only in relation to each other.
Table 2. Example Risk Assessment Matrix: Numerical Grading and Scoring
Occurrence Probabilities and Values

Severity Levels
Unlikely (1) Seldom (2) Occasional (3) Likely (4) Frequent (5)
and Values
Catastrophic (5) 5 10 15 20 25
Critical (4) 4 8 12 16 20
Marginal (3) 3 6 9 12 15
Negligible (2) 2 4 6 8 10
Insignificant (1) 1 2 3 4 5
Very high risk: 15 or greater High risk: 10 – 14 Moderate risk: 6 – 9 Low risk: Under 1 to 5
For the exhibit in Table 2, the following Incident or Exposure Severity Categories, Incident or
Exposure Probability Descriptions, and Risk Scoring and Action Categories were used. They
are presented as an example from which variations can be made to suit needs in a particular
situation.
34
ANSI/ASSE Z590.3 – 2011
Incident or Exposure Severity Descriptions
Catastrophic: One or more fatalities, total system loss, chemical release with lasting
environmental or public health impact.
Critical: Disabling injury or illness, major property damage and business downtime,
chemical release with temporary environmental or public health impact.
Marginal: Medical treatment or restricted work, minor subsystem loss or damage, chemical
release triggering external reporting requirements.
Negligible: First aid or minor medical treatment only, non-serious equipment or facility
damage, chemical release requiring routine cleanup without reporting.
Insignificant: Inconsequential with respect to injuries or illnesses, system loss or downtime, or

environmental chemical release.
Incident or Exposure Probability Descriptions
Unlikely: Improbable, may assume incident or exposure will not occur.
Seldom: Could occur, but hardly ever.
Occasional: Could occur intermittently.
Likely: Probably will occur several times.
Frequent Likely to occur repeatedly.
Risk Level
Combining the Severity and Occurrence Probability values yields a risk score in the matrix. The
risks and the action levels are categorized in Table 3.
Table 3. Risk Scoring and Action Categories
Category Risk Score Action
Low risk 1 to 5 Remedial action discretionary.

Moderate risk 6 to 9 Remedial action to be taken at appropriate time.
High risk 10 to 14 Remedial actions to be given high priority.
Very high risk 15 or greater Operation not permissible. Immediate action
necessary.
Table 4 is an adaptation from the risk assessment matrix in Annex E of ANSI/AIHA Z10,
American National Standard for Occupational Health and Safety Management Systems. It
includes descriptors for probability and severity categories, risk levels, and suggested
management remedial action or acceptance rankings.
35
ANSI/ASSE Z590.3 – 2011
Table 4. Example of Risk Assessment Matrix Including Management Decision Levels
Severity of Injury or Illness Consequence and

Remedial Action
CATASTROPHIC CRITICAL MARGINAL NEGLIGIBLE
Death or Disability in Minor injury, lost First Aid or
permanent total excess of 3 workday Minor Medical
disability months accident Treatment
FREQUENT HIGH HIGH SERIOUS MEDIUM

Likely to Occur Operation not Operation not High Priority Take Remedial
Repeatedly permissible permissible Remedial action action at
appropriate time
Likelihood of occurrence or exposure
for selected Unit of Time or Activity
PROBABLE HIGH HIGH SERIOUS MEDIUM

Likely to occur Operation not Operation not High Priority Take Remedial
several times permissible permissible Remedial action action at
appropriate time
OCCASIONAL SERIOUS SERIOUS MEDIUM LOW

Likely to occur High Priority High Priority Take Remedial Risk Acceptable:
sometime Remedial action Remedial action at Remedial Action
action appropriate time Discretionary
REMOTE MEDIUM MEDIUM MEDIUM LOW

Not likely to Take Remedial Take Remedial Take Remedial Risk Acceptable:
occur action at action at action at Remedial Action
appropriate time appropriate appropriate time Discretionary
time
IMPROBABLE LOW LOW LOW LOW
Very unlikely – Risk Acceptable: Risk Risk Acceptable: Risk Acceptable:
unrealistically Remedial Action Acceptable: Remedial Action Remedial Action
perceivable Discretionary Remedial Discretionary Discretionary
Action
Discretionary
Remedial action or acceptance levels should be identified with risk categories to permit
intelligent management decision making and resource allocation. Personnel who craft risk
assessment matrices may have differing ideas about acceptable risk levels and the
management actions that should be taken in a given risk situation, and those differences must
be resolved so that all personnel understand the process.
Table 5 is taken from the Risk Estimation Matrix that appears in ANSI B11.0 (TR3), Safety of
Machinery – General Requirements and Risk Assessment.
Note: The matrix in Table 5 was used in making the risk assessments shown in
Addendum D.
36
ANSI/ASSE Z590.3 – 2011
Table 5. Example Risk Assessment Matrix: ANSI B11.0 (TR3)
Severity of Harm
Occurrence
Probability Catastrophic Serious Moderate Minor
Very Likely High High High Medium
Likely High High Medium Low
Unlikely Medium Medium Low Negligible
Remote Low Low Negligible Negligible
B. Examples of Descriptions of the Terms Probability and Severity Used in Risk

Assessment Matrices
The terms used in the risk assessment process and the matrix adopted should be understood
and practicably applied. What is meant by probability and severity in an organization must be
determined and communicated. Examples in Tables 6 through 10 show variations in the terms
and their descriptions as used in applied risk assessment processes and can serve as a
resource in the decision making.
Table 6. Probability Descriptions: Example A
Descriptive Word Probability Descriptions

Frequent Likely to occur repeatedly
Probable Likely to occur several times
Occasional Likely to occur sometime
Remote Not likely to occur
Improbable So unlikely, can assume occurrence will not be experienced
Table 7. Probability Descriptions: Example B
Descriptive Word Probability Descriptions

Frequent Could occur annually
Likely Could occur once in two years
Possible Occurring not more than once in five years
Rare Occurring not more than once in ten years
Unlikely Occurring not more than once in twenty years
37
ANSI/ASSE Z590.3 – 2011
Table 8. AIHA Exposure Categorization Scheme
AIHA Exposure Categorization Scheme

Recommended
Exposure Qualitative
Rule-of-Thumb Description Statistical Notes
Category Description
Interpretation
0 Exposures are trivial to Exposures, if they X0.95 ≤ 0.01 × OEL 1
nonexistent – employees occur, infrequently
have little to no exposure, exceed 1% of the
with little to no inhalation OEL
contact
1 Exposures are highly Exposures 0.01 × OEL < X0.95 ≤ 2
controlled – employees infrequently exceed 0.1 × OEL
have minimal exposure, with 10% of the OEL
little to no inhalation contact
2 Exposures are well Exposures 0.1 × OEL < X0.95 ≤ 2, 3, 4
controlled – employees infrequently exceed 0.5 × OEL
have frequent contact at low 50% of the OEL and
concentrations and rare rarely exceed the
contact at high OEL
concentrations
3 Exposures are controlled – Exposures 0.5 × OEL < X0.95 ≤ 2, 4
employees have frequent infrequently exceed OEL
contact at low the OEL
concentrations and
infrequent contact at high
concentrations
4 Exposures are poorly Exposures frequently X0.95 > OEL 4
controlled – employees exceed the OEL.
often have contact at high or
very high concentrations
Notes: 1—Category 0 was added to distinguish between highly-controlled exposures and situations
where exposures are either nonexistent or trivially low. It was included in the 1991 AIHA rating Scheme.
2—“Infrequently” refers to an event that occurs no more than 5% of the time. 3—“Rarely” refers to an
event that occurs no more than 1% of the time. 4—“High concentrations” are defined as concentrations
that exceed the TWA OEL.
The source for Table 8, which pertains to agents for which occupational exposure limits (OELS)
have been established, is “Rating Exposure Control Using Bayesian Decision Analysis,” by
Hewett et al. For agents for which OELS have not been established by a regulatory or
authoritative source, working OELS or health hazard bands can be approximated based on the
data available using weight of evidence, analogy, and/or classical risk assessment
methodology. Concurrent exposures to agents that pose additive or synergistic health risks
require special considerations.
Table 9 and 10 present the descriptions used for Example A and B respectively.
38
ANSI/ASSE Z590.3 – 2011
Table 9. Severity Descriptions for Multiple Harm and Damage Categories: Example A
Descriptive Word Consequence

Catastrophic Death or permanent total disability, system loss, major property
damage and business downtime
Critical Permanent, partial, or temporary disability in excess of three
months, major system damage, significant property damage and
downtime
Marginal Minor injury or illness, lost workday incident, minor system
damage, minor property damage and little downtime
Negligible First aid or minor medical treatment, minor system impairment
Table 10. Severity Descriptions for Multiple Harm and Damage Categories: Example B
Descriptive Word Consequence

Catastrophic One or more fatalities, total system loss, chemical release with
lasting environmental or public health impact
Critical Disabling injury or illness, major property damage and business
downtime, chemical release with temporary environmental or
public health impact
Marginal Medical treatment or restricted work, minor subsystem loss or
damage, chemical release triggering external reporting
requirements
Negligible First aid only, non-serious equipment or facility damage,
chemical release requiring only routine cleanup without reporting
39
ANSI/ASSE Z590.3 – 2011
Addendum G – Comments on Selected Hazard Analysis and Risk Assessment

Techniques (Informative)
Preliminary Hazard Analysis (PHA).
The origin of the PHA technique is in system safety. It is used to identify and evaluate hazards
in the very early stages of the design process. However, in actual practice the technique has
attained much broader use. The principles on which preliminary hazards analyses are based
are used not only in the initial design process, but also in assessing the risks of existing
products or operations.
Note: It should be understood that for OSHA’s Rule for Process Safety Management of
Highly Hazardous Chemicals and for EPA’s Risk Management Program for Chemical
Accidental Release Prevention, PHA stands for Process Hazard Analysis.
Headings on PHA forms include the typical identification data: date, names of evaluators,
department, and location. The following information is usually included in a PHA process:
1. Hazard description, sometimes called a hazard scenario.

2. Description of the task, operation, system, subsystem, or product being
analyzed.
3. Exposures to be analyzed: people (employees, the public); facility, product or
equipment loss; operation downtime; environmental damage.
4. Probability interval to be considered: unit of time or activity; events; units
produced; life cycle.
5. Risk assessment code, using the agreed upon risk assessment matrix.
6. Remedial action to be taken, if risk reduction is needed.
Documentation should accompany the analysis, indicating the assumptions made and the
rationale for them. Comments should be included on the assignment of responsibilities for the
remedial actions to be taken, and expected completion dates.
Note: A Risk Assessment Report appears as Addendum D.
What-If Analysis.
For a What-If Analysis, a group of people (as little as two, but often several more) use a
brainstorming approach to identify hazards, hazard scenarios, failure modes, how incidents or
exposures can occur, and what their probable consequences could be.
Questions posed during the brainstorming session may commence with What-If, as in "What if
the air conditioning fails in the computer room?" or may express general concerns, as in "I worry
about the possibility of spillage and chemical contamination during truck offloading."
All questions are recorded, and assigned for investigation. Each subject of concern is then
addressed by one or more team members. They would consider the potential of the hazardous
situation and the adequacy or inadequacy of risk controls in effect, suggesting additional risk
reduction measures if appropriate.
40
ANSI/ASSE Z590.3 – 2011
Checklist Analysis.
Checklists are primarily adaptations from published standards, codes, and industry practices.
There are many such checklists. They consist of questions or items pertaining to the applicable
standards and practices – usually with a yes or no or not applicable response. Their purpose is
to identify deviations from the expected and thereby possible hazards. Checklists are easy to
use and provide a cost-effective way to identify customarily recognized hazards. The quality of
checklists is dependent on the experience of the people who develop them. Further, they must
be crafted to suit particular facility/operations needs. If a checklist is not complete, the analysis
may not identify some hazardous situations.
What-If/Checklist Analysis.
A What-If/Checklist hazard analysis technique combines the creative, brainstorming aspects of

the What-If method with the systematic approach of a Checklist. Combining the techniques can
compensate for the weaknesses of each.
The What-If part of the process, using a brainstorming method, can help the team identify
hazards that have the potential to be the causal factors for incidents or exposures. The checklist
provides a systematic approach for review that can serve as an idea generator during the
brainstorming process. Usually, a team experienced in the design, operation, and maintenance
of the operation performs the analysis.
Hazard and Operability Analysis (HAZOP).
The Hazard and Operability Analysis technique was developed to identify both hazards and
operability problems in chemical process plants. It has subsequently been applied to a wide
range of industrial processes and equipment. An interdisciplinary team and an experienced
team leader are required.
In a HAZOP application, a process or operation is systematically reviewed to identify deviations

from desired practices that could lead to adverse consequences. HAZOPs can be used at any
stage in the life of a process.
HAZOPs usually require pre-work in gathering materials and a series of meetings in which the
team, using process drawings, systematically evaluates the impact of deviations from the
desired practices. The team leader uses a set of guide words to develop discussions. As the
team reviews each step in a process, recordings are made of:
1. Deviations.
2. Their causal factors.
3. Consequences should an incident occur.
4. Safeguards in place.
5. Required actions, or the need for more information to evaluate the deviation.
41
ANSI/ASSE Z590.3 – 2011
Failure Mode and Effects Analysis (FMEA).
In several industries, failure mode and effects analyses have been the techniques of choice by
design engineers for reliability, and safety and health considerations. They are used to evaluate
the ways in which equipment fails and the system response to those failures.
Although an FMEA is typically made early in the design process, the technique can also serve
well as an analysis tool throughout the life of equipment or a process. An FMEA produces
qualitative, systematic lists that include the failure modes, the effects of each failure, safeguards
that exist, and additional actions that may be necessary. Example: For a pump, the failure
modes would include such as: fails to stop when required; stops when required to run; seal
leaks or ruptures; and pump case leaks or ruptures.
Both the immediate effects and the impact on other equipment would be recorded. Generally,
when analyzing impacts, the probable worst case is assumed and analysts would conclude that
existing safeguards are or are not adequate. Although an FMEA can be made by one person,
typically a team is appointed when there is complexity.
In either case, the traditional process is similar, as in the following:
1. Identify the item or function to be analyzed.

2. Define the failure modes.
3. Record the failure causes.
4. Determine the worst credible failure effects.
5. Enter a severity code and a probability code for each effect.
6. Enter a risk code.
7. Record the actions required to reduce the risk to an acceptable level.
The FMEA process described here requires entry of probability, severity, and risk codes. A
Failure Mode and Effects Analysis form on which those codes would be entered is provided
here as Addendum H.
Note: Good references explaining risk coding for FMEA purposes are: the Reference
Manual titled Potential Failure Mode and Effects Analysis (FMEA) issued by the
Automotive Industry Action Group (AIAG); and the semiconductor industry publication
Failure Mode and Effects Analysis (FMEA): a Guide for Continuous Improvement for
the Semiconductor Equipment Industry.
Fault Tree Analysis (FTA).
A Fault Tree Analysis (FTA) is a top-down, deductive logic model that traces the failure
pathways for a predetermined, undesirable condition or event, called the TOP Event. An FTA
can be carried out either quantitatively or subjectively. A subjective (qualitative) analysis can
produce suitable results, especially when quantitative numbers are not available.
The FTA generates a fault tree (a symbolic logic model) entering failure probabilities for the
combinations of equipment failures and human errors that can result in the incident or exposure.
Each immediate causal factor is examined to determine its subordinate causal factors until the
root causal factors are identified.
42
ANSI/ASSE Z590.3 – 2011
The strength of an FTA is its ability to identify combinations of basic equipment and human
failures that can lead to an incident or exposure, allowing the analyst to focus preventive
measures on significant basic causes. An FTA has particular value when analyzing highly
redundant systems and high-energy systems in which high severity events can occur. For
systems vulnerable to single failures that can lead to accidents, the FMEA and HAZOP
techniques are better suited.
An FTA is often used when another technique has identified a hazardous situation that requires
more detailed analysis. Making a fault tree analysis of other than the simplest systems requires
experienced analysts.
Management Oversight and Risk Tree (MORT).
All of the hazard analysis and risk assessment techniques previously discussed relate
principally to the initial design process in the pre-operational mode, or to the redesign process to
achieve risk reduction in the operational mode. MORT is relative to the post-incident element of
Prevention through Design.
MORT was developed principally for incident and exposure investigations.
Note: According to the Guide to Use of The Management Oversight and Risk Tree,
MORT is a comprehensive analytical procedure that provides a disciplined method for
determining the systemic causes and contributing factors of accidents. MORT directs
the user to the hazards and risks deriving from both system design and procedural
shortcomings. MORT provides an excellent resource for the post incident element of
Prevention through Design during which the hazard identification and analysis and risk
assessment methods described here can be used.
43
ANSI/ASSE Z590.3 – 2011
Addendum H – Potential Failure Mode and Effects Analysis Sequence (Informative)
44
ANSI/ASSE Z590.3 – 2011
Addendum I – The Logic Supporting the Hierarchy of Controls (Informative)
This addendum provides information on the hierarchy of controls in Section 9. A hierarchy of

controls provides a systematic way of thinking, considering steps to be taken in a ranked and
sequential order, to choose the most effective means to avoid, eliminate, control, or reduce
hazards and the risks that derive from them.
For many risk situations, a combination of the risk management methods shown in the hierarchy
of controls is necessary to achieve acceptable risk levels. The expectation is that consideration
will be given to each of the steps in a descending order, and that reasonable attempts will be
made to eliminate or reduce hazards and their associated risks through steps higher in the
hierarchy before lower steps are considered. A lower step in the hierarchy of controls is not to
be chosen until practical applications of the preceding level or levels are considered.
In applying the hierarchy of controls, the outcome should be an acceptable risk level. In
achieving that goal, the following should be taken into consideration.
• Avoiding, eliminating, or reducing the probability of a hazard-related incident or

exposure occurring.
• Reducing the severity of harm or damage that may result if an incident or exposure
occurs.
• The feasibility and effectiveness of the risk reduction measures to be taken, and
their costs, in relation to the amount of risk reduction to be achieved.
The hierarchy set forth in Section 9 contains an element that does not appear in other
hierarchies – Risk avoidance: Prevent entry of hazards into a workplace by selecting
appropriate technology and work methods criteria in the design processes. It has been added to
precede and complement such elements as “eliminate technology and work methods risks that
have been discovered” and “reduce risks by substituting less hazardous methods or materials.”
The following represents a typical design concept through to the decommissioning process.
Design Preliminary Detailed Build or Commission Production Decommission

Concept Design Design Purchase (Install and Maintenance
Debug)
Figure 2. Typical design concept through decommissioning process
In the early design phases, there are no risks, yet, to be avoided, eliminated, reduced, or
controlled. Designers start with a blank sheet of paper, or a blank screen in a CAD system.
They have opportunities to avoid hazards altogether in the design concept, preliminary design,
and detailed design stages. Designers can choose design criteria that serve to reduce the
probability and severity of harmful incidents or exposures, thereby attaining acceptable risk
levels. As designers make selections from an organization’s prescribed specifications and
45
ANSI/ASSE Z590.3 – 2011
requirements, and from codes, rules, regulations, and standards that must be met or exceeded,
the need to deal with risks later that have to be eliminated or reduced is diminished.
Comments on each of the elements in the hierarchy of controls follow.
1. Risk avoidance: prevent entry of hazards into a workplace by selecting

appropriate technology and work methods criteria in the design process.
Avoidance means: to prevent from happening; keeping away from. Consideration of hazards
and their attendant risks in the conceptual design phase and in the design development phases
is critical to achieving acceptable risk levels. A composite of illustrations of the conceptual
design phase, as presented on the internet, follow:
Conceptual design decision making includes:
a. Considering customer requirements, specifications, what is important to the

client, and cost parameters.
b. Design selection – making a choice between a number of feasible design
alternatives, taking into account a number of measures of merit or attributes.
c. Determination of the right values (or combination) of design variables.
All of the foregoing in 1.A pertains to the concept stage of design development. The hazards,
and the risks that derive from them, should be among the subjects considered as design
alternatives are evaluated, ranked, and selected. An initial hazard analysis and risk assessment,
also known as a preliminary hazard analysis, or a process hazard analysis performed in the
concept stage assists in identifying potential hazards which are to be analyzed, and eliminated
or controlled.
Subsequently, as designs are developed and additional knowledge about hazards is obtained,
another opportunity enables designers to address hazards and reduce risks.
Consideration of hazards and their accompanying risks is most effectively and economically
accomplished during the initial design process. Addressing those risks through retrofitting in the
operation, production, and maintenance phases is costly.
Identifying, analyzing, and eliminating or controlling hazards early in the design process results
in achieving acceptable risk levels, is easier to do, is less costly, and avoids the considerable
expense of retrofitting in the build, operation, maintenance, and decommissioning periods.
Note that all of the actions following the design process are identified as retrofitting. Both in the
initial design process, and perhaps later in a retrofitting process, designers would select from
established design criteria that have been determined to avoid or reduce hazards, and thereby
contribute to achieving acceptable risk levels.
Examples of such design criteria and guidelines, taken as they are written from the
requirements of some organizations, follow:
a. Design decisions must take into consideration the life cycle of what is being
designed, through dismantling and disposal.
46
ANSI/ASSE Z590.3 – 2011
b. For all operations, in the initial concept and design phases, electrical installations
shall meet the requirements of the National Electrical Code, and all other codes,
regulations, and standards that may be applicable.
c. For production tasks, to reduce ergonomics risks: the maximum permissible two-
handed carry is 14 kg – 30 lbs; the maximum weight limit of a small lot container,
including container and contents, is 14 kg – 30 lbs.
d. For exposure to noise: the equipment is to be designed to achieve a maximum
noise level of 80 dBA, 8 Hour Time Weighted Average when measured on the
“A” scale of a standard sound level meter or noise dosimeter within three feet of
the equipment; the maximum peak noise level permitted is 115 dBA when
measured on the “C” scale of a standard sound level meter within 3 feet of the
equipment.
e. Maximum finger-activated push button force is 13 N (3 lbs). Maximum thumb-
action push button force is 22 N (5 lbs).
f. Power tool vibration levels must not exceed 4m/s2 using the testing protocol
defined in ISO 5349.2.
g. For standing work stations, the optimal task height (location of hands while
working) is between 91 – 122 cm (36'' – 48'') above the standing support surface.
h. Consideration shall be given to accessibility for maintenance personnel (clear,
unobstructed pathways and adequate clearances) and having systems that
require minimum maintenance, to reduce exposures for maintenance personnel.
i. Chemical processes shall be conducted in closed systems, where feasible.
j. In so far as is practicable, chemical processes shall be operated automatically or
remotely.
k. Where feasible, systems shall be designed to avoid confined space entry.
l. Hardwire emergency stop pushbuttons and all safety switches in series to the
Master Control Relay. (If any of these devices opens, the Master Control Relay
should de-energize and remove power from the control circuit.)
m. Provide Emergency Stop pushbuttons in an obvious location and within easy
reach of the operator.
n. Design the E-stop such that to restart after Emergency shutdown it is necessary
to pull out the E-stop button and then press the appropriate buttons to initiate
normal operation.
o. Design the E-stop to interrupt power from the outputs, drives and other powered
devices.
2. Eliminate discovered work place and work methods risks.
Elimination means: removal; purging; taking away; riddance. The word elimination implies that
there is something to be eliminated. In the ideal situation, hazards would be appropriately
identified and considered in the initial design and subsequent redesign processes so that there
are no risks to be eliminated in an organization’s operational mode. But, the ideal is seldom
achieved. Then, the goal is to further modify the design, within practicable limits, to eliminate
risks to achieve acceptable risk levels.
Examples: Redesigning to eliminate, reduce, or control risks in existing operations from: fall
hazards; ergonomic hazards; confined space entry hazards; electrical hazards; noise hazards;
and chemical hazards.
47
ANSI/ASSE Z590.3 – 2011
3. Reduce risks by substituting less hazardous methods or materials.
Substituting (exchanging, replacing) implies that there is something for which substitution can
be made. This element will apply principally in an organization’s operational mode to modify for
hazards and risks that were not addressed in the initial design processes.
Substitution of a less hazardous method or material may or may not result in equivalent risk
reduction in relation to what might be the case if the hazards and risks were reduced to a
practical minimum through system design or redesign.
Example: Considerable manual material handling is necessary in a mixing process for

chemicals. A reaction takes place and an employee sustains serious chemical burns. There are
identical operations at two of the company’s locations. At one, the operation is redesigned so
that it is completely enclosed, automatically fed, and operated by computer from a control panel,
thus greatly eliminating operator exposure.
At the other location, funds for doing the same were not available. To reduce the risk, it was
arranged for the supplier to premix the chemicals before shipment (substitution). Some
mechanical feed equipment for the chemicals was also installed. The risk reduction achieved by
substitution was not equivalent to that attained by redesigning the operation and additional
administrative controls were applied.
Substituting examples: Using automated material handling equipment rather than manual
material handling; providing an automatic feed system to reduce machine hazards; using a less
hazardous cleaning material; reducing speed, force, and amperage; reducing pressure,
temperature; replacing an ancient steam heating system and its boiler explosion hazards with a
hot air system.
4. Incorporate engineering controls/safety devices.
Engineered safety devices are to prevent access to the hazard by workers. They are to
separate hazardous energy from the worker and deter worker error. Hazardous situations may
be enclosed to prevent worker exposure, or barriers are established to reduce exposure to a
hazard. Decisions on engineering controls are most effectively made in the original design
processes. But, it has been found that much retrofitting is necessary.
Examples: Machine enclosures and guards; interlock systems; circuit breakers; start-up alarms;
presence sensing devices; safety nets; process containment; ventilation systems; sound
enclosures; fall prevention systems; and lift tables, conveyors, and balancers.
5. Provide warning systems.
Although vital in many situations, warning systems may be reactionary in that they alert persons
only after the potential of a hazard is being realized (e.g., a smoke alarm informs that a problem
has developed). Warning system effectiveness relies considerably on administrative controls,
such as training, drills, and the quality of maintenance, and the reactions of people.
Examples: Smoke detectors; alarm systems; backup alarms; chemical detection systems; signs;
and warnings or alerts in operating procedures or manuals or on products/equipment.
48
ANSI/ASSE Z590.3 – 2011
6. Apply administrative controls.
Administrative controls rely on the methods chosen being appropriate in relation to the needs,
the capabilities of people responsible for their delivery and application, the quality of
supervision, and the expected performance of the workers. Achieving a superior level of
effectiveness in all of the following administrative methods is difficult, and not often attained.
Examples: Personnel selection; developing and applying appropriate work methods and
procedures; training; supervision; motivation, behavior modification; work scheduling; job
rotation; scheduled rest periods; maintenance; management of change; investigations; and
inspections
7. Provide personal protective equipment.
The proper use of personal protective equipment relies on an extensive series of supervisory
and personnel actions, such as the identification of the type of equipment needed, its selection,
fitting, training, inspection, maintenance, etc. Although the use of personal protective equipment
is common and necessary in many occupational situations, it is the least reliable method to deal
with hazards and risks. Systems put in place for their use can easily be defeated.
In the design processes, one of the goals should be to reduce reliance on personal protective
equipment to a practical minimum.
Examples: Safety glasses; face shields; respirators; welding screens; safety shoes; gloves; and
hearing protection.
49
ANSI/ASSE Z590.3 – 2011
Addendum J – Bibliography (Informative)
ANSI/AIHA Z10. Occupational Health and Safety Management Systems. Fairfax, VA: American
Industrial Hygiene Association, 2005. www.aiha.org
ANSI B11.0 – 2010, General Safety Requirements and Risk Assessment. McLean, VA: The
Association for Manufacturing Technology, 2010
ANSI B11.TR7-2007, ANSI Technical Report for Machines – A Guide on integrating safety and
lean manufacturing principles in the use of machinery. McLean, VA: The Association for
Manufacturing Technology, 2007
ANSI-GEIA STD-0010-2009, Standard Best Practice for System Safety Program Development
and Execution. Arlington, VA: Information Technology Association of America, 2009
ANSI/PMMI B155.1-2006. Safety Requirements for Packaging Machinery and Packaging-

Related Converting Machinery. Arlington, VA: Packaging Machinery Manufacturers Institute,
2006
“ASSE Position Paper On Designing for Safety”. Des Plaines, IL: ASSE, 1994
Aviation Ground Operation Safety Handbook, Sixth Edition. Itasca, IL: National Safety Council,
2007
BS 8800:2004. British Standard, Occupational health and safety management systems - Guide.
London, British Standards Institution, 2004
BS OHSAS 18001:2007. Occupational health and safety management systems. Requirements.

London, British Standards Institution, 2007
Christensen, Wayne C. and Fred A. Manuele. Safety Through Design. Itasca, IL, National
Safety Council, 1999
Christensen, Wayne C. “Safe Designs: A Challenge to SH&E Professionals.” Professional

Safety. April 2010
Christensen, Wayne C. “Retrofitting for Safety: Career implications for SH&E personnel.”
Professional Safety, May 2007
Christensen, Wayne C. “Safety Through Design: Helping design engineers answer 10 key
questions”. Professional Safety, March 2003
Clemens, Pat. “A Compendium of Hazard Identification and Evaluation Techniques For System
Safety Application.” Hazard Prevention, March/April, 1982
CSA Standard Z1000, Occupational Health and Safety Management. Canadian Standards
Association: Ontario, Canada, 2006
Design for Construction Safety (DfCS) - 2 to 4 Hour Course. Washington, DC: OSHA - OSHA
Alliance for Construction Safety, 2008
50
ANSI/ASSE Z590.3 – 2011
Failure Mode and Effects Analysis (FMEA): A Guide for Continuous Improvement for the
Semiconductor Equipment Industry. Technology Transfer #92020963A-ENG. Austin, TX:
International SEMATECH, 1992. Also available at
http://www.sematech.org/docubase/abstracts/01064135B-ENG.htm
Guidance Document for Incorporating Risk Concepts into NFPA Codes and Standards. Quincy,
MA: The Fire Protection Research Foundation, 2007
Guidance on the Principles of Safe Design for Work. Canberra, Australia: The Australian Safety
and Compensation Council, 2006
Guide To Use Of The Management Oversight And Risk Tree – SSDC-103. Washington, DC:
Department of Energy, 1994
Guidelines for Hazard Evaluation Procedures, Second Edition, with Worked Examples. A Center
for Chemical Process Safety 1992 publication, now available through John Wiley & Sons,
Hoboken, NJ
Guidelines on a Major Accident Prevention Policy and Safety Management System, as

Required by Council Directive 96/82/EC (Seveso II), Luxembourg: Office for Official Publications
of the European Communities, 1998
Haddon, William J. Jr. “On the Escape of Tigers: An Ecological Note.” Technology Review, May
1970
Hewett, Paul, Perry Logan, John Mulhausen, Gurumurthy Ramachandran and Sudipto
Banerjee. “Exposure Control Using Bayesian Decision Analysis.” Journal of Occupational and
Environmental Hygiene, October 2006
ILO-OSH 200I. Guidelines on occupational safety and health management systems. Geneva,
International Labour Office, 2001
ISO 12100. Safety of Machinery –General principles for design: Risk assessment and risk
reduction. Geneva, Switzerland: International Organization for Standardization, 2003
ISO/IEC Guide 51. Safety aspects – Guidelines for their inclusion in standards. Geneva,
Switzerland, 1999
ISO/IEC 31010. Risk Management – Risk Assessment Techniques. Geneva, Switzerland:

International Organization for Standardization, 2009
MacCollum, David. Construction Safety Engineering. New York: McGraw-Hill, 2007
Main, Bruce. Risk Assessment: basics and benchmarks. Ann Arbor, MI: Design Safety
Engineering, Inc, 2004
Main, Bruce. “Risk Assessment Is Coming. Are You Ready?” Professional Safety, July 2002
Main, Bruce. “Risk Assessment: A Review of the Fundamental Principles.” Professional Safety,
December 2004
51
ANSI/ASSE Z590.3 – 2011
Manuele, Fred A. Advanced Safety Management: Focusing on Z10 and Serious Injury
Prevention. Hoboken, NJ: John Wiley & Sons, 2008
Manuele, Fred A. “ANSI/AIHA Z10-2005: The new benchmark for safety management systems.”
Professional Safety, February 2006
Manuele, Fred A. On the Practice of Safety. 3rd Edition. Hoboken, NJ: John Wiley & Sons, 2003
Manuele, Fred A. “Risk Assessments and Hierarchies of Control.” Professional Safety, May
2005
Mil-STD-882D. Standard Practice for System Safety. Washington: DC: Department of Defense,
2000. Also at
http://www.safetycenter.navy.mil/instructions/osh/milstd882d.pdf#search='MILSTD882D'
Potential Failure Mode and Effects Analysis: FMEA. Southfield, MI Automotive Industry Action
Group (AIAG), Third Edition, 2001
Risk assessment—the key to healthy workplaces. Luxembourg: Office for Official Publications of
the European Communities, 1996
Risk assessment—roles and responsibilities. Geneva, Switzerland: International Organization

for Standardization, 1996
SEMI S2-0706. Environmental, Health, and Safety Guideline for Semiconductor Manufacturing
Equipment: San Jose, CA: Semiconductor Equipment and Materials International, 2006
SEMI S10-0307. Safety Guideline for Risk Assessment and Risk Evaluation Process. San Jose,
CA: Semiconductor Equipment and Materials International, 2007
SFPE Engineering Guide to Fire Risk Assessment. Bethesda, MD: The Society of Fire
Protection Engineers, 2006
Stephans, R. and W.W. Talso, Editors. System Safety Analysis Handbook, a Sourcebook for
Safety Practitioners. Albuquerque, NM: New Mexico Chapter, System Safety Society, P.O. Box
9524, 1997
Stephans, R. System Safety for the 21st Century. Hoboken, NJ: John Wiley & Sons, 2004
Vincoli, Jeffrey W. Basic Guide to System Safety. Hoboken, NJ: John Wiley & Sons, 1993.
52
END USER LICENSE AGREEMENT
IMPORTANT - READ CAREFULLY BEFORE DOWNLOADING OR COPYING TO YOUR
COMPUTER ANYFILE(S) CONTAINED HEREWITH. THE STANDARD(S) AND OTHER
INFORMATION PROVIDED HEREWITH ARE COPYRIGHTED. BY DOWNLOADING ANY FILE
PROVIDED HEREWITH TO YOUR COMPUTER, YOU ARE ACCEPTING AND AGREEING TO
THE TERMS OF THIS LICENSE AGREEMENT. IF YOU ARE NOT WILLING TO BE BOUND BY
THE TERMS OF THIS LICENSE AGREEMENT, PRIOR TO DOWNLOADING OR COPYING TO
YOUR COMPUTER ANY FILES(S), YOU MUST DECLINE ACCESS TO SUCH MATERIALS.
1. GRANT OF LICENSE: Subject to the provisions contained herein and to the payment of all applicable
fees, the American Society of Safety Engineers (ASSE) grants you a nonexclusive, non-transferable license
to the materials contained herewith (the "Product"). Your licensed rights to the Product are limited to the
following:
(a) This License Agreement does not convey to you an interest in or to the Product, but only a limited
right of use revocable in accordance with the terms of this License Agreement.
(b) You may install one copy of the Product on, and permit access to it by, a single computer owned,
leased or otherwise controlled by you. In the event that computer becomes dysfunctional, such
that you are unable to access the Product, you may transfer the Product to another computer,
provided that the Product is removed from the computer from which it is transferred and the use of
the Product on the replacement computer otherwise complies with the terms of this Agreement.
Neither concurrent use on two or more computers nor use in a local area network or other network
is permitted. You shall not merge, adapt, translate, modify, rent, lease, sell, sublicense, assign, loan or give
to or otherwise transfer any of the Product, or copies thereof, or remove any proprietary notice or label
appearing on any of the Product to any individual or entity for any reason or purpose. You may copy the
Product only for backup purposes.
(c) You acknowledge and agree that the Product is proprietary to the Copyright holder (the "Owner")
identified on the front page of the Product, and is protected under U.S. copyright law and international
copyright treaties. You further acknowledge and agree that all right, title and interest in and to the Product,
including all intellectual property rights, are and shall remain entirely with the Owner.
(d) You shall provide ASSE or any designee of ASSE with all information necessary to assure
compliance with the terms of this Agreement. In the event you are not in compliance with the
terms of this Agreement through the actions of unrelated third parties, you shall use your best
efforts to cooperate with ASSE and any of its designees to assure compliance.
2. LIMITED WARRANTY:
(a) ASSE warrants for your benefit alone that, unless disclosed in the Product to the contrary, ASSE and
the Owner can license the Product and all copyright and trademarks related thereto or therein.
(b) THE EXPRESS WARRANTIES SET FORTH IN THIS SECTION 2 CONSTITUTE THE ONLY
WARRANTIES WITH RESPECT TO THE PRODUCT AND ASSE AND THE OWNER MAKE NO
OTHER REPRESENTATION OR WARRANTY OR CONDITION OF ANY KIND, WHETHER
EXPRESS OR IMPLIED (EITHER IN FACT OR BY OPERATION OF LAW) WITH RESPECT TO
ANY OF THE PRODUCT, INCLUDING, WITHOUT LIMITATION, WITH RESPECT TO THE
SUFFICIENCY, ACCURACY OR UTILIZATION OF, OR ANY INFORMATION OR OPINION
CONTAINED OR REFLECTED IN, ANY OF THE PRODUCT. ASSE AND THE OWNER
EXPRESSLY DISCLAIMS ALL WARRANTIES OR CONDITIONS OF MERCHANTABILITY OR
FITNESS FOR A PARTICULAR PURPOSE. NO OFFICER, DIRECTOR, EMPLOYEE, MEMBER,
AGENT, CONSULTANT, CONTRACTOR, REPRESENTATIVE OR PUBLISHER OF THE
COPYRIGHT HOLDER IS AUTHORIZED TO MAKE ANY MODIFICATION, EXTENSION, OR
ADDITION TO THIS LIMITED WARRANTY.
3. INDEMNIFICATION:
The Owner, ASSE, any agent, representative, publisher or distributor of the Product, or any of
their respective directors, officers, employees, agents, representatives or members (the “ASSE and
Owner Indemnified Parties”) shall have no liability for, and you shall defend, indemnify and hold
each of the ASSE and Owner Indemnified Parties harmless from and against, any claim, loss,
demand, liability, obligation and expenses (including reasonable attorneys' fees) based upon or
arising out of any injury or damage, or any product liability claim, including but not limited to,
any personal or bodily injury or property damage, arising out of, pertaining to, or resulting in any
way from, the use or possession of any of the Product by you and/or any of your directors,
officers, employees, representatives, agents or contractors.
4. LIMITATION OF LIABILITY:
a) You acknowledge that each of ASSE and Owner's obligations and liabilities with respect to the
Product are exhaustively defined in this Agreement. You are responsible for the consequences of any
use of any of the Product (whether or not such use was consistent with the license granted hereunder)
created therefrom. Whether or not ASSE or Owner has been advised of their possibility, neither ASSE
nor Owner nor any of its representatives or agents, directors, officers, employees, agents, representatives or
members, shall be liable, whether under contract, tort (including negligence) or otherwise, for any indirect,
special, punitive, incidental or consequential loss, damage, cost or expense of any kind whatsoever and
howsoever caused, that may be suffered by you or any of your directors, officers, employees, agents,
representatives or contractors or any third party.
b) If at any time an allegation of infringement of any rights of any third party is made, or in ASSE or
Owner's opinion is likely to be made, with respect to any of the Product, ASSE may, at its option and
at its own expense (i) obtain for you the right to continue using the Product, (ii) modify or replace the
Product or any portion thereof so as to avoid any such claim of infringements, or (iii) refund to you the
License Fee. ASSE shall have no liability to you if any claim of infringement would have been
avoided except for your refusal to use any modified or replacement Product supplied or offered to be
supplied pursuant to this Section 4(b) or to otherwise cease using the Product. Notwithstanding
anything contained in this Agreement, and except as set forth in Section 4(b) hereof, ASSE and/or
Owner's liability to you for damages pursuant to this Section 4(b), if any, shall not exceed the amounts
of the License Fee paid by you for the Product subject to any such claim.
c) Section 4(b) state the entire liability of ASSE and Owner with respect to the infringement or alleged
infringement of any third party rights of any kind whatsoever by any of the Product.
5. TERMINATION: This Agreement may be terminated immediately by Owner or ASSE upon breach of
any provision of this Agreement by you. Upon any termination of this Agreement, you shall immediately
discontinue the use of the Product and shall within ten (10) days either return files(s) on diskette(s), if any,
to ASSE or certify in writing to ASSE that the Product has been deleted from your computer and is
eliminated from your premises.
6. GOVERNING LAW: This Agreement shall be governed by the laws of the State of Illinois without
reference to its conflict of laws provisions and you further consent to jurisdiction by the state and federal
courts sitting in the State of Illinois.
7. MISCELLANEOUS: This Agreement constitutes the complete and exclusive agreement between
ASSE and you with respect to the subject matter hereof, and supercedes all prior oral or written
understandings, communications or agreements not specifically incorporated herein. This Agreement
may not be modified except in writing duly signed by an authorized representative of ASSE and you.
If any provision of this Agreement is held to be unenforceable for any reason, such provision shall be
reformed only to the extent necessary to make it enforceable, and such decision shall not affect the
enforceability (i) of such provision under other circumstances, or (ii) of the remaining provisions
hereof under all circumstances. Headings shall not be considered in interpreting the Agreement.
8. EXPORT: You may not load or export or re-export any of the Product or any underlying information
or technology except in full compliance with all United States and other applicable laws and regulations.
BY ACCESSING THE PRODUCT, YOU ACKNOWLEDGE THAT YOU HAVE READ THE
TERMS OF THIS LICENSE AGREEMENT AND AGREE TO BE BOUND BY ITS TERMS.
ANSI/ASSE A10 Construction
& Demolition Standards
A10.3 Powder-Actuated Fastening Systems
A10.4 Personnel Hoists & Employee Elevators on Construction & Demolition
Sites
A10.5 Safety Requirements for Material Hoists
A10.6 Safety & Health Program Requirements for Demolition Operations
A10.7 Safety Requirements for Transportation, Storage, Handling & Use of Commercial
Explosives & Blasting Agents
A10.8 Safety Requirements for Scaffolding
A10.9 Safety Requirements for Concrete & Masonry Work
A10.10 Safety Requirements for Temporary & Portable Space-Heating Devices
A10.11 Safety Requirements for Personnel & Debris Nets
A10.12 Safety Requirements for Excavation
A10.13 Safety Requirements for Steel Erection
A10.15 Safety Requirements for Dredging
A10.16 Safety Requirements for Tunnels, Shafts, & Caissons
A10.17 Safe Operating Practices for Hot Mix Asphalt (HMA) Construction
A10.18 Safety Requirements for Temporary Floor Holes, Wall Openings, Stairways & Other
Unprotected Edges
A10.19 Safety Requirements for Pile Installation & Extraction Operations
A10.20 Safe Operating Practices for Tile, Terrazzo, & Marble Work
A10.22 Safety Requirements for Rope-Guided & Non-Guided Workers’ Hoists
A10.24 Roofing Safety Requirements for Low-Sloped Roofs
A10.25 Sanitation in Construction
A10.27 Safety Requirements for Hot Mix Asphalt Facilities
A10.28 Safety Requirements for Work Platforms Suspended from Cranes or Derricks
A10.31 Safety Requirements, Definitions, & Specifications for Digger Derricks
A10.32 Fall Protection Systems for Construction & Demolition Operations
A10.33 Safety & Health Program Requirements for Multi-Employer Projects
A10.34 Protection of the Public on or Adjacent to Construction Sites
A10.38 Basic Elements of an Employer’s Program to Provide a Safe & Healthful Work
Environment
A10.39 Construction Safety & Health Audit Program
A10.40 Reduction of Musculoskeletal Problems in Construction
A10.42 Safety Requirements for Rigging Qualifications & Responsibilities
A10.44 Control of Energy Sources (Lockout/Tagout) for Construction & Demolition
Operations
A10.46 Hearing Loss Prevention for Construction & Demolition Workers
A10.47 Work Zone Safety for Highway Construction
Additional ANSI/ASSE Standards
Z359 STANDARDS
• Z359 Fall Protection Code 2.0
• Z359.0 Definitions & Nomenclature Used for Fall Protection & Fall Arrest
• Z359.1 Safety Requirements for Personal Fall Arrest Systems, Subsystems & Components
• Z359.2 Minimum Requirements for a Comprehensive Managed Fall Protection Program
• Z359.3 Safety Requirements for Positioning & Travel Restraint Systems
• Z359.4 Safety Requirements for Assisted-Rescue and Self-Rescue Systems, Subsystems & Components
• Z359.6 Specifications & Design Requirements for Active Fall Protection Systems
• Z359.12 Connecting Components for Personal Fall Arrest Systems
• Z359.13 Personal Energy Absorbers & Energy-Absorbing Lanyards
A1264 STANDARDS
• A1264.1 (2007) Safety Requirements for Workplace Walking/Working Surfaces & Their Access;
Workplace Floor, Wall & Roof Openings; Stairs & Guardrails Systems
• A1264.1 (R2002) Safety Requirements for Workplace Floor & Wall Openings, Stairs & Railing Systems
• A1264.2 Standard for the Provision of Slip Resistance on Walking/Working Surfaces
• A1264.3 Technical Report: Using Variable Angle Tribometers (VAT) for Measurement of the Slip
Resistance of Walkway Surfaces
ADDITIONAL STANDARDS
• Z15.1 Safe Practices for Motor Vehicle Operations
• Z117.1 Safety Requirements for Confined Spaces
• Z244.1 Control of Hazardous Energy—Lockout/Tagout & Alternative Methods
• Z390.1 Accepted Practices for Hydrogen Sulfide Safety Training Programs
• Z490.1 Criteria for Accepted Practices in Safety, Health, & Environmental Training
• Z590.2 Criteria for Establishing the Scope & Functions of the Professional Safety Position
• Z690 Risk Management Standards Package
Standards are available in hard copy or electronic format.
For a full list of standards and historical standards that ASSE has to offer, please visit our website at
www.asse.org or contact customer service at 847.699.2929 or customerservice@asse.org.
Page Intentionally Left Blank
A S
S E
Printed in U.S.A.

Merican Ational Tandard

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Merican Ational Tandard

Uploaded by

Copyright:

Available Formats

ANSI/ASSE Z590.

AMERICAN NATIONAL STANDARD

ANSI/ASSE Z590.3 – 2011

Prevention through Design

American National Standard

Prevention through Design

American Society of Safety Engineers

Approved September 1, 2011

Effective January 23, 2012

American National Standards Institute, Inc.

Caution Notice: This American National Standard may be revised or withdrawn

Published October, 2011 by

American Society of Safety Engineers

Copyright ©2011 by American Society of Safety Engineers

No part of this publication may be reproduced

Printed in the United States of America

• Significant reductions will be achieved in injuries, illnesses and damage to property

Secondly, the OSHA Alliance Construction Roundtable developed a video training

Organization Represented Name of Representative

ABB Inc. Darryl Hill, Ph.D., CSP

1. Scope, Purpose and Application ..................................................................... 10

2. Referenced and Related Standards ................................................................ 11

4. Roles and Responsibility ................................................................................. 14

5. Relationships with Suppliers ........................................................................... 15

6. Design Safety Reviews ................................................................................... 16

7. The Hazard Analysis and Risk Assessment Process ..................................... 17

8. Hazard Analysis and Risk Assessment Techniques ....................................... 23

A – The Risk Assessment Process ................................................................. 27

AMERICAN NATIONAL STANDARD Z590.3

1. SCOPE, PURPOSE AND APPLICATION

• Achieve acceptable risk levels.

• Prevent or reduce occupationally related injuries, illnesses, and fatalities.

1. Pre-operational stage – in the initial planning, design, specification, prototyping,

4. Post operational stage – when demolition, decommissioning or reusing/rebuilding

2. REFERENCED AND RELATED STANDARDS

2.1 Referenced Standards and Guidelines.

BS OHSAS 18001/18002, Occupational Health and Safety Management Systems –

CSA Standard Z1000, Occupational Health and Safety Management

MIL-STD-882D, Standard Practice for System Safety

2.2 Referenced American National Standards and Technical Reports.

ANSI/AIHA Z10, Occupational Health and Safety Management Systems

ANSI/ASSE Z244.1, Control of Hazardous Energy: Lockout/Tagout and Alternative Methods

ANSI/PMMI B155.1, Safety Requirements for Packaging Machinery and Packaging-Related

ANSI/RIA R15.06, Industrial Robots and Robot Systems – Safety Requirements

Note: See 7.13.1 for appropriate management decision levels.

3.5 Exposure Assessment. For occupational health and environmental purposes,

3.6 Hazard. The potential for harm.

3.8 Hierarchy of Controls. A systematic approach to avoiding, eliminating, controlling,

3.11 Organization. A public or private company, corporation, firm, enterprise, government

3.13 Probability. An estimate of the likelihood of an incident or exposure occurring that

3.15 Reasonably Foreseeable Misuse. The predictable use of facilities, equipment, or

3.18 Risk. An estimate of the probability of a hazard-related incident or exposure occurring

3.20 Safety. Freedom from unacceptable risk.

3.24 Tolerable. See Acceptable Risk.

4. ROLES AND RESPONSIBILITY

1. Hazards are anticipated, identified, and evaluated for avoidance, elimination, or

4. The knowledge, skills, experience, insight, and creativity of employees close to

5. Design and/or redesign process effectiveness is monitored through feedback

6. Appropriate recordkeeping systems are developed and used to document design

• New facilities, equipment, technologies, materials, and processes are being

• Alterations are made in existing facilities, equipment, technologies, materials, and

• Incident investigations are made and corrective actions are taken.

• Demolition, decommissioning or reusing/rebuilding operations are undertaken.