Book of Abstracts SIAS 2018

9th International Conference
on Safety of Industrial
Automated Systems
SIAS 2018
10-12 October / Nancy / France
BOOK OF ABSTRACTS
Wednesday, October 10th 2018
Session 1 – Functional safety – Information Technology

Chairpersons: HARDY Sandrine, France; IKEDA Hiroyasu, Japan
Foresight of new and emerging occupational safety and health risks associated with information
and communications technologies, Stacey N........................................................................................................ 5
How to consider security aspects during the design of machinery, Mysliwiec B. ................................................. 6
Analysis of Markov Models for Safety-related Systems in Security Environments, Schiller F. ............................. 7
An extensive method to analyze impacts of cyber-security on major hazards, Massé F. .................................... 8
Session 2-1 – Safety of Collaborative Systems

Chairpersons: FUJITA Toshihiro, Japan; CHINNIAH Yuvin, Canada
Human-robot coactivity: need’s analysis, Tihay D. ............................................................................................. 10

Of the necessity of a uniform measurement procedure for the determination if the threshold
values listed in ISO TS 15066, Pilz T. ................................................................................................................ 11
Object Recognition for Safety Applications using Ultrasonic Holography, Kirfel A. ............................................ 12
Reliable Planning of Human-Robot-Collaboration featuring Speed and Separation
Monitoring, Petersen H. ..................................................................................................................................... 13
Industrial collaborative robot application: experimental implementation of safety-rated
monitored stop, Sghaïer A. ................................................................................................................................ 14
Session 2-2 – Safety of Collaborative Systems

Chairpersons: MALM Timo, Finland; GIRAUD Laurent, Canada
Advancing Anticipatory Behaviors in Dyadic Human-Robot Collaboration:

The AnDy project, Maurice P. ............................................................................................................................ 16
COVR - Towards simplified evaluation and validation of collaborative robotics applications
across a wide range of domains using robot safety skills, Saenz J. ................................................................... 17
Japan’s approach for the realization of Future Safety Concept by implementing collaborative
safety technologies, Mukaidono M. .................................................................................................................... 18
New collaborative safety concept in various coexistence areas for human
and machinery, Shimizu T. ................................................................................................................................. 19
Thursday, October 11th 2018
Session 3 – Autonomous systems

Chairpersons: BOEMER Thomas, Germany; GIRAUD Laurent, Canada
Top-Down approach for safety engineering in autonomous and semi-autonomous machinery

systems, Tiusanen R. ........................................................................................................................................ 21
Safety concepts for autonomous and semi-autonomous mobile work machines, Malm T. ................................ 22
Autonomous Driving within the Plant Functional Safety between(?) Industrial Automation
and Automotive Engineering, Borowski T. ......................................................................................................... 23
A methodological framework to support the design of safe & secure autonomous
systems, Heikkilä E. ........................................................................................................................................... 24
1
Session 4 – Protective devices and smart systems
Chairpersons: HALL Nicholas, United Kingdom; HARDY Sandrine, France
Use of tablets and smartphones for the control of machinery, Nischalke-Fehn G. ............................................. 26
General principles of smart personal protection systems design, Marchal P. .................................................... 27
Safety related sensors used for protection of person, Wüstefeld M. .................................................................. 28
Future prospects of enabling device as an essential safety device for the safety
of machinery and Safety2.0, Nobuhiro M. .......................................................................................................... 29
Poster session
Practical solutions for safety-related application programming, Huelke M. ........................................................ 31

The Supportive Protective System (SPS) I. Study on Worker's Three-dimensional
Location Detection Using Ultra-wide Band (UWB) System under the Supportive Protective
System (SPS), Shimizu S. ................................................................................................................................. 32
Supportive Protective System III. The New Approach using ICT in IoT era on Safety
Management From information communication to prediction and control of human behavior.
Experimental procedure of behavior analysis to the Supportive Protective, Hamajima K. ................................. 33
Trial Manufacturing of a Fail-Safe Interlock System for Pneumatic Systems, Nakamura M. ............................. 34
A logical proof of halt-based safety developed with the hypothetical accident, Otsuka K. ................................. 35
Radio Wave Sensor System Which Enables Determination of Protective Separation
Distance, Kim E. ................................................................................................................................................ 36
The Supportive Protective System (SPS) II. Study on the Reliability of the Supportive
Protective System (SPS) in Work Site of the Integrated Manufacturing System (IMS)
introducing a mobile robot, Matsui K. ................................................................................................................. 37
Evaluation of Residual Risk under Risk Reduction Rules for Using Collaborative
Robots, Ikeda H. ................................................................................................................................................ 38
Probabilistic Risk Analysis of Human-Robot Collaboration Using the Interference
Theory, Kirschner R.-J. ...................................................................................................................................... 39
Working equipments' safe design: two complementary tools to take into account real
working situations' variability, Daille-Lefèvre B. ................................................................................................. 40
An experimental evaluation of falling down damage using forearm mimics, Okabe K. ....................................... 41
Investigation of evaluation method for bending strength of artificial bones simulated
a woman's upper-limb bones by using Finite Element Analysis, Yamaguchi A. ................................................. 42
Analysis of machinery accidents in the food processing industry during the cleaning
and sanitation phases, Giraud L. ....................................................................................................................... 43
Safety functions in pneumatic drive technology, Uppenkamp J. ........................................................................ 44
A proposal to solve technical issues on ISO 13855 - Positioning of safeguards, Saito T.................................... 45
Online Activity Recognition for Automatic Ergonomics Assessment, Malaisé A. ............................................... 46
A digital human tool for guiding the ergonomic design of collaborative robots, Maurice P. ................................ 47
Implementation, risk assessment and safety human/robot interaction of collaborative
robot UR10, Menges B. ..................................................................................................................................... 48
Challenges of measuring physiological parameters as indicators of cognitive load
in the context of human-machine interfaces, Nowak K. ..................................................................................... 49
Development of a VR based qualification module in trainings on risk assessments
according to the EU Directive on Safety of Machinery, Gomoll K. ..................................................................... 50
Make risk assessments early on serve important and different purposes, Nickel P. .......................................... 51
Practical application and experience: Tool for the safety of industrial machinery
in reduced risk conditions, Aucourt B. ................................................................................................................ 52
Normative surveillance for Occupational Safety and Health, Kieckbusch R.-E. ................................................. 53
A simulation based approach for work system compatibility assessment using
time allowances, El Mouayni I. ........................................................................................................................... 54
2
Session 5 – Safety of machinery
Chairpersons: BLAISE Jean-Christophe, France; FUJITA Toshihiro, Japan
Challenges during the risk assessment of large intelligent logistic storage system, Hongbin L. ........................ 56
Impact of changes in machinery during production: toward a forecast of dangerous
situations?, Lamy P. ........................................................................................................................................... 57
A study on safety requirements for brake systems of the mechanical servo presses, Hata Y. .......................... 58
Revision of ISO 13855, Görnemann O. ............................................................................................................. 59
Friday, October 12th 2018
Session 6 – Experiences / Practical applications

Chairpersons: IKEDA Hiroyasu, Japan; BLAISE Jean-Christophe, France
Serious and fatal accidents caused by mobile machinery in Quebec: More prevention
is needed, Burlet-Vienney D. ............................................................................................................................. 61
Safety Assessor Qualification Impact and Influence in Thailand, Patiphon K. ................................................... 62
Framework for Occupational Safety and Health: the eSocial, Kieckbusch R.-E. ................................................ 63
Analysis of 141 serious and fatal machine accidents occurring in Quebec between 2011
and 2015, Giraud L. ........................................................................................................................................... 64
Session 7 – Experiences / Prospects

Chairpersons: CHINNIAH Yuvin, Canada; BOEMER Thomas, Germany
Supportive Protective System IV. Experimental procedure of behavior analysis to the Supportive
Protective System (SPS) as a safety management approach. For appropriate prediction and control
of human behavior, Hojo R. ............................................................................................................................... 66
Importance of safety personnel in the era of robot revolution: Current status and future
prospects of Safety Assessor and Safety Basic Assessor (SA/SBA) qualification system, Fujita T. .................. 67
Objective and Subjective Effects of Passive Exoskeleton on Overhead Work, Maurice P. ................................ 68
3
Session 1
Functional safety – Information Technology
4
Foresight of new and emerging occupational safety and health risks associated with
information and communications technologies
Stacey N. 1, Bradbrook S.-D. 1, Ellwood P.-A. 1, Reynolds J. 2, Williams A.-H. 2, Ravetz J. 2, Lye D W. F. 2,
Brun E. 3, Starren A.3, Palmer K. 3
1
Health and Safety Executive Foresight Centre – Harpur Hill – Buxton – SK17 9JN – United Kingdom
2
SAMI Consulting Ltd. – The Rectory – 1 Toomers' Wharf – Canal Walk – Newbury – RG14 1DY – United
Kingdom
3
European Agency for Safety and Health at Work – Santiago de Compostela 12 – 48003 Bilbao – Spain
nicola.stacey@hsl.gsi.gov.uk
john.reynolds@samiconsulting.co.uk
brun@osha.europa.eu
Information and communications technologies (ICT) and work location were identified during a
consultation exercise across Europe as the topics most likely to have the greatest impact on occupational safety
and health (OSH) in the future. ICT encompasses and enables a wide range of technologies, including industrial
automated systems. ICT innovation could have significant overall implications for the workforce and others
affected by work activities. It is expected to fundamentally change where we work, how we work, who will work
and how people will perceive work.
This paper will describe the foresight project commissioned by the European Agency for Safety and
Health at Work (EU-OSHA) and delivered by the authors. It will explain how key societal, technological,
economic, environmental and political trends and drivers of change were identified and used to develop
scenarios of the future in consultation with a range of experts.
Scenarios are narratives of what alternative futures might look like, built up from an assessment of how
trends and drivers of change might influence the present to create different possible futures. Each scenario
presents different challenges and opportunities for OSH policy makers and social partners. They could, therefore,
be used to identify potential new and emerging OSH risks as a result of how ICT could change the future nature
of work.
The paper will describe the principal OSH risks relating to how ICT could change:
• the automated systems, work equipment or tools used;
• how work is organised and managed;
• employment status, hierarchies, and relationships;
• the characteristics of the workforce;
• responsibilities for managing OSH;
• skills, knowledge and information requirements.
Finally the paper will explain how the scenarios can be used as a tool to aid thinking and stimulate
discussions about a broad range of futures and how to manage the associated uncertainties. Scenarios of the
future are ideal for use in a workshop where they allow a multi-disciplinary approach to considering different
perspectives, priorities for OSH research and actions that would prevent the occurrence of the identified possible
new and emerging risks or minimise any possible negative impact in the future.
Keywords: Emergence of new technologies, industries of the future, artificial intelligence, occupational risk
prevention.
Session 1 – Functional safety - Information Technology 5

How to consider security aspects during the design of machinery
Mysliwiec B.
MySafeAutomation – Schorlachstrasse 3 – 91058 Erlangen – Germany
bm@mysafeautomation.com
The notion of security is more and more in discussion since several recent incidents have demonstrated
the existence of security attacks against industrial control systems over the world. Manufacturers of machines
have to design safe machinery according e.g. Machinery Directive, that mean that they are in charge of the
correct implementation of the essential health and safety requirements in the machine. As a consequence of
security attacks most of them feel uncomfortable regarding their responsibility in case of malicious modification
of safety functions in the machines.
Standardisation organisations like IEC TC 65 and IEC TC 44 try to bring some clarity and to give
guidance to the machine designers in form of technical reports. However, both committees are coming from
different perspectives, so the approach may appear different and sometimes confusing.
Even if IEC TC 65 is supporting the safety standard IEC 61508 as well as the security series of IEC
62443 the approach regarding security is extensive and considers all recognized aspects about security. A lot of
similarities can have been found in both approaches but in the same time some major differences appear. One of
the most important is the appreciation of the required protection level: for safety the standard considers the
consequences of the hazard, for security the standard considers the supposed effort to perform an attack.
IEC TC 44 is more looking the concerns of machine manufacturers, due to the structure and allocation of
safety functions. Most of these functions are distributed via network on several sub-systems, each sub-system
contains software or parameters related to the safety functions that may be maliciously altered or modified, with
the consequence that the safe use of the machine cannot more be warranted.
The aim of this presentation is to show the relationship between both aspects safety and security, taken in
account from one side the role of the designer of the safety function through the allocation of this function on
sub-systems from different suppliers and from the other side the role of the security expert in charge of all
security aspects of the complete machine in his industrial environment.
Which safety related parts of a control system should be protected, what are possible influence of security
counter-measures on the correct execution of safety functions, all these aspects have to be discussed between
safety and security experts as well with the sub-system suppliers, with integrators as with final user.
What are the information to be exchanged between the partners, what is reasonably acceptable, what are
the minimum requirements to allow each contributor to remain in his area of expertise?
The presentation will show how both technical reports give answers to these questions, and try to bring
clarification for the designer of machine.
Some examples from critical applications will show how to use the give information.

Analysis of Markov Models for Safety-related Systems in Security Environments
Wieczorek F.1, Schiller F.1, Eckert C.2
1
Beckhoff Automation GmbH & Co KG – Ostendstraße 196 – D-90482 Nuremberg – Germany
2
Technische Universität München, Chair for IT Security – Boltzmannstraße 3 – D-85748 Garching – Germany
{f.wieczorek, f.schiller}@beckhoff.com
claudia.eckert@in.tum.de
Markov networks are commonly used as models in safety analyses. They are applied to calculate the
criteria Probability of dangerous Failure on Demand (PFD) and Probability of dangerous Failure per Hour
(PFH).
Here, their graphical representation is applied for a systematic analysis of security attacks on safety-
related systems. Related error models and error detection methods are considered. The analysis considers
different types of attacks and different sequences of attacks as well as the validity of model characteristics.
The issue that attacks cannot be modeled probabilistically in a proper way is widely understood.
Therefore, typical safety algorithms cannot be used to detect attacks.
In addition, the plain existence of security measures has influence on the safety models. Parameters of
safety models are heavily influenceable by attackers (e.g. error rate, absolute and conditional residual error
probabilities). The attacker can also increase the demand rate.
Two types of safety-related demands should be distinguished: demands initiated by the operational
function and demands concerning the exposition of humans in the environment of the system under attack.
We use safety communication as an example. Firstly, we apply Markov networks w.r.t random errors to
compare Cyclic Redundancy Check (CRC) of safety with Message Authentication Code (MAC) of security. We
demonstrate that CRC could be substituted by MAC for random errors. Secondly, attacks are considered. The
counterpart to random data errors in security are manipulations. Mainly, different types of attacks and different
sequences of attacks on the integrity of transmitted data can be distinguished and investigated.
Depending on the specific safety requirements, some counter-measures are possible here: The rate of
accepted messages can be limited. The rate of detected errors can be limited, i.e. if there were too many detected
errors per time then the system keeps staying in the safe state. The repair rate can be limited based on detected
errors, that means the system stays in the safe state with increasing time.
Our goals are to support a systematic view and to rethink the validity scope of Markov networks
modeling systems under attacks by analyzing the influence on the parameters. We intend to contribute to a
common understanding of both communities of safety and security and to a comprehensive analysis of safety
and security as well.
Keywords: Functional Safety, Error Models, Security for Safety, Markov Model

An extensive method to analyze impacts of cyber-security on major hazards
Massé F.
Institut national de l’environnement industriel et des risques (INERIS) – Parc Technologique Alata – BP 2 –
F-60550 Verneuil-en-Halatte – France
francois.masse@ineris.fr
Operators of industrial facilities must be able to manage the risks that their installations pose to people
and environment. To demonstrate this, they identify the major accident scenarios through preliminary and
detailed risk analysis steps, then evaluate the performance of the risk control measures, and finally, evaluate risk
acceptability in terms of likelihood and severity. The risk analysis methods used are adapted to evaluate risk of
accidental events.
Industrial control systems (ICS) include control systems, safety instrumented systems and communication
systems. They tend to be increasingly interconnected with the company's information systems and to use
technologies derived from IT. They are therefore more vulnerable to cyber-attacks which can potentially
generate major hazards for people and environment. A cyber-attack can be targeted or not, can be internal or
external to the targeted industrial site and the means of carrying out future attacks are potentially new and
unknown.
Knowing these rising threats, the aim of INERIS is to evaluate the potential consequences of cyber-
attacks targeting ICS in the process industry on populations safety and environment. The approach should be
centered on physical effects rather than on ICS vulnerabilities.
A first approach, ATBT, combining Attack Trees and Bowtie diagrams (ESREL 2017, Computer and
Security 2017) has been developed by INERIS. This allows to evaluate the likelihood of accidental and
malicious causes of major hazards. This first approach relies on bowtie diagrams developed to assess accidental
risks which are not exhaustive for attack scenarios. Indeed, this approach fails to extensively identify scenarios
because it does not consider simultaneous attacks of several systems or the coordinated execution of several
commands.
In this paper, we propose to complete the ATBT with an identification of attack scenarios during the
preliminary risk analysis. This identification relies on a deductive approach, starting from the physical process
and the potentials of hazards and going back to the sensors, actuators and control systems that the attacker could
corrupt to provoke these effects considering potential simultaneous failures.
After identification of the substances and installations present on the site and the ICS acting on them, the
analysis is carried out in several stages:
• Identification of potential dangerous mixtures of substances;
• Identification of dangerous changes in physical process parameters;
• Identification of systems whose shutdown would cause a risk;
• Identification of dangerous substances dispersions (overspill, opening of a discharge device);
• Analysis of potential multiple attacks.
For each step, sensors, actuators and PLC potentially used to initiate and command the dangerous
scenarios are identified.
Following this preliminary analysis, selected scenarios are evaluated in detail with the ATBT approach.
This general framework links risks physical risks for people and environment and cybet attacks of ICS
and identifies critical systems to which minimum levels of IT protection must be applied.
Key words: Cyberphysical, Major Hazards, process Industry, Risk Analysis

Session 2-1
Safety of Collaborative Systems
9
Human-robot coactivity: need’s analysis
Tihay D., Perrin N.
Institut national de recherche et de sécurité (INRS) – 1, rue du Morvan – CS 60027 – 54519 Vandœuvre Cedex
– France
david.tihay@inrs.fr
nellie.perrin@inrs.fr
Due to mechanical risks generated by industrial robotics, robots are traditionally isolated from humans by
physicals safety fences. The working areas dedicated to them are therefore identified and materialized, so
forbidding any human action in the robot’s area of evolution.
Technical improvements are nowadays allowing manufacturers and integrators to propose robotic
solutions that do not include those physical fences. The man and the robot can now share their workspace and
possibly perform common tasks. Industrial robotics is then called “collaborative robotics”. These situations of
human-robot coactivity are inherent to industrial collaborative robotics and they are raising many questions of
health and safety at work. The challenge for prevention is to insure that their implementation presents a
sufficient level of security for the user and for the third parties.
This article presents the results of an exploratory study, done in collaboration with users of industrial
robotics, on their needs and on their perception of the potential gain they could obtain by using collaborative
robots. Through semi-directive interviews conducted by an "engineer-ergonomist" pair with industrial robotics
users, the real needs of users have been identified. In order to cover a wide variety of work situations, the
concept of coactivity is usually declined according to different modes ; workspace sharing, alternated tasks,
simultaneous tasks, assistance of the operator by the robot. Achieving common or shared tasks between the robot
and the operator does not appear as a strong need. The frequency of interactions between humans and robots
remains low and is often limited to workspace sharing. Despite a certain interest in collaborative robotics, only
few companies are using it today. This can be explained by the unavoidable constraints due to the human-robot
proximity which can sometimes be incompatible with the requirements of production, like cycle times for
example. Results also highlight, that constraints are mainly due to the limits of the protective devices design to
detect the presence of persons, despite all the research works that are conducted to improve their performance.
Despite the expressed needs, the industrialists declare themselves aware of the new risks associated with
these situations of "collaboration" and the need for a prevention approach based on both technical measures but
also on organizational measures. While the expressed needs are mostly covered by safety design requirements
within the international standardization (ISO10218-1), this study shows that manufacturers do not plan to
systematically use collaborative robotics. The reasons for this seem multifactorial and application-specific.
Keywords: Robotics, HRC, Safety, ISO 10218-1
Session 2-1 – Safety of Collaborative Systems 10

Of the necessity of a uniform measurement procedure for the determination if the
threshold values listed in ISO TS 15066
Pilz T.
Pilz GmbH & Co. KG - Felix-Wankel-Straße 2 - D-73760 Ostfildern – Germany
t.pilz@pilz.de
In the paper the writer identifies the necessity of amending TS 15066 with a test procedure to be followed
in order to come to reproducible measurement results.
Since the release of TS15066 the threshold values have been in the center of criticism. Meeting the
pressure requirements often results in processes where the robotic application is forced to be so slow that it
becomes unattractive to implement method 4 HRC applications. Consultants working in the field of CE marking
applications do get challenged if their measurements are accurate. Users hope by changing the engineering
company conducting the measurement brings them the desired results. This is possible because TS15066 does
give no guidance on how the test set up has to be arranged and what procedure has to be applied.
Furthermore there is no industry< consensus how a free push is to be measured. Voices become luder,
that in stead of measurement a calculation based on information of the manufacturer would be better. While this
is a viable way for the design of the machine the validation of the application still does require measurement.
While the Maintenance of ISO 10218-1 and 10218-2 has started speed is of the essence since it is the
goal to transform what is know as TS5066 into ther ISO 10218 series of standards. While it is currently unclear
if it becomes a part 3 or is included in part 2 it is evident, that without a mandatory measurement procedure
reproducible and comparable results can not be produced. Thos however is necessary to get industry acceptance.
In the end the balance between safety of the worker and productivity of the line needs to be found and
one way to get there is to bring the expert know how in how to set up a measurement and how to determine the
values is standardized. This will allow for CE conform HRC applications which in return will lead to safe HRC
Method 4 applications that meet productivity and safety requirements.

Object Recognition for Safety Applications using Ultrasonic Holography
Kirfel A.1, Ostermann B.2, Scheer T.1, Jung N.1
1
Safety and Security Research Institute (ISF), Bonn-Rhein-Sieg University of Applied Sciences - Grantham-
Allee 20 - 53757 Sankt Augustin - Germany
2
Institute for Occupational Safety and Health (IFA) - Alte Heerstr. 111 - 53757 Sankt Augustin – Germany
alexander.kirfel@h-brs.de
bjorn.ostermann@dguv.de
tobias.scheer@h-brs.de
norbert.jung@h-brs.de
Entering the work envelope of an industrial robot can lead to severe injury from collisions with moving
parts of the system. Conventional safety mechanisms therefore mostly restrict access to the robot using physical
barriers such as walls and fences or non-contact protective devices including light curtains and laser scanners.
As none of these mechanisms applies to human-robot-collaboration (HRC), a concept in which human
and machine complement one another by working hand in hand, there is a rising need for safe and reliable
detection of human body parts amidst background clutter. For this application camera-based systems are
typically well suited. Still, safety concerns remain, owing to possible detection failures caused by environmental
occlusion, extraneous light or other adverse imaging conditions. While ultrasonic proximity sensing can provide
physical diversity to the system, it does not yet allow to reliably distinguish relevant objects from background
objects.
This work investigates a new approach to detecting relevant objects and human body parts based on
acoustic holography. The approach is experimentally validated using a low-cost application-specific ultrasonic
sensor system created from micro-electromechanical systems (MEMS). The presented results show that this
system far outperforms conventional proximity sensors in terms of lateral imaging resolution and thus allows for
more intelligent muting processes without compromising the safety of people working close to the robot.
Based upon this work, a next step could be the development of a multimodal sensor systems to safeguard
workers who collaborate with robots using the described ultrasonic sensor system.
Keywords: Ultrasonic Sensor; Acoustic Holography; Human-Robot-Collaboration; Machine Based Learning

Reliable Planning of Human-Robot-Collaboration featuring Speed and Separation
Monitoring
Petersen H., Behrens R., Saenz J., Schulenburg E., Vogel C., Elkmann N.
Fraunhofer IFF – Sandtorstrasse 22 – D–39104 Magdeburg – Germany
Hauke.Petersen@iff.fraunhofer.de
The demand for work cells featuring humans and robots is steadily increasing. The industrial sector is the
main driver of the development, as the potential for collaborative robots to support the human workforce during
exhausting assembly tasks is very large. In this context, human-robot collaboration (HRC) with high-payload
robots is currently attracting the most attention. Possible use-cases include fenceless material transfer and
cooperative assembly tasks. Currently the engineering efforts and associated costs needed to comply with the
safety requirements of ISO/TS 15066 are prohibitively high and represent a barrier to more widespread use.
Therefore, we see a strong need for new tools and methods that allow for a more efficient planning of
applications featuring HRC.
This paper presents a novel planning approach that has great potential to reduce the aforementioned
design and planning efforts. Our focus is on industrial applications featuring HRC that use Speed and Separation
Monitoring (SSM) according to ISO/TS 15066 to safeguard the robot. In the first part, we will introduce the
safety requirements of SSM and give a short overview of the current design process for industrial applications
featuring HRC. A brief case study will highlight the need for appropriate and more efficient planning tools and
model-based methods. In the next section, we will present our novel approach that uses a cloud-based platform
and provides planning services as an extension to commercially available planning tools, whereby each service
considers a specific safety aspect. For instance, a service for SSM solves the equations defined in the ISO/TS
15066 to calculate the minimum protective safety distance between robot and humans. The complex calculations
take place in a powerful cloud-cluster, and the results are streamed back to the connected planning tool, showing
the user the required safety distance in the form of a volume surrounding the simulated robot. Further services
include models of various safety sensors that can be used in the robot simulation, so that their safety-related
properties are taken into account when calculating the required minimum protective distance. The benefits of our
approach are a faster design process and less uncertainty about the required floor space and the achievable cycle
time. Our approach furthermore provides the planner with richer information about the interdependencies
between the various individual components present in an application featuring HRC to allow for better-informed
design decisions. Finally, we will discuss the implications of our approach on time-consuming and costly
validation and certification activities.
Keywords: Human-Robot collaboration, computer aided safety, shared workspace, speed and separation
monitoring

Industrial collaborative robot application: experimental implementation of safety-rated
monitored stop
Sghaïer A.1, Baudoin J.1, Bello J.P.1, Jocelyn S.2, Burlet-Vienney D.2, Giraud L.2
1
– France
2
Institut de recherche Robert-Sauvé en santé et en sécurité du travail (IRSST) – 505 boul. de Maisonneuve Ouest
– Montréal (Québec), Canada H3A 3C2
adel.sghaier@inrs.fr
james.baudoin@inrs.fr
jean-paul.bello@inrs.fr
jocelyn.sabrina@irsst.qc.ca
damien.burletvienney@irsst.qc.ca
laurent.giraud@irsst.qc.ca
Technological development followed by the evolution of industrial standards allows now to foresee
applications in which man and robot collaborate. The emergence of this type of application in the workplace
implies the presence of the operator in the robot evolution space during production phases. This introduces new
risks that must be adequately covered. Today, almost all robot manufacturers offer a range of technical solutions
that help integrators managing the risks associated with human-robot collaboration.
To respond to the difficulties encountered by integrators apprehending those new technical solutions, we
conducted a study on the implementation of collaborative robotics applications. In this study, an application,
based on the concept of safety rated monitored stop prescribed by the standard ISO 10218-1:2011, was designed
and implemented using technical solutions available on the market. The objective of this approach was to act as
an integrator in order to define the different steps to be followed and to identify vigilance points relative to the
operator's safety in the collaborative workspace.
Prior to the experimental implementation of the collaborative application, a theoretical study of the safety
functions offered by robot manufacturers was carried out. This study allowed us to identify the categories of
functions available in the market and to highlight their technical specificities. The design of the collaborative
robotic cell was conducted using an iterative approach of risk assessment and risk reduction. The critical steps
for the safe design of such an application have been identified. Finally, the practical implementation of the safety
functions necessary to guarantee the operator's safety during the phases of collaboration with the robot helped to
identify points of vigilance that must be taken into account by future integrators of such application.
Integrators have increasing demands to integrate applications using new technologies of collaborative
robotics. The results of this study will therefore be used to write a guide in which recommendations are
formulated for industrial robot integrators.

Session 2-2
Safety of Collaborative Systems
15
Advancing Anticipatory Behaviors in Dyadic Human-Robot Collaboration:
The AnDy project
Maurice P.1, Ivaldi S.1, Fritzsche L.2, Babic J.3, Stulp F.4, Damsgaard M.5, Graimann B.6, Bellusci G.7, Pucci D.8,
Nori F.8
1
Université de Lorraine, CNRS, Inria, LORIA, F-54000 Nancy, France
2
IMK automotive GmbH, Amselgrund 30, 09128 Chemnitz, Germany
3
Jožef Stefan Institute, Jamova cesta 39, SI-1000 Ljubljana, Slovenia
4
German Aerospace Center (DLR), Institute of Robotics and Mechatronics, Wessling, Germany
5
AnyBody Technology A/S, Niels Jernes Vej 10, 9220 Aalborg East, Denmark, Denmark
6
Otto Bock Healthcare GmbH, Duderstadt, Germany
7
Xsens Technologies B.V., P.O. Box 559, 7500 AN Enschede, The Netherlands
8
Fondazione Istituto Italiano di Tecnologia, via Morego 30, Genova, Italy
pauline.maurice@inria.fr
In the near future, robots collaborating with human operators in industries will need more and more
anticipation capabilities to properly react to human actions and provide efficient collaboration. To achieve this
goal, new technologies are needed that not only estimate the motion of the humans, but that fully describe the
whole-body dynamics of the interaction and that can predict its outcome. These hardware and software
technologies are the goal of the European project AnDy.
The AnDy project leverages existing technologies to endow robots with the ability to control physical
collaboration through intentional interaction in order to maximize ergonomics for the user. To achieve this goal,
AnDy relies on three technological and scientific breakthroughs. First, AnDy innovates the way of measuring
human whole-body motions by developing a wearable AnDySuit, which tracks motions and records forces.
Second, AnDy develops the AnDyModel, which combines ergonomic models with cognitive predictive models
of human dynamic behavior in collaborative tasks, learned from data acquired with the AnDySuit. Third, AnDy
proposes AnDyControl, an innovative technology for assisting humans through predictive physical control based
on AnDyModel.
By measuring and modeling human whole-body dynamics, AnDy will provide robots with a new level of
awareness about human intentions and ergonomics. By incorporating this awareness on-line in the robot's
controllers, AnDy paves the way for novel applications of physical human-robot collaboration in manufacturing,
health-care, and assisted living.
We present the goals and methods of the AnDy project, as well as first year results. Technical advances
on the AndySuit – using inertial motion capture and sensorized shoes – along with the development of an on-line
inverse dynamics software tool now allows real-time monitoring of human dynamics. The information provided
thereby is used in the controller of a robot physically interacting with the human, so that the robot reactively
adapts its movement to the human’s movement. Experiments with a real robot have shown promising results.
The next step is to couple the robot controller with an automatic ergonomic assessment tool. Thereby, the robot
will be able to detect and anticipate critical situations, and will react in order to optimize the ergonomics of the
human movement.
Keywords: Collaborative robots, Ergonomics, Wearable Sensors, Human Movement Prediction

COVR – Towards simplified evaluation and validation of collaborative robotics
applications across a wide range of domains using robot safety skills
Saenz J.1, Aske L. 2, Bidard C.3, Buurke J.H.4, Nielsen K.2, Schaake L4, Vicentini F.5
1
Fraunhofer IFF (IFF) - Sandtorstrasse 22 - 39326 Magdeburg - Germany
2
Teknologisk Institut (DTI) - Gregersensvej 1- Taastrup 2630 - Denmark
3
CEA, LIST, Interactive Robotics Laboratory, F-91191 Gif-sur-Yvette - France
4
Roessingh Research And Development BV (RRD) - Roessinghsbleekweg 33- Enschede 7522 AH -
Netherlands
5
Consiglio Nazionale Delle Ricerche (CNR) - ITIA – via Alfonso Corti 12 – 20133 Milan – Italy
jose.saenz@iff.fraunhofer.de
aala@teknologisk.dk
catherine.bidard@cea.fr
J.Buurke@rrd.nl
kuni@teknologisk.dk
L.Schaake@rrd.nl
federico.vicentini@itia.cnr.it
The need for collaboration between robots on human tasks is evident in all sectors of the European
market. Collaboration however inevitably raises safety issues, and European legislation is very careful to
promote the protection of workers, elderly and weak subjects as a top priority. Market operators therefore
perceive the need for “certification”, i.e. the compliance with mandatory Essential Requirements of Safety and
Health, as a pressing need.
In our experience with end-users, robotics components manufacturers, and system integrators, safety has
become a barrier to the promotion and availability of collaborative robotics technology in all domains. This is
due to a number of issues, both technical (e.g. robotics are complex, reconfigurable systems that can change their
behaviour over time) and non-technical (e.g. understanding and correctly applying the current standards and
directives to prove compliance is a challenge, especially for smaller companies).
The EU-funded project “Being safe around collaborative and versatile robots in shared spaces” (COVR)
aims to systematically break down these barriers to support more widespread use of collaborative robots in a
wide range of industries and domains (e.g. manufacturing, logistics, healthcare and rehabilitation, agriculture).
In this paper, we will describe our approach to engage various stakeholders and encourage widespread
use of collaborative robots. This includes the development of a toolkit employing a methodology based on robot
safety skills – i.e. complex safety functions and protective behaviours valid across domains, to support robotics
users in identifying which standards and validation procedures are required, and the development of a set of
testing protocols that clearly define the safety-related validation procedures. A crucial aspect of the project is
active consultation with regional stakeholders from standardization, national agencies, accident insurance, and
safety verification bodies to create a consensus on the validity of the toolkit and protocols. Additionally, the
COVR consortium will become available as shared safety facilities, where interested third parties can receive
training, gain access to measurement systems for validation, and receive support in using the toolkit and
applying the protocols. Finally, COVR will offer over 5 million Euros in funding to third parties seeking to
engage with COVR, to “stress test” the toolkit and protocols with specific use-cases, and to provide background
research and experimental data for determining best practices.
Besides a description of the various project mechanisms, the first project results including the toolkit
design and initial set of protocols for safety validation will be presented in this paper.
Keywords: International standardization, practical applications and validation, industrial collaborative robotics,
rehabilitation robotics

Japan’s approach for the realization of Future Safety Concept by implementing
collaborative safety technologies
Mukaidono M. 1,2,
1
The Institute of Global Safety Promotion (IGSAP) - 2-7-53 Nishimiyahara, Yodogawa-ku, Osaka, Japan
2
Meiji University - 1-1-1 Kandasurugadai, Chiyoda-ku, Tokyo, Japan
masao@meiji.ac.jp
Safety in industrial automation has been ensured by installing various safety control devices/systems on
machine systems. These devices/systems were developed by reflecting the needs of the times and by taking
approaches as intrinsic, control, and functional safety. In the conventional approach called Safety1.0, risk
assessment is performed to isolate machines from humans on the principle of stop/isolation, and various safety
measures are employed.
Japan’s approach toward safety has been evolving since 2015 when we proposed the new collaborative
safety concept, and importantly the Safety2.0 approach that would realize the concept. In Safety2.0, humans and
machines will be interconnected through ICT to attain safety and anshin—the state where humans feel assured,
protected, and comfortable. Various technologies have been under development since the inception of this
approach. Robot Revolution, as so called in Japan, is a shift where newly-developed robots are employed not
only in manufacturing but in various settings. Safety1.0 is about to evolve into Safety2.0, in which human-robot
coexistence and interconnection among humans, machines, and environment will create the new trend of high-
dimensional safety and anshin.
In order for the new technical innovation, i.e., the collaborative safety concept and Safety2.0 technologies
to take root and to allow everyone to receive the benefits of safety and anshin, an unconventional approach to
prioritize on safety is required in managing business enterprises. In Tokyo in June 2017, I proposed Future
Safety Concept at an international symposium where safety experts from Japan, France, and Germany spoke and
discussed the next-generation safety. The speakers included Prof. Dr. Didier Baptiste of INRS (France) and Dr.
Dietmar Reinert of IFA (Germany) and we discussed safety in the new era where IoT/AI is in everyday
situations.
To coincide with the event, the International Social Security Association (ISSA) announced Vision Zero
to promote safety, health, and wellbeing in September 2017. Although their goal is similar to the Japan-born
Future Safety Concept, our approach outweighs in technological innovativeness because it is based on
collaborative safety technology.
This paper reports on the background and progress of the following activities that have been implemented
in Japan to shape the new society by introducing collaborative safety. (1) Safety2.0 conformity registration
system for the new technology to connect human-machine-environment, (2) New education/qualification system
to learn safety and anshin not only for engineers but for all as society members, (3) Forums where people
seeking safety and anshin discuss their activities and accomplishment.
Keywords: Future Safety Concept, collaborative safety, Safety2.0, human-machine-environment

New collaborative safety concept in various coexistence areas for human and machinery
Shimizu T., Maeda I., Okada K., Dohi M., Fujita T.
IDEC CORPORATION – 2-6-64, Nishimiyahara, Yodogawa-ku, Osaka, Japan
t.shimizu@jp.idec.com
i.maeda@jp.idec.com
k.okada@jp.idec.com
m.dohi@jp.idec.com
t.fujita@jp.idec.com
The world is entering the new era of the fourth industrial revolution. ICT has made it possible to connect
various things via networks and to utilize cloud and AI technologies to achieve optimization and efficiency.
Manufacturing sites, at the same time, are also transforming their modes significantly on a global scale. In order
to respond to the increasingly diversifying market needs, it is necessary to establish collaborative area where the
machine-operation area and human-operation area can overwrap, while ensuring safety and productivity to
achieve flexible production. For this purpose, collaborative work by human and machines that runs without the
need of stopping machines is required. In such a situation, it is difficult to apply the conventional safety principle
of “isolation and stop” that a human cannot enter a dangerous area while the machine is moving, and can enter a
dangerous area only while the machine has stopped moving.
To meet the new challenge in the transforming manufacturing sites, we have presented the new
collaborative safety benchmark Collaboration Safety Level (CSL) based on the Safety2.0 concept, which is a
new, ideal safety collaborative safety concept for ensuring productivity and safety in human-machine
collaboration environment. In Safety2.0, safety is established by the collaboration among human, machine, and
environment. That is, messages from humans control machines, and messages from machines induce humans to
take action. The human-machine environment is optimized by employing technologies such as ICT. Messages
from humans consist of static and dynamic messages. Static messages include machinery safety qualification,
work-related roles (e.g., maintenance personnel, administrator), and capability of operators based on job
experience. Dynamic messages include location data, vital data (e.g., pulse, body temperature), behavior
(immediate reflex, motion), and operational data. Feeding these data to machines can optimize speed control and
other controls.
In an environment where humans and machines work collaboratively, it is essential to take parameters of
humans into consideration, not only of machines. CSL is completely a new, unconventional safety benchmarking
method, with an epoch-making concept to realize the fourth industrial revolution, which enables high-level
realization of both productivity and safety by way of utilizing the data of human, machine and environment. This
paper reports on the actual examples in which collaborative safety is achieved.
Keywords: Safety of machinery, Robot, Human factor and collaborative safety

Session 3
Autonomous systems
20
Top-Down approach for safety engineering in autonomous and semi-autonomous
machinery systems
Tiusanen R.1, Malm T.1, Ronkainen A.2
1
VTT Technical Research Centre of Finland Ltd (VTT) – Tekniikankatu 1 – FI - 33101 Tampere – Finland
2
Natural Resources Institute Finland (Luke) – Latokartanonkaari 9 – FI-00790 Helsinki – Finland
risto.tiusanen@vtt.fi
timo.malm@vtt.fi
ari.ronkainen@luke.fi
Needs to improve productivity, cost efficiency and safety are driving the development in industrial sectors
towards highly automated or autonomous work-machine systems. The shift towards automated mobile work-
machine systems takes safety considerations to a higher, system safety, level. Development from single
automated machines to autonomous or semi-autonomous machine systems has brought out questions like: How
to specify system-level safety requirements for unique machinery applications? How to allocate safety
requirements to different sub systems? How to define necessary protection layers and their functional safety
requirements? It is clear that the safety of autonomous work-machine systems cannot be solved only by
machine-level on-board safety solutions. Hazard analysis, risk estimation, and risk evaluation should be adapted
to support the systems-engineering decision making process at different system levels, depending on what is the
objective of the risk assessment and what is the purpose of use of the assessment results. A Top-Down approach
for safety risk management is needed to integrate risk control options from all system levels considering all
available types of risk reduction measures.
The full utilisation of work machine automation and improved productivity require also a change in safety
concepts. Traditional isolated operating areas and fixed machinery safety solutions based on single risk reduction
need to be changed into adaptive and proactive system-safety solutions utilising protection layers, situational
awareness information and dynamic risk assessment. Failure to implement system safety through proper analysis
and protection layers may result in loss of system usability or productivity. The recently published safety
standard for autonomous work-machine systems in earth moving and mining machinery, ISO 17757:2017
emphasises the development of adaptive safety concept and the utilisation of protection layers.
A new three-level approach for the assessment of safety risks in automated work-machine systems have
been developed, applied and implemented in among system suppliers. The developed approach integrates key
elements from machinery safety, functional safety and industrial safety engineering practices. Analysis of
complex machinery applications, different operating scenarios and evaluation of safety solutions is made
possible today by virtual environments and simulator-assisted engineering methods. New virtual engineering
tools and system simulators have been developed to support the design and evaluation of demanding safety
solutions. A new process model following the three-level approach and agile virtual design principles have been
demonstrated to support safety engineering from conceptual system design to the design of safety functions.
VTT Technical research centre of Finland Ltd and Natural Resources Institute Finland have been
developing, demonstrating and implementing these new approaches and methods together with system suppliers
and machine manufacturers in Finland. This paper presents the developed approaches, methodologies and
practical results.
Session 3 – Autonomous systems 21

Safety concepts for autonomous and semi-autonomous mobile work machines
Malm T.1, Ahonen T.1, Kämäräinen J.2
1
VTT Technical Research Centre of Finland (VTT) – Tekniikankatu 1 – FI - 33101 Tampere – Finland
2
VTT Technical Research Centre of Finland (VTT) – Tehdaskatu 15 – FI - 87100 Kajaani – Finland
timo.malm@vtt.fi
toni.ahonen@vtt.fi
jukka.kamarainen@vtt.fi
The interest for development and implementation of autonomous mobile work machines has increased
dramatically during the past two years. One has seen that autonomous cars have appeared in traffic in specific
conditions, AGVs are commonplace at factories and autonomous mobile work machines are operating in closed
environments. Compared to the applications currently available, introduction of the current technologies in
outdoor mobile work machine systems is more complex than what it may seem, due to the limitations of these
applications. Sensors operate well only indoors, safety of the outdoor sensors is limited and the safety
requirements are not unambigious.
The level of automation clearly affects the safety requirements. The more automated system, the more
requirements there are to the system, and the more manufacturer needs to take responsibility. In manual systems,
the operator/driver takes great share of responsibility of the operations, and in automated systems, the
manufacturer has more responsibility. In many cases, the intention is to increase level of automation gradually,
leading to situations where both manual and automated machines operate at one time. From the safety point of
view, this is difficult, since both human errors and machine failures may cause hazardous situations.
There are, fortunately, plenty of means to better safety, although the sensors are not ideal for outdoor use.
It is possible to utilize diversity of means for: detecting persons and machines, applying access control systems
for machines and humans, limiting allowed machine movements and speed, enabling movements by applying
suitable devices, increasing situational awareness of machines and persons, and defining proper rules for humans
and machines. It is obvious that the useful means depend on the application. Risk assessment is an essential tool
in selecting methods for safety measures. This paper introduces the approaches relevant for machine vendors in
considering the safety on the path towards an autonomous system.
Keywords: Safety, autonomous mobile work machines, safety systems

Autonomous Driving within the Plant
Functional Safety between (?) Industrial Automation and Automotive Engineering
Borowski T.
Institut fuer Arbeitsschutz der Deutschen Gesetzlichen Unfallversicherung (IFA) - Alte Heerstr. 111 –
53757 Sankt Augustin – Germany
torsten.borowski@dguv.de
Autonomous Guided Vehicles (AGVs) and Systems have been used safely for fully automated internal
transport for a long time. Thanks to well-engineered protective devices such as safety laser scanners, which are
designed in accordance with international standards such as EN 1525 Safety of industrial trucks - Driverless
trucks and their systems and IEC 61496 Safety of machinery - Electro-sensitive protective equipment, accidents
with AGVs are hardly ever occurring. Organisational and technical measures in the infrastructure, such as the
limitation to indoor use, traffic routes for industrial trucks separated from pedestrians and additional support by
intelligent guidance and navigation systems, make this deployment possible in the first place.
However, the demand for autonomous mobility for logistics is growing and affects not only the ´on-road´
transport sector with autonomous trucks, but also internal plant transport in the outdoors. The presentation shows
three application examples of a future development; they illustrate the enormous challenges to be faced, but they
also show that solutions are already being tested.
The presentation does not address the economic benefits of highly automated technology solutions or the
technical peculiarities of the autonomous logistics concept. Rather, the example of protective measures for anti-
collision protection, i. e. pedestrian safety, is chosen to depict the status quo and the further development of
safety systems on the borderline between machines and automobiles. Technology of the automotive supplier
industry is increasingly being used in the industrial sector, with the Machinery Directive 2006/42/EC and own
standards for functional safety (IEC 62061 and ISO 13849) in force there. Examples are driver assistance
systems (ADAS), vehicle control systems with functional safety (safety ECUs) and ´ASIL ready´ processors
(IPs, SoCs) or SEooC according to ISO 26262.
The hypothesis: "SIL (61508) ≠ ASIL (26262)" is meant to describe the growing demand for the integral
application of FS standards in the automotive and machine sectors, and the need for further coordination among
experts. Not only the developers are challenged here, but also the Notified Bodies (like the IFA). The topic of
pedestrian protection systems is intended to underline that functionally safe systems do call for more than
considering hardware and software aspects of programmable units (PES). As a matter of fact, the safety integrity
of the entire system is at stake here. The application of safety-relevant anti-collision sensors also shows that
there are (still) significant differences between safe system solutions in automation and automotive technology.
keywords: autonomous driving, pedestrian protection systems, solutions and standards in automation and
automotive technology

A methodological framework to support the design of safe & secure autonomous systems
Heikkilä E., Välisalo T.
VTT Technical Research Centre of Finland Ltd. – Tekniikankatu 1 – P.O.Box 1300 – FI-33101 Tampere –
Finland
eetu.heikkila@vtt.fi
tero.valisalo@vtt.fi
Advances in robotics, artificial intelligence, and communication technology are enabling increasingly
autonomous systems. Different systems have different levels of autonomy and different levels of openness,
which introduce different risks for safety and security in different industries. These risks are not static. Rather,
risks change as organizations seek to bring together new devices and machines into use within wider systems.
Currently, however, there are only general guidelines and limited domain-specific standards for designing safety
and security into autonomous systems. Even in these, the focus is on providing general performance guidelines
instead of prescriptive design requirements. Hence, there is a gap between the current standards base and
technologies being developed. This gap leaves technology developers with an increasing responsibility for
ensuring safety. Consequently, there is need for technology developers to be able to take a holistic view of safety
and security issues throughout the systems engineering process.
In the study reported in this paper, we have focused on autonomous systems in industries where there is
value-added by some human-robot interaction (HRI). We have identified safety and security challenges in
development of different autonomous systems, which include (but are not limited to) the following issues. 1)
Requirements management and system description. 2) Safe and secure handling of data. 3) AI and algorithm
safety. 4) Artificial Intelligence (AI) transparency. 5) Connectivity and cyber security, including actions when
connectivity is lost. 6) Physical security including vulnerability to adversarial attacks. 7) Change management,
e.g. in case of software updates. 8) Verification and validation in the context of limited standardization. In this
paper, there are four principle contributions. First, we provide a review of the current base of standards and best
practices, to identify the key areas where technology developers need most support. Second, we present a
preliminary methodological systems engineering framework, which can support the development of autonomous
systems. Third, we propose a set of methods within the framework to be used to support safety-related design.
Fourth, we demonstrate how the framework supports the design process.
Keywords: Autonomous systems, Safety of machinery, Systems engineering, Design methodology

Session 4
Protective devices and smart systems
25
Use of tablets and smartphones for the control of machinery
Nischalke-Fehn G.
Institute for Occupational Safety and Health of the German Social Accident Insurance (IFA)
U. 5.3: Protective Devices and control systems - Alte Heerstraße 111 - 53757 Sankt Augustin - Germany
georg.nischalke-fehn@dguv.de
Safe control devices for machinery are expensive, and with the right app, the smartphone in the
user's pocket serves just as well. This might well be the view of Joe Public or for that matter a business
analyst.
The focus of this paper however lies more on the technical aspects of a safe machine control
employing a smartphone or a tablet PC. It will first describe the general (industrial) and technical safety
(normative) requirements upon mobile control devices for machinery. A second focus of the paper is the
presentation of a research study of this topic conducted at the Institute for Occupational Safety and Health
of the German Social Accident Insurance (IFA).
The research study, which was prompted by consulting with accident insurance institutions and
machinery operators, is intended to show the general conditions under which such devices can be used for
the safe operation of machinery. In order to demonstrate the operating concept, a functioning model was
produced. CAD software was used to design a tablet frame, which was then fabricated using 3D printing
technology.
A standard tablet PC can be inserted into this frame. In addition to an emergency-stop button and
two enabling buttons, electronics for processing the safety-related signals was integrated into the tablet
frame. The safety-related emergency-stop and enabling signals are processed by the electronics in the
frame, and packaged in a safety-related data message. The data are then transmitted by Bluetooth to the
software (machine app) installed on the tablet. In turn, the machine app transfers these safety-related and
non-modifiable data to the machine control system, for example by WLAN, together with its own
machine data. The machine control system thus receives both the data from the machine app and the
safety-related data message from the tablet frame. The concept is based upon the black-channel principle
familiar from data transmission in safety technology. Commands are input by means of the buttons and
safe electronics installed in the tablet frame. The tablet serves only as a medium for transmission. Neither
a defect in the tablet or its failure, nor substitution with a different tablet or modification of the operating
interface (machine app) therefore influence performance of the safety function.
Keywords: wireless machine control, safety-related data transmission, tablet frame
Session 4 – Protective devices and smart systems 26

General principles of smart personal protection systems design
Marchal P.
– France
patrice.marchal@inrs.fr
With the development of techniques linked to the Internet of things, a new generation of personal
protective equipment has emerged, known as “smart personal protection systems” (SPPS). This market is
dynamic and new products are launched every year.
These systems incorporate sensors and/or specific materials that allow, for example, adapting the
protection they provide or warning the wearer of a particular risk.
However, this evolution leads manufacturers to questions from the safety requirements applicable when
designing such equipment. This evolution also raises questions from end-users companies (employees,
management, preventionists, etc.) regarding their performances and limitations.
Faced with the emergence of a large number of connected products, this article proposes a clear
definition of a SPPS. The objective of this classification is to help the designers and inspection bodies to identify
the prevention rules applicable to this products.
As this classification is also based on the claims made by the SPSS manufacturers, it can also be useful
to guide end-users when choosing and purchasing this type of product.
Keywords: Protection personal, Smart, Definition, System

Safety related sensors used for protection of person
Wüstefeld M.
SICK AG, Erwin-Sick-Str. 1, 79183 Waldkirch, Germany
martin.wuestefeld@sick.de
Safety related sensors are applied to machinery presenting a risk of personal injury. They provide
protection by causing the machine to revert to a safe condition before a person can be placed in a hazardous
situation.
Existing sensor standards provides specific design and performance requirements for manufacturer and
integrators of sensors into safety related control systems. The specific design and performance requirements
gives a clear but limited guideline for specific sensor technologies (like optical sensors) , specific sensing
functions (like capability to detect the presence of a specified object in a configured protection zone) or consider
only the detection of objects representing parts of body of adults with limited range of properties (like minimum
size or reflectivity).
Applications of Autonomous systems like Automated guided vehicles, Service Robotics or Human
Machine Interaction in Industries show an increasing demand for new sensor technologies (e.g. Radar,
Ultrasonic sensors), new kind of sensor functions (e.g. classification of objects, position of an object) or
combination of different sensor technologies in a sensor system.
Sensor manufacturers or integrators use in such cases generic functional safety standards as guideline for
the safety related product design. Generic functional safety standards like IEC 61508 or sector specific
machinery standards like IEC 62061 or ISO 13849 are general and product design can be carried out without
limitations, which are inappropriate for the requirements given by the specific application. Applying these
standards would require a dedicated analysis of systematic capabilities of a sensor or sensor system (e.g.
dependability of the sensing function under tolerance conditions and environmental influences). There is not
enough guidance given in these standards to prevent design failures or insufficient capability to detect the
specified object in certain environmental conditions. This may result in an intolerable risk for persons.
A new standard will be presented, IEC/TS 62998, which fills the gap for the examination of systematic
capabilities between design specific sensor standards and generic functional safety standards of electrical,
electronic or programmable electronic control systems.
Keywords: safety of machinery, practical applications and experience,safety related control system, International
standardisation.

Future prospects of enabling device as an essential safety device
for the safety of machinery and Safety2.0
Nobuhiro M., Dohi M., Maeda I., Okada K., Fujita T.
IDEC Corporation – 2-6-64 Nishimiyahara – Yodogawa-ku – Osaka – Japan
m.nobuhiro@jp.idec.com
m.dohi@jp.idec.com
i.maeda@jp.idec.com
k.okada@jp.idec.com
The principle of isolation/stop has been applied to implement safety measures in safety of machinery. The
principle is based on the concept to ensure safety by isolating the running machine from operators with a guard,
or stopping the machine when operators need to approach it. Machines’ modes can be classified into two;
automatic operation mode when operators are isolated from the machine, and human-attended operation mode
when operators work near the machine that has stopped running for human-attended operations such as
maintenance and/or changeover.
Most industrial accidents occur either during human-attended operation or when switching between the
operation mode. During human-attended operation mode, the machine sometimes needs to run while the operator
is nearby, raising the possibility of fatal physical contact. When switching the operation mode, the machine may
start unexpectedly and also raising the possibility of fatal physical contact. Utilizing an enabling device is
effective to ensure safety in these situations, and the study on the safety device has been reported in our papers
for the past SIAS conferences.
The ergonomically designed enabling device is a safety device developed by taking into account the
human’s involuntary movement in sudden danger. Operators in danger either release or grasp the device. The
device disables machine operation when released or grasped tightly and enables machine operation only when
being maintained in the middle position.
Since the launch of our first model in 1997, we have advocated the importance of enabling devices and
promoted international standardization. Now, using enabling device is recognized as an essential measure for
teaching industrial robots.
Industrial advancement projects have been taking place in recent years, including Industrie 4.0 in
Germany and Connected Industries in Japan. The setting is changing, as clearly shown in the number of enabling
devices we have delivered over 20 years, and also the number of industrial robots during the same period. The
drastic increase of enabling devices and industrial robots indicates that collaborative robot system has been
adopted in increasing number of actual applications. It also indicates that conventional principle of isolation/stop
may not be sufficient in some applications, and these are where Safety2.0, Japan’s new safety concept, is
applicable to ensure safety and productivity in areas where humans and machines/robots work collaboratively.
This paper reviews the history and future prospects of the enabling device, which is an essential safety
device in the safety of machinery as well as Safety2.0.
Keywords: enabling device, safety of machinery, robot, collaborative safety

Poster session
30
Practical solutions for safety-related application programming
Huelke M., Lungfiel A., Janik A.
Institute for Occupational Safety and Health of the German Social Accident Insurance (IFA) –
Alte Heerstrasse 111 – 53757 Sankt Augustin – Germany
michael.huelke@dguv.de
andy.lungfiel@dguv.de
albert.janik@dguv.de
Manufacturers of machinery are increasingly using application programming of safety controls in order to
implement safety functions. The EN ISO 13849-1 and EN 62061 standards define requirements concerning the
development of software employed for safety functions. The essential requirement imposed by these standards
is the observance of a structured development process: the V model. The further requirements concerning
measures for the avoidance and control of errors during development are also formulated in the standards in the
usual very general terms. Furthermore, few examples and proposals for implementation of these requirements
have been published to date. Interpretation of the standards during software development in machine
construction is therefore often unclear, and presents difficulties during implementation.
The IFA began addressing the subject of safety-related application software many years ago. Between
2011 and 2013, Project FF-FP0319 concerning standards compliant development and documentation of safety-
related user software in machine construction was successfully completed at the Bonn-Rhein-Sieg University of
Applied Sciences in conjunction with numerous partner bodies from the machine construction sector and with
funding from the DGUV. For this purpose, a procedure – the IFA matrix method – was developed, and evaluated
and documented with reference to examples from industry, for implementation of the requirements concerning
the development of software for machine safety functions. The IFA matrix method can be used to specify,
validate and document the application software of safety functions in accordance with the standards. In order for
the IFA matrix method to be implemented efficiently, the IFA is developing SOFTEMA, a software tool.
Last SIAS conference, the main author introduced the IFA matrix method and very soon, the IFA report
2/2016 on the subject has been published. The report also provides further information on application
programming for safety-related machine controls.
In the beginning of 2018, the IFA will be launching the supporting tool SOFTEMA, in beta test at
hundreds of German companies. The poster will highlight the functionalities of SOFTEMA, the benefit of this
tool and present first user experience. In addition to and beside the poster, the tool could be demonstrated on a
notebook.
Keywords: Safety-related control systems, Application software, Specification and validation, Practical solutions
Poster session 31
The Supportive Protective System (SPS) I.
Study on Worker's Three-dimensional Location Detection Using Ultra-wide Band
(UWB) System under the Supportive Protective System (SPS)
Shimizu S.1, Ohtsuka H.2, Hamajima K.1, Umezaki S.1, Matsui K.3, Fukuda T.4, Itou H.3, Takahashi S.3, Hojo R.1
1
National Institute of Occupational Safety and Health, Japan (JNIOSH) – Umezono 1-4-6 – Kiyose – Tokyo –
204-0024 – Japan
2
ECSSA Consulting & Co – Shinkoiwa 3-4-1 505 – Katsushika ward – Tokyo – 124-0024 – Japan
3
Nihon University – Narashinodai 7-24-1 – Funabashi city – Chiba Prefecture – 274-8501 –Japan
4
Nagaoka University of Technology – Kamitomioka1603-1 – Nagaoka City – Niigata Prefecture – 940-2188 –
Japan
shimizu@s.jniosh.go.jp
h.otsuka_auto-id@air.ocn.ne.jp
hamajima@s.jniosh.go.jp
umezaki@s.jniosh.go.jp
cskt14086@g.nihon-u.ac.jp (Matsui K)
t-fukuda@vos.nagaokaut.ac.jp
cskt14086@g.nihon-u.ac.jp (Itou H)
takahashi.sei@nihon-u.ac.jp
hojo@h.jniosh.go.jp
Most of industrial accidents by human factor frequently occur during non-routine work at integrated
manufacturing system in Japan. One of the reasons is that safety management system has been accomplished
depending on human attentiveness. In addition, it is concerned that machine users at work site do not
appropriately perform reduction method of residual risk, which are remained risk after machinery makers applied
risk reduction measure. It is necessary to manage worker's entering and leaving the work site perfectly
by ICT equipment. Even if worker exists in a blind spot, the existence of him/her should be detected
by a third person using some security measure for prevention of dangerous condition, such as miss-
restart. In the present study, a 3-demensional UWB position detecting system, which developed in our
laboratory, was used to detect the location and the posture of worker who was existed in a blind spot in
the automated manufacturing line. A pilot experiment which examined the usefulness of the 3-
demensional UWB position detecting system was performed. As a result, the 3-dimensional UWB
position detecting system could measure the location and posture of the worker appropriately. It is
concluded that the 3-demensional detecting system used in the present study can contribute to guarantee safety
of workers in integrated manufacturing system without depending on human attentiveness. Further, the 3-
dimensional UWB position detecting system not only prevents the accident when a automated
manufacturing line restarts, but also can be applied to check the vital of workers such as heat
exhaustion measures.
Keyword: the Supportive Protective System (SPS), ultra-wide band (UWB) System, human factor, residual risk
Poster session 32
Supportive Protective System III
The New Approach using ICT in IoT era on Safety Management From information
communication to prediction and control of human behavior.
Experimental procedure of behavior analysis to the Supportive Protective
Hamajima K.1, Shimizu S.1, Umezaki S.1, Tsuchiya M.2, Hojo R.1
1
204-0024 – Japan
2
ADVANTAGE Risk Management Co., Ltd. – Nakameguro GT Tower 17F , 2-1-1 Kamimeguro, Meguro-ku,
Tokyo 153-0051
m-tsuchi@umin.ac.jp
hojo@h.jniosh.go.jp
Recently, there is increasing interest in Industry4.0 and/or Safety2.0 in all of the world. Also, some proper
evaluation method to a safe management system are desired for worker's safety in Japan. A safety management
system using information technology (IT) has been proposed and developed in our laboratory in 2008. With the
development of the current information system, the safety management system began to attract attention to
people who manage safety at various work sites in Japan again. At the developing period of the management
system, we performed interview and subjective questionnaire as evaluation methods of the system from
Psychological point of view. However, we realized that the interview and the questionnaire did not present
objective, direct and quantitative change of work performance before and after the management system
introduction, because the interview and the questionnaire did not directly measure behavior of workers. We
realized that objective methods should be introduced in evaluation of the safety management system.
Now we newly established another safety management system named Supportive protective system
(SPS), which focuses on prevention of residual risks derived from human factors with combination of IT
equipment. From scientific point of view, prediction and control of human behavior, and quantitative evaluation
are indispensable for safety management using IT equipment. Under some experiments for evaluation of the
SPS, we found that behavior analysis, which is one of Psychological approach, was useful for measurement of
human behavior. Based on this indication, we propose that the essential meaning of using information and
communication technology in the field of industrial safety is not to increase the efficiency and safety of
operations but to predict and control human behaviors. We also propose that to realize this, theories in
psychology are required, specifically knowledge of behavior analysis.
Poster session 33
Trial Manufacturing of a Fail-Safe Interlock System for Pneumatic Systems
Nakamura M.1, Ino M.1, Mituhashi K.1, Sasaki T.1,
Hara K.1, Ichikawa O.1, Chiba M.1, Sujino T.2, Ishizuka T.3
1
Polytechnic University of Japan, 2-23-1, Ogawanishi-machi, Kodaira-shi, Tokyo 187-0035, Japan
2
Bergische Universität Wuppertal Gaußstr., 20, D-42119 Wuppertal, Germany
3
R&D Division, Sanwakouki Corporation, 12-2, Sanwa Bldg., Kandamikura, Chiyoda-ku,
Tokyo 108-0038, Japan
nakamura@uitec.ac.jp
sujino@uni-wuppertal.de
In general, pneumatic systems are widely used in various fields as high-output equipment because of their
higher density of power required for driving in comparison with electric motors, etc. However, various
components making up a pneumatic system have the potential to pose hazards to humans derived from container
burst, high-pressure air blowoff or broken piece or part scattering from air blowoff, all of which are due to
dangerous failure (error) resulted from their failure or improper pressure control.
To counter this problem, such an interlock system is proposed that can resolve the dangerous failure in
pneumatic driving systems (“Interlock System”) based on the principle of safety (confirmation).
In this research, such a pressure monitoring system is designed and manufactured on trial that can
monitor the behavior of pressure actually used for the Interlock System.
The pressure monitoring system is made up of a bourdon tube pressure gauge, a plate, a photointerrupter,
etc. In this system, which is a sensor, the curvature radius of the bourdon tube varies according to the change in
pressure, the plate, which is slit and attached to the bourdon tube pressure gauge, operates, and thereby the
behavior of pressure can be monitored (through the sight glass) to confirm the safety when pressure behaves.
With regard to the control method of the pressure monitoring sensor, after studying the photointerrupter
(analog control method) and the strain gauge (digital control method), it was decided to use the photointerrupter
(analog control method) for designing because of easiness to confirm the safety. After manufacturing a trial
model of the Interlock System, the plate is moved up/down manually between the upper and lower limit values
of the threshold of pressure by using an experiment device to check whether or not the change in pressure can be
detected by the change in the photointerrupter position, slit size, and curvature radius of the bourdon tube, and
also whether or not the output voltage of the photointerrupter can be shut off.
Failures in various components (air cylinder, flowrate control valve, electromagnetic direction control
valve, FRL unit) are reproduced and outputted to the experiment device, and several different failures are caused
to each component to confirm the operation of the Interlock System and verify the performance of the Interlock
System.
Poster session 34
A logical proof of halt-based safety developed with the hypothetical accident
Otsuka K.1, Sujino T.2, Hoshi T.1, Nakamura M.3, Sugimoto N.1
1
NagaokaUniversity of Technology, 1603-1 Kamitomioka, Nagaoka, Niigta, 940-2188 Japan
2
Bergische Universität Wuppertal Gaußstr.20, D-42119 Wuppertal, Germany
3
Polytechnic University of Japan 2-23-1 Ogawanishi-machi, Kodaira-shi, Tokyo, 187-0035 Japan
s145043@stn.nagaokaut.ac.jp
sujino@uni-wuppertal.de
houshi@vos.nagaokaut.ac.jp
nakamura@uitec.ac.jp
maconobo@est.hi-ho.ne.jp
Principally, an accident is not predictable, and the identification of its time will be almost impossible.
Nevertheless one can assume the possibility of the accident which might bring fatal harm in the future, towards
which one moves on intentionally by generating a new action. If the possibility of the accident is bound to the
area outside of the safe zone, specified by the state-of-the-art along with the time axis, a definitive safety
structure can be established starting from the hypothetical accident at the boundary of the recognized safe zone.
In this paper, specific safety zones, which are required to ensure the “halt before the accident”, along the
time axis, are defined as Sr, Se and Sc, the monitored safety providing the hypothetical accident, the qualified
safety deducting the time for halt before the hypothetical accident and the secured safety deducting the time for
preparation to stop, respectively. These specific safety zones shall have an unate logic.
In addition, operations required in each safety zones and defined by logical formula, are for work,
preparation and halt respectively. Evidence of safety will be proved by the structure of halt, extending over the
secured safety Sc but before the actual accident which could bring the actual harm.
Keywords: Confirmed safety, Operational safety, System safety, Safety structure
Poster session 35
Radio Wave Sensor System Which Enables Determination of Protective Separation
Distance
Kim E., Yamada Y., Okamoto S.
University of Nagoya – Furo-cho – Chikusa-ku – 464 8601 - Japan
kim.eugene@a.mbox.nagoya-u.ac.jp
yamada-yoji@mech.nagoya-u.ac.jp
okamoto-shogo@mech.nagoya-u.ac.jp
Safety functions to secure the safety of workers in the collaboration of human and robot are attracting
much attention nowadays. Among the safety functions described in ISO / TS 15066, the safety standard of
collaborative robots, a function of Speed and Separation Monitoring (SSM) is thought to enable collaboration
between human and robot through non-contact sensing. However, since the detection principles of safety-related
sensors until now have been strictly controlled based on the IEC 61496 series, the application of 3D sensors to
SSM has not been studied well. Here with the announcement of IEC/TS 62998 (safety-related sensors used for
protection of person) a new sensors using the various detection methods became available, and the safety
integrity level based on the detection performance of the sensor can now be verified.
On the other hand, current SSM still remains at a two-dimensional human detection level. Therefore, the
purpose of this study is to evaluate the uncertainty of the measurement error that satisfies the required safety
integrity level when using the 3D sensor. So far, the safety integrity level of the system has been interpreted from
a point of view of hardware and has been determined based on the probability of failure of the component.
However, this study evaluates the safety integrity level using measurement error based on performance of the
sensor. In addition, in order to improve the performance and reduce the uncertainty, the multiplexed safety
related sensor system (SRSS) was conducted.
This study, proposes a safety-related sensor that enables three-dimensional detection by introducing a
radio-frequency sensor which is widely used in car detection and medical applications. For Protective Separation
Distance in SSM, not only the position of human and robot but also velocity is an important parameter.
Nonetheless, the uncertainty of velocity detection is not yet discussed in the SSM. Therefore, an experiment was
carried out to find the uncertainties that satisfy the safety integrity level of the position and the speed, by use of
the radio wave sensor which can measure the position and the speed simultaneously implementing a FM-CW
method. Also, to satisfy the safety integrity level, a multiplexed radio wave sensor system was constructed.
Furthermore, an evaluation method based on performance of the sensor system was proposed.
Keywords: ISO/TS 15066, Human Robot Collaboration, Radio Wave Sensor, Speed and Separation Monitoring
Poster session 36
The Supportive Protective System (SPS) II.
Study on the Reliability of the Supportive Protective System (SPS) in Work Site of the
Integrated Manufacturing System (IMS) introducing a mobile robot
Matsui K.1, Hojo R.2, Itou H.1, Hamajima K.2, Umezaki S.2, Ohtsuka H.3, Fukuda T.4, Takahashi S.1, Shimizu S. 2
1
Nihon University – Narashinodai 7-24-1 – Funabashi city – Chiba Prefecture – 274-8501 –Japan
2
204-0024
3
ECSSA Consulting & Co – Shinkoiwa 3-4-1 505 – Katsushika ward – Tokyo – 124-0024 – Japan
4
Nagaoka University of Technology – Kamitomioka1603-1 – Nagaoka City – Niigata Prefecture – 940-2188 –
Japan
cskt14086@g.nihon-u.ac.jp (Matsui K)
hojo@h.jniosh.go.jp
cshi16002@g.nihon-u.ac.jp (Itou H)
h.otsuka_auto-id@air.ocn.ne.jp
t-fukuda@vos.nagaokaut.ac.jp
takahashi.sei@nihon-u.ac.jp
Nowadays, industrial accidents evoked by human factors are huge problem in Japan. As high-spec
protective devices are developed and installed on a single machine recently, the number of savior accidents has
been decreased in the last 20 years.
Since multiple machines are located in the work site of the integrated manufacturing system (IMS),
security measures depends on management by human. Under such condition, industrial accident by human factor
still occurs. Many accidents have occurred under these situations as follows;
A worker has mistakenly restarted because the worker could not recognize that another worker existed behind a
machine in the work site.
A worker has entered a prohibited work site.
A worker has touched the machine which was not allowed to operate without license.
We developed the supportive protective system (SPS) in our laboratory. The SPS was newly established
to reduce residual risks which are evoked by human factors. The validity of the SPS was examined in a virtual
IMS in our laboratory. The IMS had a mobile robot for transportation in the work site. In the present study, a
beacon sensor system was introduced to acquire information of worker’s location. As one of experimental
indices, we examined the usefulness of the beacon system for detecting worker's position. Information of
worker's position detection acquired by an UWB system, which was used in the previous study, and that by
beacon system was qualitatively compared. As a result, the information acquired by the UWB sensor system was
more precise than that of the beacon sensor system. On the other hand, beacon sensor would be useful to acquire
biometric information of workers such as pulse rate, body temperature, and posture, etc). In the further study, we
are planning to use devices that meet the need of the work sites.
Poster session 37
Evaluation of Residual Risk under Risk Reduction Rules for Using Collaborative Robots
Ikeda H., Saito T., Okabe K.
National Institute of Occupational Safety, Japan (JNIOSH) - 1-4-6, Umezono, Kiyose, Tokyo, Japan
ikeda@s.jniosh.go.jp
saitot@s.jniosh.go.jp
okabe@s.jniosh.go.jp
Collaborative robots sharing their working space with humans to work for them have many opportunities
of robot operation by humans. It should be realized that developers of collaborative robots take protective
measures for risk reduction, but these measures could exert influence on the usefulness of robot operation. If the
measures themselves are hard to use or pose a problem for robot operation, it is feared that the frequency of
using robots may become less or the protective measures may become ineffective. Since safety and usefulness
have a tendency to be contrary to each other as just described above, a balance should be kept properly between
safety and usefulness.
In view of the above, those factors which are in the trade-off relations with safety are summarized based
on the “Confirmation document of Safety Design and Specifications” prepared for collaborative robots, and the
optimization method is studied particularly on the usefulness of those factors.
For this purpose, the basic configuration of a human-robot collaboration system is discussed in the
“Confirmation document of Safety Design and Specifications” to promote the segmentation of respective roles
of humans and robots. Based on the segmented roles of humans and robots, the residual risk of robots is grasped,
and measures for risk reduction during robot operation are summarized. Also, by proclaiming an idea of trade-
off between safety and usefulness, risk mitigation from the robot user side is made possible.
To be specific, it is possible to express the effect of residual risk reduction worked on by a user in the
form of the factor of the “provision of information or means from the developer” multiplied by the “degree of
implementation of the measures by the user” and the “trade-off coefficient.” Involved in the degree of
implementation of the measures are sub-factors, such as the attentiveness maintenance, understanding depth and
proficiency level of the user and the environmental conditions. According to these sub-factors, the degree of
implementation of the measures prepared by the developer is determined. On the other hand, four different trade-
off coefficients are conceived: “influence on the usefulness,” “loss in robot capability” and “cost increment /
technical difficulty” as minus coefficients, and “consideration of benefit” as a plus coefficient. Furthermore,
“compensation” and “relief measures” may be included as plus coefficients. By applying the above rules, the
effect of the residual risk reduction worked on by robot users can be properly evaluated.
Key words: risk reduction, safe design, robot, collaborative safety
Poster session 38
Probabilistic Risk Analysis of Human-Robot Collaboration Using the Interference
Theory
Kirschner R.-J.1, Kim E.2, Yamada Y.2
1
Technical University of Chemnitz (TUC) – 62, Strasse der Nationen – 09111 Chemnitz – Germany
2
University of Nagoya – Furo-cho – Chikusa-ku – 464 8601 - Japan
robin-jeanne.kirschner@s2013.tu-chemnitz.de
kim.eugene@a.mbox.nagoya-u.ac.jp
yoji.yamada@mae.nagoya-u.ac.jp
Human Robot Collaboration (HRC) has become an increasingly important part of modern manufacturing.
As the powerful movement of a robot and its end-effector might cause injury to the human, consideration of the
safety of the worker is needed which is a reducing factor to the efficiency of the collaborative task. Recently a
safety standard has been launched (ISO/TS 15066). Amongst others, it covers the safety function of speed and
separation monitoring by demanding a protective separation distance (PSD) based on the velocity of human and
robot as well as the sensory attributes referring to stationary sensing devices.
Nevertheless, the trend in human presence sensing technology is building highly reliable safety sensors
mounted onto the robot that measure the actual distance between robot and human within a 3-dimensional area.
It is, therefore, necessary to consider those possible future workspaces and their safety issues. For this reason,
new perspectives on the safety issues within HRC are needed. In this paper the Interference Theory (IT) is used
for describing the safety issue in HRC and deriving the probability of a human intruding into a potentially
hazardous area of the robotic end-effector.
For an experiment, a possible future collaborative workspace was examined and under approval of the
ethical committee a total of 10 participants performed a collaborative task as workers. The movement of robot
and worker was recorded by using a motion capture system. The collaborative task was designed according to
the PSD. Assuming the further usability of ISO/TS 15066, a potentially hazardous area was calculated based on
the PSD. The smallest distance between human and robot was compared to this distance. Based on the
comparison, the probability of intrusion was calculated according to the maximum speed and stopping time of
the robot. This was done firstly by counting the occasions of intrusion and secondly be using the IT for
prediction.
Finally, it can be observed that the probability of intrusion is strongly related to the type of robot and its
stopping time. Using collaborative robots this probability is lower than 0.03%. This probability can be
understood as the probability of occurrence of harm within the task and should, therefore, be taken into account
for the speed and separation monitoring.
Keywords: ISO/TS 15066, Human Robot Collaboration, Interference Theory, Speed and Separation Monitoring
Poster session 39
Working equipments' safe design: two complementary tools to take into account real
working situations' variability
Daille-Lefèvre B.1, Lux A.1, Etienne A.2, Siadat A.2
1
– France
2
Ecole Nationale Supérieure des Arts et Métiers (ENSAM) – 4, rue Augustin Fresnel – 57078 Metz Cedex -
France
bruno.daille-lefevre@inrs.fr
aurelien.lux@inrs.fr
alain.etienne@ensam.eu
ali.siadat@ensam.eu
Working equipment’s safe design principles are described in the machinery directive and in the ISO EN
12100 standard. One of these principles is to take into account the machinery’s use, whether normal or abnormal
with respect to a standard process. To apply this concept of “integrated prevention“, designers need to have a
wide vision of future working situation in order to choose safety technical solutions adapted to the real worker’s
activities. By this way, designers could minimise workers bypass the prevention mesure
In this aim, INRS developed two complementary tools, based on the Need Functional Analysis (NFA)
and the Process Failure Modes and Effects Analysis (P-FMEA).
The first tool, useful for working equipment's specification step, is based on the functional analysis. The
aim of this tool is to support stakeholders in dynamic dialogue to define the information necessary for
implementing safe design principles. To do this, during the functional specification of the working equipment,
each function is completed by using the simple 5 W and H questions (Why, Who, What, Where, When and
How). By this way, the stakeholders’ answers describe not only the technical needs but also the use of the future
machinery. A description of an industrial trial will show the benefit of this tool to improve health and safety.
The second approach allows designers to take into account real working situations during P-FMEA
activities. Usually, only quality and performance points of view are discussed in these meetings. After a short
methodology explanation, an example will show how this tool can be helpful to bring occupational health and
safety point of view at this design step: users' return of experience (REX) is collected and variability versus
nominal process is identified. Then actions can be taken to reduce risks for operators.
With these two complementary tools, analysis scope is thus enlarged to review technical choices for each
function, at each process step, in order to give to operators manoeuver margins to cope with real situations'
variability.
Key-words: Design, Safety, NFA, FMEA
Poster session 40
An experimental evaluation of falling down damage using forearm mimics
Okabe K., Saito T., Ikeda H.
National Institute of Occupational Safety and Health, JAPAN (JNIOSH) – Umezono 1-4-6, Kiyose, Tokyo 204-
0024– Japan
Risks of falling down with wearable assist appartaus are discussed based on experimental evaluation
using Japanese women forearm mimics. Wearable devices such as power assist suites are expected to increase
activities and abilities in various industrial fields. Risks of falling in use of them, however, are not clarified yet.
To understand risks caused by the falling, impact damage to break forearm or hand are examined in this paper.
Affects of impact force are revealed in terms of kinetic energy.
Wrist injury called Colle’s fracture is famous for falling accidents. Workers sometimes get the fracture
when they slipped and put their hands on ground to prevent falling. Three or more months are wasted to repair
the injury in usual. Colle’s fracture is quite severe injury in terms of occupational safety. Wearable devices such
as power assist suite has a scarcity to increase the risk of getting the wrist injury. The mechanism of Colle’s
fracture, however, is not well known. It is still uncertain how to evaluate the risk of wrist injury due to wearable
devices.
Forearm mimics were created to examine the damage of impact force. They are developed based on a 3D
model calculated from Japanese women right forearm. The size of the mimic parts and their geometries are
correctly reproduced. Main part of the mimics are artificial bones. The artificial bone consists of two
components: cortical and cancellous as well as human bone. They are made from resin to reproduce the strength
of human bone.
Load breaking test using mimics reveals affects of impact force. Bone fracture of the mimic is regarded as
a criterion to show the damage of impact. Kinetic energy causing bone fracture is discussed in the breaking test.
A weight falls on forearm mimics that are fixed on a base. Falling height is changed in accordance with target
kinetic energy. The damages of kinetic energy 20J, 30J, 40J and 60J are evaluated. For example, a 5kg weight is
set above 0.41m from top of forearm mimic for the test condition of energy 20J. In the cases of upper energy
30J, a 15kg weight falls down on a mimic from 0.2m height.
The test showed that
1) Energy 20J is potential risk of bone fracture
2) Energy 30J is a risk of bone fracture.
3) Energy 40J is certain risk of bone fracture.
4) Energy 60J is obvious risk of bone fracture.
Keywords: Falling accident, Wearable device, Forearm injury, Bone fracture
Poster session 41
Investigation of evaluation method for bending strength of artificial bones simulated a
woman's upper-limb bones by using Finite Element Analysis
Yamaguchi A., Saito T., Ikeda H., Okabe K.
National Institute of Occupational Safety and Health, JAPAN (JNIOSH) – Kiyose – Tokyo – Japan
yamaguchi@s.jniosh.go.jp
Cooperative robots are required to operate in close contact with a cared person. I In additionally,
cooperative robots are required a high power to supporting the activity of cared person. Technologies and
standards that satisfies both the required specifications and the adequate safety has not yet been established in the
field of cooperative robots in Japan. Therefore, it is necessary to clarify a relationship between the load caused
by cooperative robots and the safety of human bone to establish technologies and standards for the field of
cooperative robots.
Recently, a lot of kinds for artificial bone is developed and investigated in order to establish the
technologies and standards for the field of cooperative robots, because it is difficult to use human bones due to
problems on ethics. Developed artificial bones has simulated the physical properties of human tissue. However,
mechanical properties of developed artificial bones is not clarified because an evaluation test for strength of
artificial bones or human bones has not been established. It is necessary to obtain the strength of artificial bone
by a strength test in order to investigate the reproducibility and validity of developed artificial bones.
In this study, first, the bending strength of artificial radius and artificial ulna is obtained by bending test.
The pieces of artificial radius and artificial ulna are 9 and 6, respectively. The bending strength of 4-directions
regarding the center axis direction of the artificial bones is obtained and it is shown that strength direction and
weakness direction for load on each artificial bones. And then, Finite Element Analysis (FEA) is used to estimate
the bending strength of artificial bones. An availability and an evaluation method for strength of artificial bone
by using FEA in field of cooperative robots is shown by comparing the strength of the artificial bone obtained by
experimental with that obtained by using FEA. Both obtained bending strength is agree well. In the evaluation by
FEA, it is shown that the cancellous bones does not contribute to strength of bones. Additionally, it is proposed
the new shapes of artificial bone for obtaining a bending strength of it.
Keywords: Artificial bone, Finite Element Analysis, Bending strength, for cooperative robots
Poster session 42
Analysis of machinery accidents in the food processing industry during the cleaning and
sanitation phases
Giraud L.1, Blaise J.-C.2, Tissot C.3
1
Institut de recherche Robert-Sauvé en santé et en sécurité du travail (IRSST) – 505, boul. De Maisonneuve
Ouest – Montréal (Québec) – H3A 3C2 – Canada
2
– France
3
Institut national de recherche et de sécurité (INRS) – 65, boulevard Richard Lenoir – 75011 Paris – France
giraud.laurent@irsst.qc.ca
jean-christophe.blaise@inrs.fr
claire.tissot@inrs.fr
In the food processing industry, the safety of production equipment is very important for the public
consumer safety. Regulatory cleaning and sanitation requirements, more and more stringent, expose workers to
risks connected to the machines because the machine operator must work on or disassemble the equipment. Most
of the time, guards and other protecting devices are removed to allow better access to moving parts and thus
ensure more effective cleaning, sanitation, and post-sanitation inspection. Thus, the food industry faces a
dilemma: allowing workers to access moving parts of machines to properly clean, sanitize, and inspect them and
thus expose workers to amputation, cuts and lacerations, struck-by, struck against, and caught in equipment
hazards; or not allowing workers to access moving parts hazards to ensure their safety, at the expense of health
risks for the consumer.
The overall objective of this research is therefore to carry out an exploratory study of the risks and means
of reducing them, in order to identify possible solutions to make the cleaning, sanitation, and machine inspection
phases more secure, while respecting the health requirements of the food processing industry.
As part of this research, an analysis of data available in France in the EPICEA database was conducted.
The selection of data to target the cleaning phases of the machines was done by coupling the variables "Activity
of the victim" / "Object of the activity" as well as the variables "Material factor at the origin of the harm" /
"Relation victim "/" Material factor ", which resulted in the selection of more than 60 accidents.
The results obtained show that night hours, accident on Saturday, certain specific machines and cleaning,
maintenance as well as several maintenance tasks are associated with cleaning accidents. Conversely, the
absence of night work, accident on Wednesday and other items are associated with non-cleaning accidents. In
addition, it was possible to identify in the text describing the accident the primary cause of accessibility to the
danger zone of the machine. When the machine is in operation, it appears that the three main causes of
accessibility are i) disassembly of parts of the machine, ii) access beside a protector or iii) access through the
material inlet or outlet openings of the machine. In the case of unintended/unexpected start-up, the main cause is
an action inside the danger zone on one of the machine sensors.
Keywords: Cleaning, Accident Analysis, Safety of machinery, Food-Safety
Poster session 43
Safety functions in pneumatic drive technology
Uppenkamp J.
Institute for Occupational Safety and Health of the German Social Accident Insurance (IFA)
U. 5.3: Protective Devices and control systems - Alte Heerstraße 111 - 53757 Sankt Augustin - Germany
juergen.uppenkamp@dguv.de
Like other drives, pneumatic drives on machinery must not present a danger to persons by causing
unexpected movements of machine parts. Where technical control measures are required to prevent this from
happening, safety functions for pneumatic drive technology are appropriate. Safety functions for electrical drive
controls, which are defined in IEC 61800-5-2, are now well established on the market and can be considered to
be the state of the art. Many drive manufacturers already make these safety functions, such as STO (safe torque
off) or SS1 (safe stop 1), available to the machine manufacturer with a Performance Level PL and a Category to
ISO 13849-1. Before now, these safety functions for electrical drives have not been "converted" to pneumatic
drives, and manufacturers and users have not therefore enjoyed the benefit of a "common language" for them.
Implementing the safety functions familiar from electrical drive technology in pneumatics is generally more
resource-intensive.
In conjunction with manufacturers of pneumatic components and the IFA, a working group in the Fluid
Power Association of the German Engineering Federation (VDMA) has drawn up a technical rule that transfers
concepts from electrical drive technology to the sphere of pneumatics.
Among the subjects described by the technical rule (Safety functions of regulated and unregulated (fluid)
mechanical systems, VDMA 24584) is the application of safety functions familiar from IEC 61800-5-2 to
pneumatics. This topic was addressed by an article in the March 2017 edition of O+P technical journal on the
subject of safety functions in pneumatic drive technology. In addition, the IFA has produced examples that are
intended to assist users of the technical rule in defining and implementing the safety functions typically required
on machinery. A practical guidance document on safety sub-functions in accordance with VDMA Technical
Rule 24584 contains two detailed examples of two-channel electro-pneumatic control systems, describing the
procedure and implementation of typical safety functions. In particular, it describes possible faults and failures
for the STO and SSC safety sub-functions, and provides information on measures for fault detection and fault
clearance.
Application of the technical rule and the examples delivers benefits for the development and design of
safety-related pneumatic machine controls. Manufacturers of the components and the OSH community also
benefit from the technical rule and the examples.
Keywords: pneumatic safety functions, machine control, safety sub-functions to IEC 61800-5-2, VDMA 24584
Poster session 44
A proposal to solve technical issues on ISO 13855 - Positioning of safeguards
Saito T., Ikeda H.
National Institute of Occupational Safety and Health, Japan (JNIOSH) – 1-4-6 Umezono, Kiyose, Tokyo - 204-
0024 – Japan
ISO 13855 is a Type B1 standard which provides the basic principle to determine the minimum distance
to a hazard zone from a detection zone or an actuating device of safeguard. Formulas and key parameters
specified in this document are being referred in many machine safety standards. However, there are some
technical issues could cause confusion for the readers. Significant examples of them are as follows:
(1) It is not sufficiently described how to determine the minimum distance for light curtains (or electro-
sensitive protective equipment employing active opto-electronic protective devices) when their detection
zones are angled to the direction of approach and considered as orthogonal to the approach. The minimum
distance in such cases is determined as a distance parallel to the direction of approach regardless of the
install angle of the detection zone in ISO 13855, but IEC 62046 explains it as a distance perpendicular to
the detection zone.
(2) The intrusion distance taken into account for the calculation of the minimum distance of light curtains
parallel to the direction of approach becomes 850mm when the height of the detection zone is 900mm or
more above the reference plane. However, the additional distance required to prevent reaching over a
vertical detection zone of light curtain when the height of its upper edge is between 900mm and 1000mm
needs to be longer than 850mm depending on the height of the hazard zone, that is, the intrusion distance
specified for parallel detection zones of light curtains could be insufficient.
(3) The minimum distances applied to light curtains and two-hand control device are not allowed to be less
than 100mm regardless of the overall system stopping performance, however, the reason for the distance
of 100mm is not explained.
(4) The minimum distance for interlocking guards is allowed to be determined by using the opening time
which is required to open the guard. Although the calculation shall start with the smallest part of the body
by which the hazard zone can be reached in accordance with ISO 13857, the safety distance given in the
standard is discontinuous and any interpolation of the values is not permitted. A concrete calculation
method taking the above into consideration should be described.
In this paper, these technical issues are discussed and the concrete ways to solve them are proposed.
These should be considered in the next systematic review of ISO 13855.
Keywords: International standard, Minimum distance, ISO 13855, Safeguards
Poster session 45
Online Activity Recognition for Automatic Ergonomics Assessment
Malaisé A., Maurice P., Colas F., Ivaldi S.
Université de Lorraine, CNRS, Inria, LORIA, F-54000 Nancy - France
adrien.malaise@inria.fr
We address the problem of recognizing the current activity performed by a human worker, providing an
information useful for automatic ergonomic evaluation of workstations for industrial applications. Traditional
ergonomic assessment methods rely on pen-and-paper worksheet, such as the Ergonomic Assessment Worksheet
(EAWS). Nowadays, there exists no tool to automatically estimate the ergonomics score from sensors (external
cameras or wearable sensors).
As the ergonomic evaluation depends of the activity that is being performed, the first step towards a fully
automatic ergonomic assessment is to automatically identify the different activities within an industrial task. To
address this problem, we propose a method based on wearable sensors and supervised learning based on Hidden
Markov Model (HMM). The activity recognition module works in two steps. First, the parameters of the model
are learned offline from observation based on both sensors, then in a second stage, the model can be used to
recognize the activity offline and online.
We apply our method to recognize the current activity of a worker during a series of tasks typical of the
manufacturing industry. We recorded 6 participants performing a sequence of tasks using wearable sensors.Two
systems were used: the MVN Link suit from Xsens and the e-glove from Emphasis Telematics. The first consists
of 17 wireless inertial sensors embedded in a lycra suit, and is used to track the whole-body motion. The second
is a glove that includes pressure sensors on fingertips, and finger flexion sensors. The motion capture data are
combined with the one from the glove and fed to our activity recognition model.
The tasks were designed to involve elements of EAWS such as load handling, screwing and manipulating
objects while in different static postures. The data are labeled following the EAWS categories such as “standing
bent forward”, “overhead work” or “kneeling”.
In terms of performances, the model is able to recognize the activities related to EAWS with 91% of
precision by using a small subset of features such as the vertical position of the center of mass, the velocity of
the center of mass and the angle of the L5S1 joint.
Keywords: Human Activity Recognition, Ergonomics, Wearable Sensors, Hidden Markov Model
Poster session 46
A digital human tool for guiding the ergonomic design of collaborative robots
Maurice P.1, Padois V.2, Measson Y.3, Bidaud P,2,4
1
2
Sorbonne Universités, UPMC Univ Paris 06, CNRS UMR 7222, Institut des Systèmes Intelligents et de Robotique,
F-75005, Paris, France
3
CEA, LIST, Interactive Robotics Laboratory, Gif-sur-Yvette, F-91191, France
4
ONERA, 91123 Palaiseau, France
The growing number of musculoskeletal disorders in industry could be addressed by the use of
collaborative robots, which allow the joint manipulation of objects by both a robot and a person. Efficiently
designing these robots requires to assess the ergonomic benefit they offer. Despite the advances in human
biomechanics and virtual human simulation tools, the existing software for ergonomic analyses remain ill-
adapted for collaborative robots design, because of the manikin animation techniques and the biomechanic
criteria that are measured.
We present a generic tool for performing detailed ergonomic assessments of activities including
collaborative robots. The proposed method relies on an evaluation carried out within a digital world, using a
virtual manikin to simulate the worker. The evaluation of the robot-worker system can thus easily be performed
throughout the whole design process.
Multiple ergonomic indicators are defined in order to exhaustively estimate the different biomechanical
demands which occur during manual activities. In order to simplify their interpretation, a sensitivity analysis is
conducted to extract relevant indicators which best summarize the overall ergonomic performance of the
considered activity, as well as identify the robot parameters which mainly affect this performance. For this,
multiple virtual human simulations of the activity - in which the manikin interacting with the collaborative robot
is animated with an optimization-based whole-body controller - are run to measure all the ergonomic indicators
for varying human and robot features. The relevant indicators resulting from this analysis can then be used to
easily compare different robots, or to automatically optimize certain design parameters of a robot.
The whole method is applied to the optimization of a robot morphology for assisting a drilling gesture.
The sensitivity analysis is performed on 28 ergonomic indicators with 8 different human and robot parameters,
resulting in a total of 8000 simulations. This analysis enables to reduce the number of ergonomic indicators to
consider in the optimization from 28 to only 3, hence facilitating the convergence of the optimization: robots
performing well on all 3 ergonomic objectives are produced with an evolutionary algorithm in about 150
generations. The comparison of the situations without assistance and with near-optimal robots shows some lack
of transparency in the robots, but a comparatively significant improvements in the force-related ergonomic
indicators. This result demonstrates the benefit of the optimized robots and thereby confirms the relevance of the
proposed approach to provide robot designers with interesting preliminary designs to be further worked on.
human movement.
Keywords: Collaborative Robots, Ergonomics, Digital Human Simulation, Sensitivity Analysis
Poster session 47
Implementation, risk assessment and safety human/robot interaction of collaborative
robot UR10
Menges B.1,2, Sarrey M.1, Henaff P.2
1
Saint-Gobain PAM, Technocentre, Les Longues Raies, BP 109, 54704 PONT.A.MOUSSON Cedex, France
2
Université́ de Lorraine, CNRS, LORIA, F-54000 Nancy, France
baptiste.menges@saint-gobain.com
Michael.SM.Sarrey@saint-gobain.com
patrick.henaff@loria.fr
Collaborative robotics is an increasingly emerging subject in industrial environments. This presentation

concerns the integration of a collaborative robot (cobot) in a very hard steel environment, that very uncommon
integration.
Saint-Gobain products ductile iron pipes for water conveyance by centrifugation process with a casting
machine. Dust, high temperature, vibrations and high noise level are conditions qualifying this kind of the steel
production environment that the robot must undergo to perform its tasks and helping the human operator.
In Fr ance, to integrate a cobot, we have no national recommendation, so it’s necessary to refer to the
European conformity (CE) and on the currently standards (ISO 10218:1 and ISO 15066) during the
development, for setting the security laws (power and speed) and the other safety options.
The aim of the presented project is to reduce the musculoskeletal disorders of the operator by assigning
to the cobot the tasks requiring strength, precision and repetition, and to free up more time for the operator to
quality control and his added values.
Through the risks assessment, hazardous situations were evaluated and some safety adaptations were
developed and added on the installation, especially about the cobot gripper with the INRS (French national
institute of safety at work).
Owing to environment, some mechanical and workspace adaptations had to be integrated like fireproof
cover to protect the cobot against the liquid iron splash and a ventilation to blown a fresh air inside the cover to
protect the cobot motors against the heat sources of the plants.
First results are encouraging, the cobot working in the plant with the operator for 15 months (with
several stops). Operators are enthusiasm to have a robot that help them and are delighted to participate to the
integration of new technologies into “their old plant”. Collaborative robot brings them ergonomic benefits, many
risked postures of musculoskeletal disorders (MSD) are avoided.
Second main result is that fears of operators do not come from the collaborative robot but rather to work
closer to the casting machine with hot ductile iron.
Despite a low maturity of human/robot collaboration in industrial applications in a hard environment, the
final integration is successful, with several difficulties of integration (heat, conformity). Skills and experiences
have been won through this project and it's a good step for the collaborative robotics.
Keywords: Collaborative robotic, human/robot interaction, industrial integration, function safety
Poster session 48
Challenges of measuring physiological parameters as indicators of cognitive load
in the context of human-machine interfaces
Zreda-Żołnierczyk D., Nowak K., Mockałło Z., Szczepański G., Podgórski D.
Central Institute for Labour Protection - National Research Institute, Warsaw - Poland
kanow@ciop.pl
The rapid development of modern technologies allows for the improvement of the efficiency and speed in
the production of high quality products. High level of automation in manufacturing increased the productivity,
however the operation of modern machines often requires many complex activities for an efficient interaction
with the interface. This results in a high cognitive demand, especially in relation to elderly, unexperienced or
disabled operators. This may influence not only the worker efficiency but also health and well-being of
employees. The aim of the INCLUSIVE project is to address this issue by developing a new concept of user-
machine interactions, in which the behaviour of the automated systems adapts to human capabilities.
The present study focused on the possibility of the assessment of cognitive load using various subjective
(NASA-TLX scale), behavioural (error rate) and physiological measurements (heart rate, electrodermal activity,
skin, temperature, electroencephalography). The task carried out in this study required solving mathematical
problems at 5 difficulty levels. Although the results showed a significant increase of subjective workload, which
was paralleled by an increasing error rate, we found significant differences only in one physiological parameter,
i.e. the electrodermal activity was significantly higher in the most difficult condition (level 5) in comparison to
the easiest one (level 1).
Key words: human-machine interface, physiological measurements, cognitive load, human factors
Poster session 49
Development of a VR based qualification module in trainings on risk assessments
according to the EU Directive on Safety of Machinery
Gomoll K., Nickel P.
Institute for Occupational Safety and Health of the German Social Accident Insurance (IFA) – Alte Heerstraße
111 – D-53757 Sankt Augustin – Germany
katrin.gomoll@dguv.de
peter.nickel@dguv.de
According to the EU Directive on Safety of Machinery it is mandatory to perform risk assessments before
machinery is placed on the European market and put into service. This is of special importance with operating
sites using various machines and often chaining up machines into production processes. The latter is challenging,
since the operating company may become the manufacturer of a new machine according to the EU Directive. For
these reasons, there is an increasing demand on how to take into account OSH requirements for all scenarios
with machinery use by manufacturing and operating companies.
As recent research on training requirements indicated for the shop floor level theoretical knowledge
improves when learning is integrated in practical situations. Therefore, and to better support training courses on
risk assessments an accident insurance institution asked the IFA to include a machinery model as a simulation
environment, i.e. using virtual reality as a simulation technique and method to improve learning in OSH
trainings.
A project group has been set up including members of the IFA Human-System-Interaction Group for adapting an
existing training concept and integrating simulated machinery and students from the University of Applied
Sciences Koblenz for virtual reality development using Unity as a VR software system. The approach chosen is
the structured development of virtual environment (SDVE), including project definition, requirement analysis,
specifications, training concept, programming and evaluation.
Translation of the SDVE into the current project is presented and implementation so far consists of
project description (e.g. aims and definitions), requirement analyses (e.g. user and task analyses) and
specifications (e.g. personas, story board). Existing training manuals have been modified to integrate the VR
based module and to meet didactic requirements.
A draft model of generic machinery has already been developed in VR. The model allows inspecting
machinery in 1:1 scale using different media for VR presentation (e.g. HMD and wall projection). In addition,
examples providing an insight into human-system interaction processes for risk assessment training have been
introduced; i.e. using a safety stop, setting up a light curtain, and placing a tunnel to avoid access to hazardous
areas in the feed of the machinery.
The project is still in the process of the SDVE in order to support risk assessment training, trainer needs
and trainee activities during training. The SDVE is suitable for similar VR projects.
Keywords: risk assessment, training, structured development, virtual reality
Poster session 50
Make risk assessments early on serve important and different purposes
Nickel P.1, Janning M.2, Pröger E.3, Wachholz T.4, Lungfiel A.1
1
Institute for Occupational Safety and Health of the German Social Accident Insurance (IFA) – Alte Heerstraße
111 – D-53757 Sankt Augustin – Germany
2
German Social Accident Insurance Institution of the Federal Government and for the Railway Services (UVB)
– Cheruskerring 11 – D-48147 Münster – Germany
3
Federal Waterways and Shipping Administration (GDWS) – Mainzer Straße 20 – D-56068 Koblenz – Germany
4
Federal Waterways and Shipping Administration (GDWS) – Am Waterlooplatz 5 – D-30169 Hannover –
Germany
peter.nickel@dguv.de
Future work systems often are characterised as becoming more interactive, dynamic, and flexible.
Occupational safety and health (OSH) therefore has a growing interest in prospective assessments of hazards and
risks to enable early design improvements in machinery development and working conditions according to legal
and ergonomic requirements. In the German transport sector high priority is given to standardisation of river lock
design since it has the potential to expand transport resources, reduce costs across the life cycle, and improve
OSH. The latter is seen most effective early in design, because re-design due to safety and health issues would be
resource-demanding, if not impossible, when river lock construction has already been completed.
A dynamic VR planning model is therefore being developed based on planning information and technical
drawings available for a river lock under construction and for different layout options of standardisation in river
lock design. Risk assessments commissioned to engineering consultants will be performed for layout options of
standardised river locks presented in scale 1:1. Assessments will refer to about 70 scenarios applied to a
functional virtual river lock for upstream and downstream locking of different barges and pushers of up to 185
m. In addition, maintenance activities across the life cycle can be demonstrated and assessed such as inspection
of sliding-panels or replacing lock gates using truck-mounted cranes. With a view to EU Machinery Directive
scenarios mainly address aft and head of the river lock will be considered in the risk assessment and will cover
potential human interaction with mechanical and construction engineering parts of the machinery. With a view to
EU OSH Framework Directive the focus will be on maintenance operations with several operators involved (e.g.
draining of river lock and gate maintenance) and on human safety issues with regard to the lock superstructure
(e.g. guard railing, lightning repair). Assessments will also feed safety plan documentation requirements
according to the EU Construction Site Directive.
Modelling is already in the phase of minor adjustments. Results obtained during project preparations and
from risk assessments will serve the development of measures for risk reduction. All results will be fed back to
the standardisation committee at GDWS to update construction and OSH requirements. Results will also go to
planning organisations assigned to future river locks. In addition, template procedures available at GDWS for
performing risk assessments and safety and health plans according to EU Directives will be developed and
updated.
Keywords: Risk Assessment, EU Machinery Directive, EU OSH Framework Directive, EU Construction Site
Directive, Virtual Reality
Poster session 51
Practical application and experience: Tool for the safety of industrial machinery in
reduced risk conditions
Aucourt B.1, Chinniah Y.1, Jocelyn S.2, Bourbonnière R.3
1
Department of Mathematical and Industrial Engineering, Polytechnique Montréal, 2500 chemin de
Polytechnique, Montreal, Quebec, Canada H3T 1J4
2
Institut de recherche Robert-Sauvé en santé et en sécurité du travail (IRSST), 505 de Maisonneuve Blvd. West,
Montreal, Quebec, Canada H3A 3C2
3
Consultation Réal Bourbonnière, 58, rue de la Crête, Orford, Québec, J1X 0C5
barthelemy.aucourt@polymtl.ca
yuvin.chinniah@polymtl.ca
sabjoc@irsst.qc.ca
real@realbourbonniere.com
Industrial machines are known to possess many hazards such as mechanical, electrical, thermal, chemical,
noise, vibration and ergonomics hazards. One machine safety design requirement found in the machinery
directive in Europe, national or provincial legislation in North America, as well as national and international
safety of machinery standards is the control mode for maintenance when guard or protective device has to be
displaced or removed. One of the conditions is that the control mode permits operation of the hazardous
elements only in reduced risk conditions. This condition presents some challenges to designers and users alike.
What are considered reduced risk conditions is open to interpretation. The objective of this tool is to help
identify values for safe reduced speed, safe kinetic energy and safe contact pressure obtained from a previous
study. Values from the literature and from enterprises were obtained and the factors influencing the choice of
values were investigated in a previous study. The guide provides values for reduced speeds, force, energy,
contact pressures, which varied widely. In the previous study, industrial visits showed that enterprises use
reduced speeds by switching to the reduced speed mode of operation without applying the other required
conditions. Machines were modified to incorporate this mode of operation indicating some design problems.
Some factors were identified which could guide the choice of values when the information is missing from
standards or other documents. When a safety standard exists for a particular machine and that the values are
specified in the standard, designers and users can use those values. However, if the machine has no safety
standard, a risk assessment is needed before deciding which values to use. This practical guide will help
designers and users of industrial machines for the safety of industrial machinery in reduced risk conditions and is
presented in this paper.
Poster session 52
Normative surveillance for Occupational Safety and Health
Kieckbusch R.E.1, Santos A.C.2, Souza, L.W3
1
National Confederation of Industry - Brazil (CNI) – SBN - Quadra 1 - Bloco C, Ed. Roberto Simonsen, Brasília
– DF, CEP 70040-903 - Brazil
2
Brasilia University (UnB) – Universidade de Brasília- UnB - Faculdade de Tecnologia - Laboratório Aberto de
Brasilia - Campus Darcy Ribeiro Asa Norte - Brasília DF, CEP 70904-970 - Brazil
3
Brasilia University (UnB) – Universidade de Brasília- UnB - Faculdade de Tecnologia – Laboratório Aberto de
Brasilia - Campus Darcy Ribeiro Asa Norte - Brasília DF, CEP 70904-970 - Brazil
rkieck@cni.com.br
andreasantos@unb.br
luandawaleska@gmail.com
Normative surveillance is to accompany the drafting and revision of legal standards and it’s useful to
companies intending to anticipate imminent changes in legislation. With the application of the environmental
scanning, normative vigilance can lead to the gain of competitive advantage, because it allows the proper risk
management. This practice is applicable to product planning, that is the initial stage of the product development.
In this stage, which is subject to uncertainties, the legislation that determines the project must be considered,
including Safety and Health at Work standards. So, an exploratory research was carried out, with bibliographical
survey mostly virtual, in order to elucidate the regulation of Occupational Safety and Health in different
countries and its use in the product planning. The countries were chosen according to the value of Gross
Domestic Product. The information necessary for the development of this work was extracted from the database
of the International Labor Organization and the official electronic websites of the countries enabled. Then, the
normative procedures, the regulated risks and the ratified conventions regarding occupational safety for the
countries analysed were explained and compared. The main data were available only for United States, Brazil,
Canada and Mexico. Among these, Brazil is the country in which the time for adaptation to changes in labour
regulatory norms is smaller and it is also the country in which more changes of such norms occurred in the last
ten years.
Poster session 53
A simulation based approach for work system compatibility assessment using time
allowances
El Mouayni I.2, Etienne A.2, Lux A.1, Siadat A.2, Dantan J-Y.2
1
– France
2
ENSAM, Ecole Nationale Supérieur des Arts et Métiers 4, rue Augustin Fresnel - 57078 Metz - Cedex 3,
France
Ismail.elmouayni@ensam.eu
Work system compatibility refers to the adequacy between the working activity and the worker’s
characteristics. Ensuring this compatibility is paramount to have a sustained productivity and to reduce risk
factors related to unbalanced work situations, where job demands exceed the worker’s capacity.
The work system compatibility depends on several factors. The most relevant ones are organisation (work
content, system layout, breaks planning…), means (machines, tools, technology…) and the work environment
such as uncertainty and randomness. When combined with human factors such as fatigue and learning, these
aspects cause variability in the work situation leading to incompatibility which encompasses several risks.
Previous works gives guidance regarding the work system compatibility in form of rules which aim to
optimize the human performance in the system. Nevertheless, these approaches remain philosophical and cannot
be applied in a holistic manner during the work system design phases.
This paper proposes a new complementary and numerical approach for work system compatibility
assessment during design phases using the concept of time allowances. These allowances give operators the
possibility to cope with variabilities leading to a better compatibility. To achieve this, the article proposes an
indicator to assess the time allowances with consideration of contingencies in the system. This indicator is
combined with an agent based simulation model to assess work system compatibility. To uphold the paper’s
proposal, the proposed model is used to simulate and to compare two production system configurations to select
the one ensuring better work system compatibility.
Keywords: work system compatibility, human factors, simulation model, time allowances
Poster session 54
Session 5
Safety of machinery
55
Challenges during the risk assessment of large intelligent logistic storage system
Hongbin L.1, Taiwei L.2, Junmei H.3
1
TÜV SÜD Certification and Testing (China) Co., Ltd. – Unit 2202B– Guangfa Financial Plaza – No.40
Shandong Road – 266071 Qingdao – P.R. China
2
TÜV SÜD Certification and Testing (China) Co., Ltd. – M Building – No.7 Wangjing Zhonghuan Nanlu–
Chaoyang District – 100102 Beijing – P.R. China
3
Qingdao National Laboratory for Marine Science and Technology – No.1 Wenhai Road – Aoshanwei Jimo –
266237 Qingdao – P.R. China
hongbin.liu@tuv-sud.cn
taiwei.li@tuv-sud.cn
jmhan@qnlm.ac
In the globalized economy, rapid response for inconstant customer demands plays key role especially for
e-business. The speed and accuracy movement of cargos is essential to the development of company, e.g.
Alibaba, amazon. According to the statistics, on average, 1 billion packages need to be processed every day by
Alibaba in China. Supporting the efficient packages transportation is the large intelligent logistic storage system.
The system described in this paper is mainly consisted of rail guided vehicle (RGV), automatic
warehouse (storage rack), automatic transportation system (chain conveyor and roller conveyor), stackers, pallet
lifts, logistic control and management system. Real-time information from buyer to control system, RGV,
stackers, pallet lifts and inventories realize high efficient service.
Considering its large and complicacy, the whole system is divided into ten areas based on its function. For
each area, every operation including foreseen maloperation is analysed combined with EN ISO 13849-1 and EN
62061 for control systems. After identifying safety function, based on the risk level matrix, determining related
devices quantity and position which are summarized in safety interlock matrix, and then finish safety hardware
architecture diagram.
Simultaneously, the materials in the storage system is liquid spice which is flammable, that means
explosion safety also need to be considered. Besides explosion proof electrical equipment, installation, wiring,
some key mechanical components are also analysed to avoid sparks, heat and any valid ignition sources.
This paper examines the main hazards associated with the intelligent logistic system during the phases of
its life cycle. Risk assessment is followed by risk reduction which summarizes the iterative process for
eliminating hazards as far as possible and for implementing safety measures.
Keywords: Intelligent logistic system, risk assessment, EN ISO 13849, explosion
Session 5 – Safety of machinery 56

Impact of changes in machinery during use: toward a forecast of dangerous situations?
Lamy P., Perrin N.
Institut national de recherche et de sécurité (INRS) – 1, rue du Morvan – CS 60027 – 54519 Vandoeuvre Cedex
– France
pascal.lamy@inrs.fr
nellie.perrin@inrs.fr
Dysfunctions during the use of a machine or an automated system in production, for example
when a machined work piece gets stuck or when the raw material blocks, can disturb the nominal
functioning of the production. Some of them can be due, for example, to wear and tear. The operator, to
compensate for the loss of production, to recup the lost can intervene with the machinery further to this
dysfunction and put himself in a hazardous situation.
We want to see if it is possible to prevent such hazardous situations arising and to anticipate them
or even to predict. We propose an approach based on the method of observing the activity which allows
us to make a link between production hazards, the results of changes made by the operator and the
associated risks. This four step approach uses expertise to determine dangerous scenarios that lead to
hazards and to perform a risk analysis. This approach was applied to an industrial case, which allows us
to verify its feasibility.
In a desire to automate and to predict the possibility of such dangerous situations arising, we shall
clarify the envisaged perspectives in three steps. The first step is the modelling of the working situation
including the interactions between machinery, environment, product and operator. The second step is a
dysfunctional analysis of these interactions which can have an impact on the production; this phase
contains also a risk analysis to determine the hazardous situations. The third and last step is the definition
of the monitoring to be set up, monitoring which should use technical data stemming from production and
machinery.
Keywords: violation, detection, ergonomic approach, machine

A study on safety requirements for brake systems of the mechanical servo presses
Hata Y.1, Saito T.2
1
Japan Forming Machinery Association (JFMA) – Kikaishinko Bldg. 3-5-8 Shibakoen, Minato-ku, Tokyo -
105-0011 – Japan
2
National Institute of Occupational Safety and Health, Japan (JNIOSH) – 1-4-6 Umezono, Kiyose, Tokyo -
204-0024 – Japan
uhh03796@nifty.com
Establishment of the international safety standard ISO 16092-2 of the mechanical power press machine
(or mechanical press) is progressing.
In the conventional mechanical presses, for the start and stop functions of the presses, the clutch and
brake system operated by air or hydraulic valves is utilized and the safety-related control system is established as
the system to control these valves (refer to EN692, ANSI B11.1).However, unlike the mechanical press, various
stop control mechanisms are adopted in the mechanical servo press (or servo press) which began to spread since
around A.D.2000.
Although the start control mechanisms of the servo press are realized by mechanical connection to the
servo motor directly or through a belt, the stop control mechanisms of the servo press are provided as
combinations of mechanical brake(s) and a stop control system of servo motor. And the various types of
mechanical brake such as those which use air or hydraulic valves or electromagnetic brakes are adopted in
addition to the servo drive control to stop the servo motor.
For this reason, the safety requirements for each stop control mechanism of the servo press are also
various in each country, and therefore, it becomes a problem that the common validity of each requirement is not
clearly shown.
The purposes of this paper are to classify various stop control mechanisms of the servo presses which are
composed of the different servo motor control and the different mechanical brakes and to clarify the risk
generated by each stop control mechanism. Furthermore, common safety requirements for the stop control
mechanisms to be used as effective risk reduction measures and to maintain their stopping performances are
described. Common validity check requirements are also discussed.
The results of the above consideration will be expected to contribute to the establishment of the
international safety standard ISO16092-2.
Keywords: Servo press, Stop control mechanism, Mechanical brake, ISO16092

Revision of ISO 13855
Görnemann O.
SICK A.G. Erwin-Sick-Str. 1 – D - 79183 Waldkirch - Germany
otto.goernemann@sick.de
Protective devices are widely used in modern machinery. The application of digital technologies in the
manufacturing sector – within the frame of differently named projects like Industry 4.0, Smart Manufacturing.
Industry 2015 etc. – will speed up the increasing numbers of machines in which such devices are providing
safeguarding functions.
The application of up to date technologies in manufacturing will increase the interaction between Men &
Machine this also increasing the physical and psychological stresses. Nevertheless such increased interaction
may also solve some of the problems arising from an aging society. Nevertheless, the resulting higher flexibility
of future manufacturing will also lead to a higher degree of complexity and unpredictability. Additional risks
will also arise from the increasing interaction, interconnectivity and possible vulnerability of the manufacturing
systems
Typical areas in which the application of digital technologies changes the workplace are logistics and
robotics. While in the logistics branch the transport of goods is changing from fixed equipment to more flexible
mobile transport platforms, the developments in robotic technologies may allow close interaction between
humans and machines.
Regarding this close collaboration, the actual technologies are based in the limitation of speed and force,
which allows this close collaboration but restricts the possible practical application in industry. The need for
close interaction does not match with the classic way to safeguard persons from the hazards derived from the
speed, agility and force of machines.
The application of protective devices to control machine hazards relies very often upon the timely
detection of persons or situations and the reaction time of control systems, and therefore proper positioning and
dimensioning of detection fields is required for their application. ISO 13855 is the existing International
Standard for the determination of size and position of such detection fields for safeguarding applications in
machinery. Since published in 2010, a revision has been requested and started within ISO/TC199, in order to
synchronize the standard to the actual state of the art and the upcoming requirements of the application of digital
technologies. The contribution presents some ideas for the possible items which can be improved and added
within the future revision of ISO 13855, like dynamic minimum distances, according to speed and trajectories of
humans and machines, the avoidance of reaching under, over and around protective devices to reach control
elements, etc.
Key words: safety, machinery, safeguarding, minimum distances, ESPE

Session 6
Experiences / Practical applications
60
Serious and fatal accidents caused by mobile machinery in Quebec: More prevention is
needed
Burlet-Vienney D.1, Chinniah Y.2, Belmekki T.2, Aucourt B.2, Ouali M.-S.2
1
Ouest – Montréal (Québec) – H3A 3C2 – Canada
2
Polytechnique Montréal – University of Montreal, P.O Box. 6079, Station Centre-ville – Montréal (Québec) –
H3C 3A7 – Canada
dambur@irsst.qc.ca
yuvin.chinniah@polymtl.ca
taha.belmekki@gmail.com
barthelemy.aucourt@polymtl.ca
msouali@polymtl.ca
Mobile machinery is often raised as an issue by national occupational fatality statistics. However, no
exhaustive and qualitative analysis of accident reports on mobile machinery as a group is available, as compared
to stationary machinery. The objective of this paper is therefore to analyse reports of serious and fatal accidents
caused by mobile machinery in the province of Quebec where data on stationary machinery have already been
examined. The outcomes are identification of the common factors of mobile machinery related accidents,
comparison with stationary machine statistics and targeted prevention actions.
All the investigation reports for serious and fatal accidents occurring between 2000 and 2013 were
analysed. Road accidents were not included. 35% of the investigation reports were retained over the period (281
reports) for an annual average of more than 18 fatalities caused by mobile machinery in Quebec. This represents
25% of work-related fatalities and a rate of 0.45 fatalities per 100,000 workers. Buildings and Public Works is
the sector most affected (31%) and road transportation equipment (e.g., dump trucks, tow trucks) is the type most
involved in accidents (33%). Regular operation-related accidents account for 77% of the total.
Over the study period, mobile machinery caused annually three times more fatal accidents than stationary
machinery in Quebec, and involved experienced workers and regular operations in a larger proportion. Accident
reports also revealed types of accidents specific to mobile machinery as a group, as compared to stationary
machinery such as runover (in operation and in maintenance), rollover, contact with power lines, loads falling
and presence of gravitational energy during maintenance.
Such risks on mobile machinery are not new. The problem seems to lie mainly in the non-application of
existing prevention principles. For example, supervision and respect of safety procedures are more difficult to
enforce due to the mobility of equipment. Moreover, mobile machinery is often excluded by companies during
risk assessment and control of hazardous energy methods. Given the statistics, mobile equipment as a group
should be targeted by labour inspectors and companies in Quebec as it was done for stationary machinery 10 to
15 years ago. Driving, lifting, environment, trip and fall and maintenance issues should be addressed in priority.
More research is still needed in the integration of innovative technologies in real applications in order to reduce
risk. Examples include driving assistance technologies, remotely controlled and autonomous vehicles such as
tractors, mobile robots, self-driving vehicles and drones.
Keywords: Mobile machinery; Accidents; Safety of machinery; Practical applications and experience.
Session 6 – Experiences / Practical applications 61

Safety Assessor Qualification Impact and Influence in Thailand
Patiphon K.1, Hiroo K.2
1
Technology Promotion Association (Thailand-Japan) (TPA) – 534/4 Soi Pattanakarn 18, Pattanakarn Rd.,
Suanluang - Bangkok - Thailand
2
Nippon Electric Control Equipment Industries Association(NECA) – 1-17 Hamamatsucho 2chome, Minato-ku
- Tokyo - Japan /Mitsubishi Electric Corp. – 8-1-1 Tsukaguchi-Honmachi, Amagasaki - Hyogo - Japan
patiphon@tpa.or.th
Kanamaru.Hiroo@db.MitsubishiElectric.co.jp
Thai government which has been promoting safety in factories in Thailand formulated the Occupational
Safety Act in 2012. The measures are centred on the occupational safety and health management (OSHM) by a
safety officer. However, technical measures for safety machineries are not advanced due to lack of safety
engineers. Therefore, there are a lot of unsafe machines still in use in factories.
The Safety Assessor Qualification system (SAQ) which is operated by Nippon Electric Control
Equipment Association (NECA) is well-known in the world as the training curriculum for safety engineers.
Therefore, TPA has introduced SAQ from Japan with backup of Ministry of Economy, Trade and Industry of
Japan, and started SAQ in Thailand in 2016. In this year, the upper level Safety Assessor Course who can design
risk reduction measures to the machine will be started.
So far 178 companies, 631 persons have been qualified as Safety Basic Assessor and Safety Sub
Assessor. In order to know their safety contributions in their factories, we have interviewed to the qualified
persons. As the result of interview:
- Performed risk assessment of machinery = 75%
- Implemented technical risk reduction measures to the machine = 75%
- Going to increase safety qualified personnel = 100%
It shows that almost safety qualified people have contributed to the machinery safety in each company in
a short term. To achieve a safety machinery, risk assessment and risk reduction with ISO 12100 are important.
They succeeded to show their training is effectible and useful. Therefore, the management board of each
company understand it and want to increase the safety qualified personnel. From the interviews, we find that a
machine industry related automotive is active to SAQ training.
The reasonable safety measures designed with ISO/IEC standards can achieve safe and high-productivity
machinery. The safety engineers trained by SAQ impact to machinery safety in factory and influence to top
management of companies. SAQ will be attentional much more in Thailand. And expansion of the SAQ will
promote the safety improvement of Thai industry in the future.
In this paper, we describe the how to introduce SAQ in Thailand, and the analysis of the interview to the
safety qualified persons.
Keywords: Safety Assessor Qualification, Training and Education, Risk Assessment, Personnel Competency

Framework for Occupational Safety and Health: the eSocial
Kieckbusch R.E.1, Santos A.C.2
1
National Confederation of Industry - Brazil (CNI) – SBN - Quadra 1 - Bloco C, Ed. Roberto Simonsen, Brasília
– DF, CEP 70040-903 - Brazil
2
Brasilia University (UnB) – Universidade de Brasília- UnB - Faculdade de Tecnologia - Núcleo de Engenharia
de Produção - Campus Darcy Ribeiro Asa Norte - Brasília DF, CEP 70904-970 - Brazil
rkieck@cni.com.br
andreasantos@unb.br
Since 1970, the Brazilian government has promoted changes in legislation in order to impose on
companies to reduce workplace accidents. During this period, work accidents decreased from 147.4 per thousand
workers to 12.5 in 2019. Until then, the obligations imposed by the government were for specific areas of
companies, lacking a systemic view of the business. Labour information (contract of employment, occupational
hazards in the workplace, etc.), social security (compulsory charges, accident insurance, etc.) tax on the hiring
and use of labour by were passed on to different supervisory boards and control by different functional areas of
business. Currently, there is provision of duplicate data, the need for separate deliveries controls, regulatory
conflicts between government regulatory agencies and the use of paper forms. In 2013, government
organizations announced a new joint initiative called eSocial. The eSocial is to establish a single electronic form,
that is, initiatives and legal obligations implemented in recent decades would become unified and provided in
electronic form by the companies in a single platform. The purpose of this article is to present a framework of
information system for occupational health and safety (eSocial). To build the framework interviews have
conducted with companies, organizations of employers and workers, specialists, developers of software
management, promoted meetings and discussions with government entities. As a means of validation, a
deployment case study has conducted in a large company that has demonstrated the importance of redesigning
business processes, definition of monitoring indicators, the role of leaders and managers, as well as their
responsibilities, and the adoption of an integrated approach between functional areas of safety and occupational
health. Among the difficulties were resistance in the formation of collaborative teams, adoption of a single table
of occupational risk factors that include health and safety, criteria for medical confidentiality guarantee, among
others. The forecast of mandatory eSocial will be from 2018, involving five government agencies, where 7
million companies will submit data on occupational health and safety of 48 million workers.

Analysis of 141 serious and fatal machine accidents occurring in Quebec between 2011
and 2015
Giraud L.1, Desmarais L.2, Hébert R.2
1
Ouest – Montréal (Québec) - H3A 3C2 - Canada
2
Université de Sherbrooke – École de Gestion – 2500, boulevard de l'Université – Sherbrooke (Québec) - J1K
2R1 - Canada
giraud.laurent@irsst.qc.ca
lise.desmarais@usherbrooke.ca
rachele.hebert@usherbrooke.ca
Accidents involving machines (3552 in 2011 without the construction sector) and deaths (7 in 2011) are
still very numerous in Québec, although they have been declining for several years. These accidents occur during
all phases of life's machine, from its initial installation to its dismantling, and especially during the main phases
that are the use of the machine, the maintenance of the machine, as well as during the transitional phases, such as
commissioning, shut downing or restarting.
To prevent accidents with machines, it is necessary to know the different causes that cause them, the
moment of their occurrence and the associated task. However, the statistical data currently available in Quebec
do not allow to know the task performed during the accident. It is then impossible to differentiate accidents with
the machine that occur during it use for production from those that occur during its maintenance. To compensate
for this lack of data, a research is underway on accidents occurring between 2011 and 2016 in Quebec in five
sectors: forestry and pulp and paper, mining, agriculture, metal products manufacturing and transportation
equipment manufacturing.
A total of 2053 accidents were identified, along with 141 reports of serious and fatal accidents occurring
between 2011 and 2015 in relation to machines in all sectors. These reports concern as much the accidents which
occurred with fixed machines (tower) as with machines with fixed station (rock drilling machine with wheels) or
with mobile machines (forklift).
The presentation will focus on the 141 accidents that have been analyzed from a statistical point of view
(number, occurrence ...) and textual (presence of terms in the investigation report, vocabulary used ...). In total,
54 accidents were linked to production tasks, while 29 were linked to maintenance interventions and 32 were
linked to production continuity tasks (unblocking, breakage, raw material's quality etc.). In addition, 19 accidents
were classified as fortuitous, i.e. the injured person did not habitually work with the machine or was not usually
in the presence of the accident-related machine.
We hope that the results of this study will help to adjust and guide prevention efforts according to the life
cycle of the machine (installation, use, maintenance, etc.).
Keywords: Maintenance, Accident Analysis, Machines’ Safety, Task Performed

Session 7
Experiences / Prospects
65
Supportive Protective System IV
Experimental procedure of behavior analysis to the Supportive Protective System (SPS)
as a safety management approach.
For appropriate prediction and control of human behavior.
Hojo R.1, Hamajima K.1 , Umezaki S1, Tsuchiya M.2, Shiizu S.1
1
204-0024 – Japan
2
ADVANTAGE Risk Management Co., Ltd. – Nakameguro GT Tower 17F, 2-1-1 Kamimeguro, Meguro-ku,
Tokyo 153-0051 – Japan
hojo@h.jniosh.go.jp
mtsuchiy@gmail.com
The Supportive Protection System (SPS) was established to prevent human error and intentional unsafe
behavior of workers at workplace of integrated manufacturing system. The SPS controls and prevents human
error and intentional unsafe behavior using proper combination of Information and Communication Technology.
In the present study, validity of the SPS was evaluated with a procedure of behavioral analysis. Ten students
were engaged to the experiment. A virtual experimental workplace was built up in our institute (JNIOSH),
assuming the work place as a manufacturing industry, including none-routine work such as cleaning robot. All
subjects participated under the following 2 experimental conditions 4 times each. 1) SPS condition: Under the
SPS, the workplace was divided by three work zones. If worker entered a target zone, three machines in the zone
out of nine machines of whole workplace were stopped, and the rest kept working. A subject with a tag entered
to the work place from gateway, hung the tag over main and sub controller, for stopping 3 machines, for
confirmation of own authority and for working in zone 1. The subject was required to press button at work point.
Subject hung a tag to sub and main control boards again after the work and pushed the restart button of the
restart board. 2) Usual stop condition: After stopping all machines by pushing emergency button, subject moved
from the gateway to zone 1 directly, and was required the same button pushing. After leaving from zone 1, the
subject released emergency, restarted all machines. Half and the rest of subjects were assigned to feedback and
no-feedback conditions, respectively.
For subjects in the feedback group, button-press and total times from the start to the end were shown, but
subjects in the no-feedback condition were not told anything about the time. Average total time of the SPS was
longer than that of usual stop condition. We assumed that none-routine work occurred once per 30 min out of 8-
hour-work time. Then mechanical outage time was calculated using average total time of each condition. The
machine outage time of SPS was shorter than that of the usual stop conditions. Decrease rates of total time from
the first work of the feedback group was greater than that of the no-feedback condition. Usage of feedback might
be applied as a good promoter for self-encouragement for working. These results suggest that introduction of the
SPS guarantees both safety and operation efficacy.
Session 7 – Experiences / Prospects 66

Importance of safety personnel in the era of robot revolution:
Current status and future prospects of Safety Assessor and Safety Basic Assessor
(SA/SBA) qualification system
Fujita T. 1, Shiomi M.1, Kanamaru H. 1, Tochio M 2., Ariyama M. 2, Sagawa K.2, Kubota1 A., and Mukaidono M.3
1
Nippon Electric Control Equipment Industries Association (NECA) - 2-1-17 Hamamatsu-cho, Minato-ku,
Tokyo, Japan
2
Japan Certification Corporation (JC) - 2-7-53 Nishimiyahara, Yodogawa-ku, Osaka, Japan
3
Meiji University - 1-1-1 Kandasurugadai, Chiyoda-ku, Tokyo, Japan
shiomi@koyoele.co.jp
Kanamaru.Hiroo@db.MitsubishiElectric.co.jp
tochiom@j-cert.com
ariyamam@j-cert.com
sagawak@j-cert.com
kubota@neca.or.jp
masao@meiji.ac.jp
In the coming era of the Fourth Industrial Revolution, new safety approaches such as Vision Zero and
Collaborative Safety: Safety2.0 are emerging globally, and Robot Revolution has taken place in Japan. Many
robot manufacturers are developing collaborative robots that are being used in actual applications not only of
industrial systems but of service industry to meet the challenges of labor shortage. In such a trend, there is an
urgent need to develop and foster skilled personnel who can promote and implement safety of machines and
facilities. Those skilled personnel must possess the latest safety knowledges based on international ISO/IEC
safety standards, therefore, Japan urgently needs to forster personnel who can implement machine system safety.
In Japan, to foster safety personnel, the Nippon Electric Control Equipment Industries Association
(NECA) founded the Safety Assessor (SA) qualification system in 2004, and the Safety Basic Assessor (SBA)
qualification system in 2009 with the support of the Japan Ministry of Economy, Trade and Industry (METI).
The profile of these qualification systems were reported at International Conference on Safety of Industrial
Automated Systems (SIAS) in USA (2005), Tokyo (2007), Finland (2009), Canada (2012), and Germany (2015).
These qualification systems have been adopted in diverse industries including automobile and automotive
industries. In 14 years, SA/SBA certification was granted to about 15,000 individuals from about 1,300
companies. In 2014, the Japan Ministry of Health, Labour and Welfare (MHLW) issued a notice praising the
SA/SBA system as an education system of remarkable usefullness. The system’s steady progress has led to
adoption of the system by seven other asian countries, among which Thailand was chosen to transfer the system
into as a part of Japan’s official development assitance (ODA). Further global progress is expected.
This paper reports the case studies of the most advanced robot applications, and the importance of risk
assessment/reduction. As system integrators will play more important roles, more personnel skilled in safety will
be required in installation of automated systems utilizing robots. The effectiveness and potential of Robot Safety
Assessor Qualification System are also reported. In the era where robots and humans coexist and work
collaboratively, the necessity of Collborative Safety : Safety2.0 is already an established fact. The current social
contexts, new education system, and also the requirement of safety understanding by executives in management
are described, and also the perspective in which steady effort is needed to achieve Vision Zero society by
employing advanced technologies.
Keywords: safety assessor, safety of machinery, robot, collaborative safety

Objective and Subjective Effects of Passive Exoskeleton on Overhead Work
Maurice P.1, Camernik J.2, Gorjan D.2, Schirrmeister B.3, Tagliapietra L.4, Bornmann J.3 , Pucci D.4,
Ivaldi S.1, Babic J.2
1
2
Jožef Stefan Institute, Jamova cesta 39, SI-1000 Ljubljana, Slovenia
3
Otto Bock SE & Co. KGaA, Duderstadt, Germany
4
Fondazione Istituto Italiano di Tecnologia, via Morego 30, Genova, Italy
Work-related musculoskeletal disorders (MSDs) are the first cause of occupational disease in developed
countries and therefore represent a major health issue. MSDs develop when biomechanical demands exceed the
worker’s physical capacity. In this regard, overhead work is often cited as a MSDs risk factor. Yet, overhead
work remains very common on assembly lines, especially in the automotive industry. One solution to relieve
workers while keeping them in control of the task execution is to assist them with an exoskeleton.
Within the European project AnDy, the provided prototype is an upper-limb passive exoskeleton intended
for supporting the weight of the arms, and possibly of manipulated tools, while the user is working overhead.
This exoskeleton does not enhance the human’s strength, but renders his/her arms virtually weightless, thereby
relieving the shoulder joint. Being passive, hence without motors, the exoskeleton is light, not bulky, and easy to
wear. Here we present the results of an experiment conducted to evaluate the performance of the exoskeleton
with regard to workload reduction.
Twelve participants performed an overhead pointing task with a portable tool, with and without the
exoskeleton. The participants’ physical and physiological state was monitored with whole-body inertial motion
capture, ground reaction force, EMG on shoulder and back muscles, oxygen consumption, and heart rate. The
tool motion was recorded with optical motion capture to assess task accuracy and completion time. Following
the experiment, the perceived workload was assessed with the NASA Task Load Index. In addition, participants
answered a questionnaire and were interviewed to evaluate technology acceptance.
Comparison of the two conditions – with and without exoskeleton – revealed that muscle activation,
oxygen consumption and heart rate were significantly reduced when using the exoskeleton. Conversely, task
performance was affected neither positively nor negatively. Importantly, the reduction in overall workload
observed with objective measurements was also observed in subjective measurements: the task not only was, but
also felt, less demanding when wearing the exoskeleton. Eventually, acceptance score was high and participants
all said that they would choose to use the exoskeleton again for such a task.
Future work will be directed towards evaluating the exoskeleton on different tasks, including bending,
crouching and walking to assess its transparency and potential disturbances of the user’s movements.
Experiments on industrial sites are also planned. Furthermore, results from the evaluation will serve to guide the
development of an intuitive adaptation of the level of support provided by the exoskeleton.
Keywords: Physiological Measurements, Whole-Body Dynamics, Workload Assessment, Technology

Acceptance

Book of Abstracts SIAS 2018

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Book of Abstracts SIAS 2018

Uploaded by

Copyright:

Available Formats

9th International Conference

Session 1 – Functional safety – Information Technology

Session 2-1 – Safety of Collaborative Systems

Human-robot coactivity: need’s analysis, Tihay D. ............................................................................................. 10

Session 2-2 – Safety of Collaborative Systems

Advancing Anticipatory Behaviors in Dyadic Human-Robot Collaboration:

Thursday, October 11th 2018

Session 3 – Autonomous systems

Top-Down approach for safety engineering in autonomous and semi-autonomous machinery

Practical solutions for safety-related application programming, Huelke M. ........................................................ 31

Friday, October 12th 2018

Session 6 – Experiences / Practical applications

Session 7 – Experiences / Prospects

Functional safety – Information Technology

Session 1 – Functional safety - Information Technology 5

MySafeAutomation – Schorlachstrasse 3 – 91058 Erlangen – Germany

Session 1 – Functional safety - Information Technology 6

Session 1 – Functional safety - Information Technology 7

Key words: Cyberphysical, Major Hazards, process Industry, Risk Analysis

Session 1 – Functional safety - Information Technology 8

Safety of Collaborative Systems

Keywords: Robotics, HRC, Safety, ISO 10218-1

Session 2-1 – Safety of Collaborative Systems 10

Pilz GmbH & Co. KG - Felix-Wankel-Straße 2 - D-73760 Ostfildern – Germany

Session 2-1 – Safety of Collaborative Systems 11

Keywords: Ultrasonic Sensor; Acoustic Holography; Human-Robot-Collaboration; Machine Based Learning

Session 2-1 – Safety of Collaborative Systems 12

Fraunhofer IFF – Sandtorstrasse 22 – D–39104 Magdeburg – Germany

Session 2-1 – Safety of Collaborative Systems 13

Session 2-1 – Safety of Collaborative Systems 14

Safety of Collaborative Systems

Keywords: Collaborative robots, Ergonomics, Wearable Sensors, Human Movement Prediction

Session 2-2 – Safety of Collaborative Systems 16

Session 2-2 – Safety of Collaborative Systems 17

Keywords: Future Safety Concept, collaborative safety, Safety2.0, human-machine-environment

Session 2-2 – Safety of Collaborative Systems 18

IDEC CORPORATION – 2-6-64, Nishimiyahara, Yodogawa-ku, Osaka, Japan

Keywords: Safety of machinery, Robot, Human factor and collaborative safety

Session 2-2 – Safety of Collaborative Systems 19

Session 3 – Autonomous systems 21

Keywords: Safety, autonomous mobile work machines, safety systems

Session 3 – Autonomous systems 22

Session 3 – Autonomous systems 23

Keywords: Autonomous systems, Safety of machinery, Systems engineering, Design methodology

Session 3 – Autonomous systems 24

Protective devices and smart systems

Keywords: wireless machine control, safety-related data transmission, tablet frame

Session 4 – Protective devices and smart systems 26

Keywords: Protection personal, Smart, Definition, System

Session 4 – Protective devices and smart systems 27

SICK AG, Erwin-Sick-Str. 1, 79183 Waldkirch, Germany

Session 4 – Protective devices and smart systems 28

IDEC Corporation – 2-6-64 Nishimiyahara – Yodogawa-ku – Osaka – Japan

Keywords: enabling device, safety of machinery, robot, collaborative safety

Session 4 – Protective devices and smart systems 29

Keywords: Confirmed safety, Operational safety, System safety, Safety structure

Key words: risk reduction, safe design, robot, collaborative safety

Key-words: Design, Safety, NFA, FMEA

Keywords: Falling accident, Wearable device, Forearm injury, Bone fracture

Keywords: Cleaning, Accident Analysis, Safety of machinery, Food-Safety

Keywords: International standard, Minimum distance, ISO 13855, Safeguards

Université de Lorraine, CNRS, Inria, LORIA, F-54000 Nancy - France

Keywords: Collaborative Robots, Ergonomics, Digital Human Simulation, Sensitivity Analysis

Collaborative robotics is an increasingly emerging subject in industrial environments. This presentation