This article is the first of a six part series providing an overview of requirements, principles, applications and technology for pneumatic and hydraulic safety control systems of machinery.  Our first topic is an introduction to categories of safety-related parts of control systems and their influence on fluid power system design requirements.



Across Australia, state law stipulates that anyone who manufactures, supplies, designs, owns or modifies machinery must undertake both hazard identification & risk assessment, to identify & minimise risk.  Unfortunately these legal obligations often come as a shock to many in the aftermath of a preventable accident, as both companies & individuals realise they could be prosecuted.



Codes of practice for plant and machinery safeguarding standards establish a priority order for the types of measures to be used to control risks.  These in hierarchical order include Elimination, Substitution with a lesser hazard, Engineering Controls, Isolation, Administrative Controls and Personal Protective Equipment.


Where a hazard could arise from exposure to a load controlled by fluid power that cannot be eliminated or substituted, then appropriate engineering control methods need to be employed as far as is practicable.  If failure of the control systems integrity could lead to accidental operation it is not just exposure during normal operation that must be considered in assessing exposure to the load.  Our experience has found that probable effect to a failure to danger is often overlooked in assessments or not understood, leaving operators exposed to potential time bombs.


AS4024.1 Safeguarding of Machinery requires the ‘safety related parts of control systems’ to be in accordance with the requirements of one or more of five categories.  The categories state the required behaviour of safety related parts of a control system in respect to its resistance to faults.


If a hazard identification & risk assessment of a machine identifies a hazard for which an engineering control method such as an interlocked access guard is to be employed, then the relative category for the safety control system integral to the control method should be derived.  (Refer to Appendix F, AS4024.1 for guidance on selection of categories). 


risk matrix



S  Severity of Injury

            S1, Slight (normally reversible) injury.

            S2, Serious (normally irreversible) injury, including death.


F  Frequency of exposure and / or exposure time to the hazard

            F1, Seldom to quite often  and / or the exposure time is short.

            F2, Frequent to continuous and / or the exposure time is long.


P  Possibility of avoiding the hazard

            P1, Possible under specific conditions.

            P2, Scarcely possible.



Possible categories which require additional measures


Over dimensioned



The requirements and system behaviour of the category are designed to provide a practical level of safety control resistance to faults with respect to the potential severity of injury, exposure to the hazard and possibility of avoidance and can be found summarised in table 10.3 of AS4024.1. 


If a hazard could cause a serious, normally irreversible injury including death, then a preferred category of 2, 3 or 4 will be derived depending on the combination of exposure and possibility of avoidance.  For these categories fault detection is called for in safety related parts of the control system.  This includes the electrical, pneumatic and hydraulic component.  The principle being that if a fault is detected, further operation of the machinery can be prevented until the fault is diagnosed and safely resolved.


Categories 3 & 4 additionally require that a single fault in the control does not lead to the loss of the safety function.  Thus if a component fails, a redundant or second device must still maintain the safety function.


‘Practicability’, which includes industry standard practices, cost and available technology has often been used as justification for not including monitored fluid power safety devices.

A practicability argument could be very difficult to justify today. 

Fluid power safety technology today includes a range of monitored fluid power components designed for safety application that provide for fault detection as well as various mechanically interlocked access systems.  These include monitored safety valve systems, safety pressure switches, monitored rod locks and trapped key ball valve interlocks which all help empower engineers to design systems to meet requirements.


Monitored fluid power systems have fast become standard safety practice of industry and form the interface between electrical & fluid power safety control.  Cost is continuously improving and is relatively insignificant compared to the potential cost to companies and individuals following a preventable accident.  Thus investigators are now looking at fluid power system accidents not just as an accident, but as failure to have undertaken or integrated a safe design.



Written By  Murray Hodges, Director of Fluidsentry Pty Ltd.  Murray is a member of the SF-041 Technical Committee for AS4024.1 Safeguarding of Machinery and is the fluid power design representative for the Safety & Environmental Risk Consultants of Australia.  Fluidsentry is a specialised fluid power safety company and winner of the Victorian WorkSafe awards ‘best risk solution’ 2005.

Jason HodgesComment