Introduction – Icarus, Daedalus, and risk management

The ancient Greek story of Icarus and his father, Daedalus, tells of a master craftsman who made wings from feathers and wax, designed such that a man could wear them and fly. Knowing the material properties of feathers and wax, Daedalus warned his son Icarus not to fly too high or too low, lest the wax be melted by the sun or the feathers clogged by sea-spray. Predictably, the son ignored the warnings, the wings failed, and Icarus fell to his death.

In our modern context, another interpretation of the Icarus myth is one of a failure of risk management. The risks of the system Daedalus built to the operators were known. What was missing was any attempt to mitigate those risks beyond a verbal instruction to the operator. The insufficiency of such warnings is a cornerstone reason for engineered safety systems, such as those covered below.

The overlap of AS4024 and AS/NZS60079

Disasters start in the absence of risk management; we’re concerned with the intersection of two kinds of risk, which are very well understood independently.

Machine Safety – AS4024

Machine safety, covered in Australia under AS4024, relates generally to mechanical injuries resulting from moving equipment. It starts with a hierarchical approach, mandating:

· Risk elimination where possible

· Substitution for less serious risks where elimination cannot be achieved

· Engineering controls where neither elimination or substitution can be achieved, and

· Personal protective equipment (PPE) as a last line of defense.

Within the engineering controls scope, another hierarchy is considered – this time, looking at keeping solutions as simple and as effective as possible.

Once a determination has been made that engineering controls are required, a primary design consideration of how serious the risk is. Within the scope of AS4024, we use a basic risk estimation chart to consider:

· The severity of likely injury:

o S1 being a non-serious ‘first-aid kit’ situation

o S2 typically considered as non-reversible, significant recovery time, hospitalisation)

· The frequency and/or duration of exposure

o F1 being less exposure

o F2 being more exposure

· The probability of avoidance

o P1 being a hazard the individual could reasonably evade

o P2 being a hazard the individual would likely not be able to evade

This leads us to a category level that the engineering controls applied to the application need to meet, ranging from B to 4, with Category 4 being the most stringent in its requirements.

In practice, we often find implementation of Category 2 systems to be problematic. Category 2 includes a requirement to test functionality of devices in the system as part of system start up and during operation. If machine is not stopped/started regularly, and/or if the demand rate is low, periodic functional testing is required. For example, if the safety system included a level sensor to guard against tank overflow, a Category 2 rated system would need to include some means to routinely validate that sensor’s performance – a practical challenge. For this reason, it is often more practicable to design to either Cat 1 or Cat 3; it can be seen from the chart above that this is provided as an option.

In this paper, we will focus on Category 3 and 4 safety systems. Note that to achieve Category 3 and 4, monitoring of the safety device is required – where reasonable to do so for Category 3, as an absolute requirement for Category 4. This is typically done through the use of safety relays or safety PLCs, which are shown in the application examples below.

Explosive Atmospheres – AS/NZS60079

Explosive atmospheres, covered for on-shore installations in Australia under AS/NZS 60079, relates to the risks presented by gases, vapours, and dusts. Again, we see a hierarchical approach, starting with risk elimination (remove equipment from the hazardous location), moving through substitution (place equipment in minimally hazardous zone), and then to engineering controls – personal

protective equipment being less relevant to this type of risk. And, again, within engineering controls we see a wide range of different techniques, applicable to different application requirements.

Of principal interest for the purposes of this paper is zoning. Other considerations of course need to be taken into account to ensure that equipment installed is safe for the location, but it is zoning that has the most impact in the context of design choices for machine safety systems in hazardous areas.

The images below provide some clarity – in brief:

· in Zones 0 and 20 we expect to see a risk continuously present – the inside of a grain silo; the inside of a tank containing a liquid with a low flashpoint.

· In Zones 1 and 21, we expect to see a risk in normal operation of the equipment – connection/disconnection points, vents, immediate surrounds of conveyors, and so on.

· In Zones 2 and 22, we expect to see a risk in abnormal conditions – leaking flanges, unusual wind conditions, and the like.

The overlap

There are many workplaces still that do not apply either of these standards, in situations where they could be applied to make the workplaces safer. Consider as general examples:

· bucket elevators in agriculture

· open mixers for flammable liquids, which release vapour

· crushing equipment for solid materials, which release flammable dusts

In all of these cases, an operator in close proximity to the equipment while it is in normal operation is at significant personal risk of serious mechanical injury. In all of these cases, we’d consider the area to be zoned hazardous, under the terms of 60079.

The approach taken here is to use as a frame of reference the safety category level, and the zone. A matrix is provided below, starting with Category 3:

Zone 1,2,21,22 Zone 0,20

Category 3 Yes Yes

Category 4 Yes Consider further

In the table above, by ‘Yes’ we’re indicating that it’s reasonable to routinely encounter these situations and design for them. By ‘Consider further’, we’re indicating that while there are ways to engineer systems complying with Category 4 and Zone 0, they should not regularly arise. If the explosive atmosphere is more or less continuously present (zone 0), and contains fast moving machinery capable of inflicting serious injury, humans should ideally not be there on a frequent or long-duration basis (category 4). In short, before starting system design on the engineering controls, review what the operator is doing there.

Happily, we are seeing an increased desire to implement systems which meet both sets of standards. This said, it is also apparent that amongst the engineering community, there is a knowledge gap around how to apply both sets of standards simultaneously, in cases where both types of risk are present..


Machine safety standards and hazardous area standards are rapidly evolving, and new innovative products in this space are coming to market even faster. This is all positive – better standards, and better equipment, work to increase the likelihood that we go home safe at the end of the working day.


Techniques presented in this paper and the associated presentation should be considered in the context of the application. These techniques should not be applied without undertaking a risk assessment related to the specific installation. While some representative product images are used, the techniques are vendor neutral, subject to manufacturer’s documentation and/or independent certification as applicable.

Further information

For a full of this paper including examples and presentation please go to the ExTA website:

Noddy A

By runnoddyrun

A Brunswick Athletics Club tragic!