Integrated Framework for Safety Management and Software-Assisted Safety Assessment in Fluid Production

Koo, Chee H.; Neuschwander, Bernd; Vorderer, Marian; Stehle, Patrick; Kretzschmann, Roman; Tasci, Timur; Leberle, Urs; Verl, Alexander

doi:10.1007/978-3-031-27933-1_5

Chee H. Koo⁶,
Bernd Neuschwander⁷,
Marian Vorderer⁶,
Patrick Stehle⁷,
Roman Kretzschmann⁷,
Timur Tasci⁸,
Urs Leberle⁶ &
…
Alexander Verl⁸

Part of the book series: ARENA2036 ((ARENA2036))

Included in the following conference series:

Stuttgart Conference on Automotive Production

2894 Accesses

Abstract

In the factory of the future, the concept of fluid production allows production processes to be adapted more frequently and efficiently to fulfill rapidly-changing product requirements and to prevail in an increasingly challenging market environment. Production resources, machinery and humans are integrated seamlessly to achieve common production goals. Rapid changes in system configurations are also enabled by highly modular, self-descriptive and reusable machinery modules called Mechatronic Objects. The high reconfigurability in fluid production poses new challenges for the safety management of future production systems. Every modification done to an existing system needs to be risk assessed and approved during the commissioning to allow its safety-compliant operation. As current industrial practices for risk assessment are still labor-intensive and time-consuming, new methods are needed to quickly integrate the aforementioned highly modular Mechatronic Objects into fluid production systems. In this paper, we propose a safety management and assessment framework to address the safety-related challenges for fluid production. This paper proposes a new modeling method to describe the different types of Mechatronic Objects and derives different stages for the assessment and approval of fluid production systems. This allows a more efficient and accelerated commissioning phase, a seamlessly integrated production and the reduction of manual efforts needed for the system commissioning. The proposed framework, the methods and the implemented software tools are validated using a case study for a highly reconfigurable assembly system at the research campus ARENA2036 at the University of Stuttgart.

You have full access to this open access chapter, Download conference paper PDF

Alignment of safety and security risk assessments for modular production systems

Article Open access 15 September 2021

SQUADfps: Integrated Model-Based Machine Safety and Product Quality for Flexible Production Systems

Safety, Ergonomics and Human Factors in Reconfigurable Manufacturing Systems

Keywords

1 Introduction

Future production in the automotive industry needs to be adapted more frequently and in an efficient manner to fulfill rapidly-changing product requirements in order to prevail in the increasingly challenging market environment. In this future production, production resources, machinery and humans are integrated seamlessly to achieve common production goals. If production changes are required, the system configuration can be adapted flexibly and dynamically to address new production requirements. This highly reconfigurable nature of the production systems is made possible thanks to the application of Plug-and-Produce (PnP) technology and the usage of Cyber Physical System (CPS) within the production. Relevant approaches and implementations to achieve this vision are currently studied within the research project FluPro (Fluid Production) at the research campus ARENA2036 of the University Stuttgart.

Safety assessment represents one of the many important aspects to guarantee production safety and to enable the successful operation of fluid production [1]. According to the Machinery Directive [2] in the European Union, every machinery or production system needs to be risk assessed and the results documented before the CE marking can be issued, which represents the manufacturer declaration for the system conformity according to related safety standards and regulations. The procedure for risk assessment according to ISO 12100 [8] has to be done after every system modification to ensure that possible emerging risks are identified, eliminated or reduced to an acceptable level. Current industrial practices depend mostly on manual efforts of highly-experienced safety engineers and the created document-based assessment results are hardly reusable. This time-consuming and labor-intensive safety-related procedures are counterproductive, especially in consideration of the main objectives of fluid production to allow an efficient and seamlessly integrated production.

In this paper, we propose a safety assessment framework called the Fluid Production Safety 4A-Framework (FluPro-S4A) to provide an assisted risk assessment and documentation process within fluid production. The goal of this framework is to facilitate the manual efforts needed to risk assess and approve the operational safety of production systems, which will lead to an accelerated system commissioning. This paper proposes a new modeling method to describe the different types of assets (i.e. production equipment and machinery) within fluid production and derive the integrated framework FluPro-S4A alongside relevant software tools to enable a semi-automated and assisted assessment during system commissioning.

2 Related Work

Tools or assistance systems with more advanced capabilities for risk assessment are desired among experts based on a study conducted by [7]. In the field of Human-Robot-Collaboration (HRC), some of the methods and tooling worth mentioning include the formal method SAFER-HRC for hazard analysis [4, 15], the rule-based system [5], the simulation-based approach [6, 16] and the robot reachability analysis [14, 17]. The author in [9] focuses more on robot behaviour analysis and proposes an automated configuration method for different robot states. These mentioned methods deal mostly with concrete aspects within the HRC applications to facilitate the risk assessment procedure.

In the field of reconfigurable systems, similar approaches can also be found as frequent system changes might lead to an increased effort for risk assessment. The authors [12] provide a certification concept for modular production lines, whereas [13] proposes a digital certificate for the CE-conformity of I4.0 production lines. Toolings and methods to facilitate risk assessment in various domains such as manufacturing have similar motivation to assist humans during the assessment and decision-making process. Some of the examples include the concept AutoSafety for assisted risk assessment for adaptable production systems [10], the decision tree analysis method [11], the framework for the assessment of complex systems [3] or the runtime analysis of failure rates for automated guided vehicles [18].

The contributions in this paper lie mainly on the whole integrated process during the commissioning of fluid and reconfigurable production systems, where high-level modeling and safety approval procedures are proposed. With the methodical foundation provided by the aforementioned publications, we demonstrate how such computer-aided methods can be integrated seamlessly into production systems.

3 Modeling and Integrated Process for the System Commissioning

Considering the context within fluid production, several terminologies are firstly introduced to describe the hierarchy and the types of production assets:

A System (S) is a collective term to describe the whole production layout that is made up of one or more production cells or machinery (Base) to achieve common production goals.
A Base (\(B_S\)) represents a standalone production unit (cell or machinery) that is made up of modular production assets (Mechatronic Object) that offer distinct production skills. This represents the starting point for the system safety assessment introduced later in this paper.
A Mechatronic Object (\(MO_{S,B}\)) describes a production asset that is integrated into the Base. Two categories of MO are introduced based on our modelling: MO Process offers production skills, while MO Measure represents implemented safety devices/measures for the purpose of risk mitigation.

The introduced terminologies can be further described using the presented meta-model in Fig. 1 to illustrate the relationships between different production assets in the fluid production. With this asset relationship, we focus specifically in this paper on the assessment and commissioning of one Base that possesses a combination of different Mechatronic Objects (MOs).

To derive our integrated framework for the safety management, we firstly analyze the commissioning process of fluid production systems and identify its relevant connections to safety. The commissioning of a fluid system can be divided into four phases before the production starts: (1) planning phase, (2) external implementation, (3) internal implementation, and (4) documentation.

During the planning phase, the required modular MOs that are needed are selected. Relevant tasks that can be done in this phase include the layout planning of MOs, the analysis of production cycle times and the derivation of production cost. In the second phase external implementation, further fine-tuning of the selected MOs can be carried out to fulfill production requirements and to prepare for the system modification. Here, the selected MOs must undergo a safety pre approval process to ensure that the MOs are safe according to the Machinery Directive [2] and risk assessed based on ISO 12100 [8]. Preapproved MOs will bring along its safety-related digital descriptions and can be integrated.

During the third internal implementation phase, a temporary production shutdown is required to conduct the system modification. The selected MOs are now integrated into the production environment. A system risk assessment and a safety approval will take place (approval of the complete Base described in this paper). The interlinking of the integrated MOs will be risk assessed and, if necessary, optimisation/mitigation suggestions will be made. The documentation phase ensures that requirements based on the Machinery Directive [2] are fulfilled and represents the final step before the new system configuration is commissioned. This required documentation contains e.g. operating manuals, conformity declarations, involved production costs and hazard/risk assessment documents.

4 Fluid Production Safety 4A-Framework (FluPro-S4A)

Based on the modeling and the commissioning process explained in Sect. 3, a framework called FluPro-S4A is proposed for the integrated safety management/assisted risk assessment of fluid production systems (Fig. 2). During these presented assessment procedures, the acquired up-to-date system model that represents the production system will be used as foundation for all the conducted assessments. The FluPro-S4A framework constitutes four main steps described as follows:

1.
Change Acknowledgement: This step represents the starting point of the framework and is usually triggered manually by the operator after a system modification or automatically by a monitoring system. The up-to-date system model will be checked and its changes acknowledged for the subsequent steps. (see Sect. 4.1)
2.
Asset Assessment: If system changes are identified, every integrated asset will be assessed to ensure its validity. This is to ensure that the assets fulfill the basic requirements for operation. (see Sect. 4.2).
3.
System Assessment: During this overall system assessment, the whole production system (i.e. system model) will be assessed using our developed methods (see Sect. 4.3) to ensure that all identified risks are properly addressed and mitigated by the available safety measures.
4.
Approval Assistance: In the final step (see Sect. 4.4), relevant methods will be applied to show how the assessment results can be post-processed to support safety engineers during decision-making.

Using the FluPro-S4A framework, the operator can also improve the production system configuration gradually based on the generated assessment results. As can be seen in Fig. 2, if adjustments to the production system are made, a reassessment can be triggered to reevaluate the system configuration. The system model will be updated digitally and the aforementioned four assessment steps will be conducted again. In the following subsections, detailed descriptions will be provided for the four assessment steps within FluPro-S4A framework.

4.1 Step 1: Change Acknowledgement

A fluid production system is described by the modeling method explained in Sect. 3 and represented digitally using a system model. Through this semantic data model of the system, the structural interconnections between the assets and the base system can be described and visualized digitally, which enables the change identification and acknowledgement of the fluid production by comparing both the states before (S) and after (\(S^{'}\)) a system change. This change acknowledgement analysis will look through both the base and the asset level to identify the type of system change. The three possible types of system changes are base structural changes (changes at the level of production systems), asset structural changes (changes within a Base) or asset configuration changes (changes of a MO/asset itself). Each of these types will have different implications and will be assessed differently (further details will be provided in the subsequent Sect. 4.3).

4.2 Step 2: Asset Assessment

The main focus of this assessment step is to ensure that the integrated production assets have properly gone through the safety preappoval stage before being integrated into the overall fluid production. The status of an asset can be issued during the preapproval stage and is represented by its approval status. A confirmation of the approval status is required to guarantee its validity and to avoid data incompleteness during the System Assessment. Operators will be guided by the framework to properly deal with invalid assets during the asset integration. We define four types of approval status with the following explanation:

1.
Status “approved”: The asset has been checked during the preapproval stage and its risks are eliminated inherently. The Asset can be integrated within the fluid production without additional safety measures.
2.
Status “pre-approved”: The asset has undergone the preapproval procedures and possesses residual risks that cannot be fully eliminated by itself. Further safety measures have to be applied and confirmed during the overall System Assessment.
3.
Status “expired”: An expired asset loses its approval validity and needs to be reapproved before being integrated into the fluid production. Possible reasons for an “expired” status are the necessity for an inspection after a predefined timeframe.
4.
Status “awaiting approval”: The asset has not gone through the safety preapproval stage and requires preapproval to ensure its data completeness during the overall System Assessment.

4.3 Step 3: System Assessment

The overall System Assessment ensures that possible risks due to the combination of all integrated production assets within the fluid production are properly identified and mitigated. Using the methods proposed in this paper, the process can be conducted in a semi-automated manner to provide assistance to users during the commissioning phase and consists of two parts with different purposes: (1) the identification of emerging risks based on the combination of assets, (2) the integrated process to provide safety evidences for the approval.

Identification of Emerging Risks Due to Combination of Assets

During the consideration of emerging risks (i.e. risks resulting of the overall system configuration), several factors need to be taken in account. Firstly, risks might arise due to visible root causes (e.g. movement of a mechanical components) or due to non-visible reasons (e.g. timing behaviour). Secondly, possible relevant risks might not be completely identified or implied digitally. This means that user role remains crucial during the hazard/risk identification process. We propose the following methods to assist users in identifying emerging risks for fluid production:

1.
Simulation: The application of simulation-based approaches, such as mechanical analysis using physics engine or non-mechanical analysis, allows a better understanding of the system behavior after integration. Possible emergent failures or risks can be identified using these methods.
2.
Logical implication: Logical implication is useful where information is incomplete or provided in a rather abstract way. The identified risks from this implication will contain uncertainty and should be confirmed manually by users or experts. An exemplary scenario to apply this method is “if an asset with kinematics (i.e. robot) is integrated, possible crushing points will occur in the working space”.
3.
Guided questionnaire: Guided questionnaire can be applied in situations where simulation-based approaches and logical implication are not possible or too complex to be modelled digitally. As an asset might have specified conditions that have to be fulfilled to guarantee its safe operation, a questionnaire to guide the operators during the identification and the analysis of emergent risks can be helpful.

Proposal of an Integrated Process for the Fluid Production

Based on the possible types of system changes for fluid production stated in Sect. 4.1 and the proposed methods for the identification of emerging risks, an integrated process for the overall System Assessment can be defined (visualized in Fig. 3) to categorize, identify and assess risks related to a concrete system configuration (represented by System Model).

As can be seen in Fig. 3, a series of steps are defined within this System Assessment based on our proposed methods for fluid production. Previously identified risks from the preapproval stage that are provided by every integrated asset will be updated to the risk list. By comparing both the previous (S) and the current state (\(S^{'}\)), the involved types of changes can be identified. Different software modules can be activated throughout the process to guide the user in completing the safety approval/risk assessment procedures.

4.4 Step 4: Approval Assistance

The final step within the FluPro-S4A framework focuses on methods to provide assistance and to increase the efficiency of the approval process. Current legislative requirements only allow semi-automated, but not fully automatically generated results so far. Future work will be done to clarify and to enhance the decision making by a software.

5 Case Study

For a clearer understanding, a case study for the assembly of a small electrical control unit, comparable to those widely used in the automotive industry, is demonstrated (see Fig. 4). This case study shows a possible scenario in fluid production, in which previously unused MOs can be integrated seamlessly into production based on the required production changes. We model the system using our presented approach to describe the Base and the MOs (see “3” in Fig. 4). Besides, we also demonstrate the application of different software tools for the integrated safety management within the fluid production:

The preapproval tool can be used to assist the user during the hazard analysis and the preapproval of individual MO. The tool is integrated into the communication infrastructure and will update the digital model with the relevant hazard/risk descriptions of the MO for further analysis in the subsequent steps. (see “2” in Fig. 4)
The system safety assessment/approval tool called AutoSafety based on [10] can be used to assess the overall system configuration. Data can be extracted from the preapproval phase and be further analyzed. Different software analysis modules and simulations can be implemented and applied based on our approaches proposed in Sect. 4.3. (see “4” in Fig. 4)

With the new system configuration completely risk assessed, documented and finally approved by the responsible safety engineer under the assistance of the aforementioned tools, the new production process can now operate with minimal downtime and reduced manual effort.

6 Conclusion and Future Work

This paper presents an integrated approach to enable the dynamic safety management and risk assessment for fluid, reconfigurable production scenarios. By using our presented framework called Fluid Production Safety 4A-Framework (FluPro-S4A), modular I4.0 production assets and its data can be modelled considering both functional and safety-related aspects. Besides, different assessment/approval steps are presented to capture system changes, to support risk assessment, and to analyze the respective safety impact in a systematic and seamless manner. This framework contributes to a more efficient safety management, enables interoperability of vendor-independent production assets with safety guarantees and lays the foundation for the successful execution of fluid production systems for future factories. Future work includes further optimization of the approval procedures and the development of methodologies to better identify emerging risks for fluid production.

References

Fries, C., et al.: Fluid manufacturing systems (FLMS). In: Weißgraeber, P., Heieck, F., Ackermann, C. (eds.) Advances in Automotive Production Technology – Theory and Application. A, pp. 37–44. Springer, Heidelberg (2021). https://doi.org/10.1007/978-3-662-62962-8_5
Chapter Google Scholar
Machinery directive 2006/42/EC. Directive, The European Parliament and the Council of the European Union (2006)
Google Scholar
Akerlund, O., et al.: Isaac, a framework for integrated safety analysis of functional, geometrical and human aspects. Proc. ERTS 2006, 1–11 (2006)
Google Scholar
Askarpour, M., Mandrioli, D., Rossi, M., Vicentini, F.: SAFER-HRC: safety analysis through formal vERification in human-robot collaboration. In: Skavhaug, A., Guiochet, J., Bitsch, F. (eds.) SAFECOMP 2016. LNCS, vol. 9922, pp. 283–295. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45477-1_22
Chapter Google Scholar
Awad, R., Fechter, M., van Heerden, J.: Integrated risk assessment and safety consideration during design of HRC workplaces. In: 22nd International Conference on Emerging Technologies and Factory Automation (ETFA), pp. 1-10. IEEE (2017)
Google Scholar
Huck, T.P., Ledermann, C., Kröger, T.: Virtual adversarial humans finding hazards in robot workplaces. arXiv preprint: arXiv:2103.00973 (2021)
Huck, T.P., Münch, N., Hornung, L., Ledermann, C., Wurll, C.: Risk assessment tools for industrial human-robot collaboration: novel approaches and practical needs. Saf. Sci. 141, 105288 (2021)
Article Google Scholar
International Organization for Standardization (ISO): ISO 12100: Safety of machinery - General principles for design - Risk assessment and risk reduction (2010)
Google Scholar
Koch, T.: Approach for an automated safety configuration for robot applications. Procedia CIRP 84, 896–901 (2019)
Article Google Scholar
Koo, C.H., Schröck, S., Vorderer, M., Richter, J., Verl, A.: A model-based and software-assisted safety assessment concept for reconfigurable PnP-systems. Procedia CIRP 93, 359–364 (2020)
Article Google Scholar
Pfeifer, M., Varro, W.: Sicherheitsnachweis für modulare Anlagen, vol. 19, pp. 114–115 (2019)
Google Scholar
Popper, J., et al.: Safety on modular machines: Whitepaper sf-3.1 (2018)
Google Scholar
Richter, D.: Sicherheit von vernetzten modularen Industrieanlagen erfordert eine dynamische Sicherheitsarchitektur 4.0 (Safety and Security) (2018)
Google Scholar
Sallez, Y., Berger, T., Bonte, T.: The concept of “safety bubble" for reconfigurable assembly systems. Manufact. Lett. 24, 77–81 (2020)
Article Google Scholar
Vicentini, F., Askarpour, M., Rossi, M.G., Mandrioli, D.: Safety assessment of collaborative robotics through automated formal verification. IEEE Trans. Rob. 36(1), 42–61 (2019)
Article Google Scholar
Shin, H., Choi, J., Choi, J., Rhim, S.: Physical safety analysis of robot considering impactor shape. In: 2017 2nd International Conference on Robotics and Automation Engineering (ICRAE), pp. 1-5 (2017)
Google Scholar
Andrisano, A.O., Leali, F., Pellicciari, M., Pini, F., Vergnano, A.: Hybrid reconfigurable system design and optimization through virtual prototyping and digital manufacturing tools. Int. J. Inter. Des. Manufact. (IJIDeM) 6, 17–27 (2012)
Google Scholar
Jaradat, O., Punnekkat, S.: Using safety contracts to verify design assumptions during runtime. In: Casimiro, A., Ferreira, P.M. (eds.) Ada-Europe 2018. LNCS, vol. 10873, pp. 3–18. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-92432-8_1
Chapter Google Scholar

Download references

Acknowledgement

The work leading to this paper was funded by the German Federal Ministry of Education and Research (BMBF) in the research project Fluid Production (FluPro) under the grant number 02P18Q620 ff.

Author information

Authors and Affiliations

Corporate Sector Research and Advanced Engineering, Robert Bosch GmbH, Robert-Bosch-Campus 1, 71272, Renningen, Germany
Chee H. Koo, Marian Vorderer & Urs Leberle
Pilz GmbH & Co. KG, Felix-Wankel-Straße 2, 73760, Ostfildern, Germany
Bernd Neuschwander, Patrick Stehle & Roman Kretzschmann
Institute for Control Engineering of Machine Tools and Manufacturing Units (ISW), Seidenstraße 36, 70174, Stuttgart, Germany
Timur Tasci & Alexander Verl

Authors

Chee H. Koo
View author publications
You can also search for this author in PubMed Google Scholar
Bernd Neuschwander
View author publications
You can also search for this author in PubMed Google Scholar
Marian Vorderer
View author publications
You can also search for this author in PubMed Google Scholar
Patrick Stehle
View author publications
You can also search for this author in PubMed Google Scholar
Roman Kretzschmann
View author publications
You can also search for this author in PubMed Google Scholar
Timur Tasci
View author publications
You can also search for this author in PubMed Google Scholar
Urs Leberle
View author publications
You can also search for this author in PubMed Google Scholar
Alexander Verl
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Urs Leberle .

Editor information

Editors and Affiliations

ARENA2036 e.V., Stuttgart, Germany
Niklas Kiefl
ARENA2036 e.V., Stuttgart, Germany
Frederik Wulle
ARENA2036 e.V., Stuttgart, Germany
Clemens Ackermann
ARENA2036 e.V., Stuttgart, Germany
Daniel Holder

Rights and permissions

Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.

Reprints and permissions

Copyright information

About this paper

Cite this paper

Koo, C.H. et al. (2023). Integrated Framework for Safety Management and Software-Assisted Safety Assessment in Fluid Production. In: Kiefl, N., Wulle, F., Ackermann, C., Holder, D. (eds) Advances in Automotive Production Technology – Towards Software-Defined Manufacturing and Resilient Supply Chains. SCAP 2022. ARENA2036. Springer, Cham. https://doi.org/10.1007/978-3-031-27933-1_5

Download citation

DOI: https://doi.org/10.1007/978-3-031-27933-1_5
Published: 05 June 2023
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-27932-4
Online ISBN: 978-3-031-27933-1
eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Integrated Framework for Safety Management and Software-Assisted Safety Assessment in Fluid Production