Managing PLCs in an OHSMS

| September 20, 2012

Earlier this week, I was asked to respond to a question posed on the ASQ Ask the Experts blog. The question requested information about standards applicable to making modifications to PLCs (Programmable Logic Controllers).  In my response, I identified a number of potentially applicable regulations and standards.

As I pointed out in my answer, in order to meet the requirements of OHSAS 18001, an OHSMS must include management of change procedures that assess the potential hazards of PLC modifications prior to any changes being made.

As I thought about the management of change (MOC) procedures I have reviewed over the years, I realized that this has been important deficiency in most of them.  MOC procedures tend to focus on equipment (i.e. hardware) changes and often ignore changes to the software that operates the equipment.  This is a concern because more and more industrial equipment is computer – rather than human – controlled.

How should this issue be addressed in an OHSMS?

  1. Appropriate individuals within the company should become familiar with the PLC requirements set out in any applicable regulations and appropriate consensus standards. (Again, for a list of potentially applicable standards, check out the ASQ blog post.)
  2. Just as equipment is evaluated for developing appropriate lockout-tagout procedures, organizations should develop an up-to-date inventory of their PLCs – focusing first on those computer controls used for safety-related functions or in high-hazard processes (for example, mechanical presses, industrial robots, control of chemical reactions).
  3. Guidelines on maintaining and modifying PLCs (and other computer controls) should be incorporated into existing routine maintenance work orders (e.g. PM databases) and MOC procedures.  Appropriate limitations should be placed on PLC modifications based on the associated risks.
  4. Individuals responsible for maintaining, troubleshooting and modifying PLCs need to trained AND competent.
  5. Periodic reviews need to be conducted to ensure that procedures are being followed, PLCs are used correctly, security measures are in place (to prevent unauthorized “hacking”) and backup copies of PLC programs are retained.

As we move toward a future with more and more computer-controlled operations, having management system processes established to ensure they are functioning as intended will become increasingly important for managing both safety and organizational risks.

© ENLAR Compliance Services, Inc. (2012)

Category: OHSMS Implementation, Risk Management, Standards & Certification

Comments (0)

Trackback URL | Comments RSS Feed

There are no comments yet. Why not be the first to speak your mind.

Comments are closed.