It is vital that safety critical systems on mobile equipment are properly maintained, to ensure the safety of operators. Last year, the NSW Department of Primary Industries released a safety alert following a number of incidents where safety critical systems failed. In all circumstances, the mobile equipment was descending a grade and then due to the failure of a safety critical system, control was lost. The backup emergency/secondary braking and steering systems were unable to prevent the mobile equipment from collision.
On four occasions, the initiating event for the incident was a failure of the engine or transmission retarder (retard brake). In three incidents, there was a mechanical or electrical component failure that initiated the event. In one instance, the initiating event was that the truck had run out of diesel fuel.
In some incidents, the truck’s service and emergency/secondary brake performance was incapable of pulling up the truck on the decline when the retarder brake failed.
The investigations found on all occasions that a contributing factor was the failure of safety critical systems because of poor maintenance practices. Table 1 shows some of the common failure modes.
The investigation also found that on most occasions:
? There was inadequate or no daily pre-start safety checks being carried
out which should have identified the defect and placed the mobile equipment out of service.
? Maintenance was not being carried out by competent people familiar with the safety critical systems.
? Safety critical systems were not being periodically checked and tested for functionality.
? Maintenance was not being carried out in accordance with the equipment
manufacturer’s recommendations.
? Documentation on daily safety checks, maintenance activities and defect rectification was inadequate.
? Manufacturer’s documentation was inadequate to confirm the integrity of all safety critical systems.
Rob Regan the director of the mine safety operations branch of the NSW Department of Primary Industries said that sites should immediately review their safety management plan to ensure all foreseeable hazards associated with mobile plant becoming out of control have been addressed. This includes failure of the primary retardation system, failure of mechanical components, condition of roads, operator error and operator actions in an emergency.
Mr Regan explained that maintenance management systems should identify and document all safety critical systems on mobile equipment and then ensure that these are periodically checked and tested.
He said it was also important that maintenance management systems were
in accordance with the equipment manufacturer’s recommendations and considered site operational conditions.
Mr Regan explained that some site conditions required more rigorous maintenance than those specified by the manufacturer due to the operating environment.
Mr Regan stresses that site safety management plans should ensure daily pre-start safety checks are rigorously carried out, with all identified defects being assessed by a competent person before the equipment is used.
He said that operators, supervisors and maintenance people involved with mobile plant must be familiar with all safety critical systems, and they should be trained and competent for their task.
He advised that the safety management plan should also ensure that a competent person inspects mobile equipment periodically and verifies that it is safe to operate. The safety plan should also ensure a documented safety file is maintained throughout the life of the mobile equipment. This safety file would contain information relating to checks and tests of safety critical systems, daily pre-start safety checks, defect notification and rectification, preventive maintenance activities, training and competency records for operators, supervisors and maintenance personnel, and results of actions from periodic audits and reviews.
Mr Regan explained that all mobile equipment designers, manufacturers and suppliers should review designs and documentation to ensure that the latter provided to the end user included the identification of safety critical systems, and the systematic and periodic examination and testing of all safety critical systems.
He also said it was important that all safety critical systems remain functional over the mobile equipment’s lifecycle, and this would occur if it was maintained according to the documentation provided and the specified requirements were practicable and considered the designed operating environment.
Mr Regan explained that designers must ensure a Failure Modes and Effects Analysis (FMEA) or other similar risk assessment method had been done to confirm the integrity of all safety critical systems. Designers must also ensure that warning systems are designed so that if the warning system fails, an audible alarm will activate.
In another NSW Department of Primary Industries safety alert, Mr Regan explained that mobile equipment manufacturers’ information on transmission and retarder performance was being misinterpreted as safe grades for use.
Mr Regan explained that this misinterpretation could result in mobile equipment being used on steeper grades than those in which the mobile equipment can safely stop, in the event of transmission failure.
Typically, equipment manufacturers supply gradeability and retardation charts to their customers.
These charts are supplied in conjunction with a statement that the braking systems comply with standards, some sites may be misinterpreting these charts as safe
grades for use.
Department of Primary Industries investigations found that manufacturers’ maintenance documentation indicates that braking systems comply with ISO 3450 or AS 2958.1, and that a fault in the engine transmission will cause the retarder to automatically disengage and the transmission to shift to a neutral position. The documentation also showed that a retarder failure or neutral transmission requires the service brake (foot pedal) to be applied to stop the vehicle.
The service, secondary and park brake systems may not be able to stop and hold the mobile equipment on all grades and loads as identified in the retardation charts, following a failure of the engine or transmission.
This particularly applies to articulated six-wheel drive equipment, which appear, from performance charts, to be able to operate on very steep grades (greater than 25 per cent).
The DPI investigation found that an instruction plate on the correct gear/speed selection when descending grades was, typically, unavailable in the operator’s cabin, as required by ISO 3450 or AS 2958.1.
The DPI investigation also found that for some equipment:
? There was no fail safe brake (spring applied) for emergency applications.
? Both service and secondary braking
systems use the same components and rely on stored air pressure alone for their operation.
? The failure of a single component and/or leaks significantly reduce braking performance.
? A risk assessment of the failure modes of the braking system was not available.
Section 11(1) of the NSW Occupational Health and Safety Act 2000 states that ?a person who designs, manufactures or supplies any plant or substance for use by people at work must ensure the plant is safe and without risk to health when properly used and provide … adequate information about the plant … to the person to whom it is supplied to ensure its safe use.?
Mr Regan said that sites should identify all grades on their site where mobile equipment was used and confirm, with the manufacturer, whether the particular mobile equipment was safe to use on these grades following failure of the retarder or transmission.
He says it is important to review the braking systems’ integrity to ensure they are fit for purpose for the grades being traversed, where written confirmation cannot be obtained from the manufacturer, and to ensure maintenance practices on braking systems are consistent with the level of risk for the site haul roads.
Mr Regan said that mobile equipment designers, manufacturers and suppliers should provide information, describing the performance of the service, secondary and park brake systems, as well as the maximum grade on which the mobile equipment can safely stop and hold, following failure of the retarder or transmission. Other information that should be provided includes operating instructions for descending a grade and practical maintenance instructions that will, if followed, ensure all braking systems remain functional over the life of the mobile equipment.
Mr Regan also explained that mobile equipment designers should review the integrity of braking systems to ensure they are fit for purpose for the specified grade of operation.
Guidance is provided in AS 4024, AS 62061, MDG 1010 and National Minerals Industry Safety and Health Risk Guideline for appropriate risk assessment techniques.