Hacker News new | past | comments | ask | show | jobs | submit login
Lockout-Tagout (wikipedia.org)
136 points by restlessdesign on Nov 20, 2019 | hide | past | favorite | 111 comments

After working in mining for a long while, where this kind of isolation procedure is standard and is taken very seriously (pretty much any breach of procedure is an instantly firable offense) it's terrifying coming back home and seeing people working on house wiring etc. with nothing more than a turned-off circuit breaker protecting them from electrocution or other injury. I've seen some trades start to pick up isolation procedures but they're generally still far behind industry best practices.

After working on high voltage circuits as a lineman for a couple years, and currently writing software for industrial machinery and regularly working in industrial machining cabinets, I think that applying the same level of precaution used for mining to doing minor work on a 100V circuit is being a bit overzealous. To be fair, you're never going to get hurt by being superfluously safe, but at the same time I don't expect my dog is going to flip the circuit breaker on me, so I'm probably not going to resort to LO-TO when doing some minor electrical work when home alone.

Honestly if our mains was 110V rather than "240V" (read 250-260V thanks to all of the rooftop solar in our area) I'd probably be a bit more casual about it. I've been nipped by ~100V from poor earthing and it's not that bad. 240V hurts.

I've no particular experience working with electricity so maybe you just know what you are doing - but at risk of being a know-it-all on the internet that is not a very safe approach. In an industrial setting any electricity related accident is cause for a trip to the hospital no matter how minor.

For starters you don't want to be casual about 110 volts [0] and for seconds the systems that control heart rhythm use electricity. An electric shock can cause a heart to just stop some hours later (happened to a family friend as far as we can tell).

It is invisible, can kill and humans don't have the right nerves for pain to be an indicator of how bad the damage is. Electricity is hazardous and work on it should leave no scope for surprises.

[0] https://www.asc.ohio-state.edu/physics/p616/safety/fatal_cur...

Can someone please point me to details of a biological mechanism that can cause someone to die hours after having seemingly survived an electric zap just fine? I never thought such things are possible.

https://www.powerstudies.com/blog/what-does-severe-electrica... .

I'm guessing at the exact mechanism, but I assumed the shock knocks the heart rhythm regulators out of sequence and the body can cope for a while but eventually goes in to cardiac arrest. There is some argument about whether symptoms spontaneously show after 12 hours [www.journalagent.com/travma/pdfs/UTD_18_4_301_305.pdf - linked from said article].

Cells have a bunch of interesting electrical properties - https://en.wikipedia.org/wiki/Electrophysiology . I recall a somewhat humerous story when they discovered electricity. Galvani made a frogs leg twitch and hypothesised something like electricity in the leg. Volta said the idea was bunkum and it was caused by the different metals being used for the experiment. Volta redid the experiment without the frog and someone did Galvani's experiment without the metal so everyone got to be right.

Electrical shocks can cause blood clots (deep vein thrombosis) [1] and rhabdomyolysis [2] due to muscle damage, among other things.

[1] https://www.ncbi.nlm.nih.gov/pmc/articles/PMC3096834/

[2] https://www.merckmanuals.com/home/injuries-and-poisoning/ele...

Would both of those conditions be asymptomatic between the precipitating event (electric shock) and sudden death hours later?

Pretty much an urban legend.

Basically it's 'possible' to get cardiac arrhythmias that don't kill you immediately and might kill you later. But not proven, so you're better off learning about not getting zapped than this possibility. Or learning CPR.




There's a term ambulance drivers use, "Walk, talk and die". For victims of car crashes that got a hard knock to the head. A brain bleed in the brain stem (if I'm remembering it right) will build up pressure until the stem suddenly disconnects.

Not electrical, but such syndromes seem to be real.

Walking Ghost phase is a phenomenon in severe exposure to radiation. The patient survives initial ill effects (probably with advanced medical treatment) and now feels fine. They have no nausea, they can walk and talk like anybody else. If you tell them they're actually dying they likely won't believe you. Inside cell reproduction has stopped, and as enough cells naturally die without replacement over the next few days their systems will cease functioning and they'll die of multiple organ failure.

Electricity definitely won't cause that, but yeah, humans can't sense all the terrible things that might have gone wrong with their bodies.

It's quite real. This is why we try very hard (everything short of kidnapping) to take people to the hospital after a bad car wreck ("high energy mechanism of injury" is the term we use) even if they're walking around saying they're fine.

Adrenaline is a heck of a thing. I know someone who similarly said they were fine and wanted to go home after being hit by a car. They had fractured vertebrae and their spinal cord would have likely suffered permanent damage if it wasn’t immobilized as soon as it was.

The EMTs didn't try very hard when I was flipped by a drunk driver. I crawled out of my window and told the EMTs I just wanted to go home and they said 'ok'.

Yup, definitely - this is why people will be asked if they blacked out, if only for a little while, after a fall. If they did the impact was severe enough to cause damage. And of course tight monitoring after head trauma.

You're right. When I was young and stupid I did wiring repairs on 110v circuits without bothering to switch them off. I got shocked a lot, but now that I'm older and smarter I know I just got lucky.

-During the annual EE safety refresher course I take at work, the instructor makes a point of the fact that during domestic work, the electric shock is often merely the trigger for the real injury; you get zapped, then fall from the ladder you were on or whatever.

(We have 240VAC mains, but I guess an unexpected jolt of 110VAC would be sufficient to make me jump...)

I was messing with some DIY generator wiring when I was younger and ended up getting a bite from 110.

My hand was in a shitty position kind of around a table leg, and the shock caused me to clamp down with my hand and kind of "chokehold" the table leg. It took me a lot longer than I thought it would to even register what was happening, and then to kind of throw myself away. I'd been shocked before, but this just kept going after I realized that it was happening and I just didn't know how to process it.

I ended up with some nasty burns on my hand, a really sore whole arm, and a scary realization of how it could have been a lot worse if just one or 2 things were slightly different.

110v or 240v will kill you dead where you stand. But it's not really about the voltage. The higher the voltage, the easier it is for the electricity to ground out through you. But it only takes a few milli-amps across the heart to kill you. A household line can deliver 10-20 amps.

Luckily, human skin is not highly conductive and neither are rubber soled shoes.

So if you are taking proper precautions and not kneeling on a wet floor while using all metal tools on bare wires when someone flips a breaker back on, then your risk is rather minimal.

> 110v or 240v will kill you dead where you stand.

In my experience, when encouraging people to follow safety rules you get better results with true examples that justify the rules than with exaggeration like this. If you tell a person one thing they know isn't true, they're liable to start thinking the other things you tell them aren't true.

240v might kill you if you're up a ladder, elderly, have an undiagnosed health condition, or are just plain unlucky. But it's not the guaranteed instant death that, say a 25kV shock is.

>In my experience, when encouraging people to follow safety rules you get better results with true examples that justify the rules than with exaggeration like this. If you tell a person one thing they know isn't true, they're liable to start thinking the other things you tell them aren't true.

As someone who comes from a compliance/human factors background I absolutely hate internet discussions of safety. They are chock full of people exaggerating everything for up-votes/likes/virtue points and while within a given community that may increase compliance it is the exact wrong way to increase compliance from people who are working under a different set of incentives.

>guaranteed instant death that, say a 25kV shock is

Also not true.

You can safely hold a metal rod into the air as a 20,000 volt tesla coil fires lightening bolts through the air and into your body then to the ground, because the coil is built in such a way to induce very little amperage across your body.

My point being, it's not just the voltage.

I was just imprecise with my language. What I should have said is "110v or 240v could kill you dead". And that is why the following sentences qualify what I was saying.

Household voltage is plenty to kill you, assuming the factors are aligned.

I have been shocked multiple times with household 110v and it was not pleasant at times and others it was barely a twinge. It all depends on how well you are grounded.

I had a very unpleasant shock once from a 12v car battery because I was sitting on the ground in shorts and fiddling with it somehow.

It's impossible for a 240V outlet to deliver 10A through your body. Unless you're made of metal or something.

But you don't need 10Amps to kill you. Just a few hundred milli-amps is enough to kill a human.

Think the point is that the voltage won't collapse under the load.

Exactly, you can get zapped by tens of thousands of volts from a van de Graf generator and be fine, and you can die from 110V mains. The difference is the importance of the supply.

I was working with a circular saw and extension cord on a ladder in light rain Monday night (gotta get that roof up before snow settles in!) and got a moderately bad hit of 110. I didn't drop dead where I stood nor was I thrown off the ladder. Don't exaggerate.

I did retire the extension cord, though.

You misunderstand my comment. And you misunderstand how electricity works. Had you been well grounded, you could have easily died. It only takes about 200 milliamps to kill a human.

110v/10amps is plenty to kill you. It's not the voltage that kills you, it's the amps. That is why you can touch a 20,000 volt tesla coil and barely feel a tingle.

> But it only takes a few milli-amps across the heart to kill you. A household line can deliver 10-20 amps.

10-20 amps? Not across your skin!

Usually a 220V zap at home won't cause instant death.

That's the point made in the line after your quote

> Luckily, human skin is not highly conductive and neither are rubber soled shoes.

Could also note that depending on your circuit breakers, a short circuit will continue delivering higher than its 20A rated capacity for some time until the overcurrent protection goes off.

Thermal breakers won't react as quickly to overcurrent as thermal magnetic breakers, so it depends on what kind of protective equipment is installed.

EDIT: some reference on circuit breakers https://www.se.com/ww/resources/sites/SCHNEIDER_ELECTRIC/con...

> For example: based on the curve on page 3, an iC60 circuit breaker of curve C, 20 A rating, will interrupt a current of 100 A (5 times the rated current In) in: 0.45 seconds at least, 6 seconds at most.

6 seconds is a pretty good chunk of time for a 20A circuit to happily be delivering 100A of current.

You should read the whole comment before contradicting someone. It really wasn't that long of a post.

I've gotten burned by changing light bulbs without turning off the switch; garnering me the nickname "Uncle Fester" by my family (in my defense - the light bulb was out and I wasn't thinking) and that shit definitely hurts.

I've also been burned debugging a power supply for a GSM amplifier used in the test harnesses for a semiconductor fab (this time was carelessness, the power supply rails weren't taped off since I was probing it attempting to find a fault on the point-to-point wiring) that was powered at 240V and holy hell I do not recommend doing anything that stupid. If it doesn't have a safe way to repair, buy a new one.

Burned or zapped? Light bulbs get thermally hot but glass is non-conductive.

I haven't personally been bitten by 240V but from people I've talked to who have, I don't intend to chance it happening.

I'd guess you could get zapped if you accidentally touch the metal part of the bulb (or the socket) while unscrewing the old one or screwing in the new one.

I dunno, I got electrocuted repeatedly a few weeks ago, not sure the voltage, I was using a wet saw and didn't realize the rubber had worn out on my boots and the steel plate in the soles was touching the floor. Every time I turned the saw on or touched it when it was running I got electrocuted. It was kind of funny, nobody could figure out why i was the only one being electrocuted. All my coworkers came and touched it and were fine. But, it wasn't the pain that got to me, it was the weird feeling in my body after.

All the rest of that day I felt weird. My skin felt too sensitive, my arms would twitch randomly, and I just felt kind of weak and vaguely dizzy all day. I did end up figuring it out and putting a rubber mat down which immediately stopped the electrocution problem. But I really don't like being electrocuted at all. It just isn't pleasant.

On topic, all our machines get locked and tagged before opening the electrical cabinets or working on anything where you might be exposed to live wires. It's enforced by worker's comp also. We get randomly inspected fairly regularly and one thing they check is that we have lockout keys and locks on every machine breaker.

I find it interesting how you describe a job with a functional safety culture from the perspective of regulators, with lockouts and random inspections, that yet solves the issue of a power tool shocking workers at mains voltage by just tossing down a rubber mat and continuing to work with said malfunctioning tool.

I worked in mining as well and it's often terrifying watching the stuff that goes on all day at every urban construction site, even the things you can see from street level. Construction workers that stand directly below suspended crane loads in order to guide them down to the ground is something I see constantly and makes me nervous just to watch. If you tried anything like that at any of the mines I worked at you would be immediately escorted off site and probably blacklisted from working there again.

I've seen some things on mining construction sites that'd curl your toes, too. Once I was troubleshooting a cabinet and the light changed. I looked up and there was an EWP with two guys pulling cables, about 10m directly above me. No warning, no marked drop zone, no communication. On the same site I saw a 20 ton piece of equipment get lifted into position, double lift between a gantry crane and a Franna, again no drop zone or anything, just one guy coordinating with hand signals. It worked out OK, but yikes.

On the crane thing, I used to work in a warehouse with 150t overhead cranes and we'd never walk under loads, but we were also the operators, they were remote controlled, so the safety was engrained from the beginning.

I also worked on sites where you don't have a conventional work space such as construction sites and it seemed to be pretty casual with being under the load if you were working in the area or holding the guide rope. In my case we didn't really have an option most times to not be in the way because it was a confined space, that's fun to think about.

I think because depending on the job crane safety and awareness are not primary concerns for a lot of construction workers and those safety practices never get taught unfortunately.

In the same factory with good crane safety, I also almost got killed by an oversight in loto when I guy through a sheet of plastic and there was 240v line running behind it, not in conduit, and I was standing on the top of a ladder. Burned through the entire razor blade in my hand. Thank fuck the blade holder was plastic.

My experience has been that the divide in culture tends to coincide with union/non-union workplaces.

The unusual thing though is my first exposure to "lock-out/tag-out" was as a minimum wage employee at WalMart ~30 years ago. Among other things, they had a large cardboard bailer that compress all the empty cardboard boxes into a bale about 4ft x 3ft x 3ft. It would hold it there while you threaded baling wire through and tied it off. Then it would release and dump it onto your waiting pallet jack, so you could cart it off. We had to lo/to whenever it required service.

Tieing off if you're above 1.8m, not walking under suspended loads and de-energizing systems are so hard drilled into my brain. Haven't been on site in 4 years and I still get triggered by these.

How would you recommend people working on their own house implement anything more than turning off the circuit breaker? (I'm not doing anything electrical in general, but sometimes small fixes are necessary for home owners.)

Simple answer: close the breaker box lid and put a cheap padlock on it. You don't need a tag or special clip. That ensures that your wife or roommate doesn't try to flip the breaker back on while your arm is in the garbage disposal or you are holding the hot wire with your teeth.

You can and should use a test light or DVOM to verify the power is out.

You can and should treat the wires as if they were "hot" anyhow. You should keep a wire nut on the hot wire. Don't actually put any of the wires in your teeth.

Now. You could do all that, but what I do at home is carry a lot of insurance and work "hot". I don't care about 120V or even 240V. I make sure what I'm touching one arm at a time with no ground path through my heart. Don't stand in water. Simply just don't touch the hot wire. I learned to work hot on a piecework job that payed by units completed and that was about 1000% more if you could work hot. And, you can, if you manage the risk. If you mess up 99% chance you'll say "OW" and NOT do that again. I wouldn't play Russian roulette with 1:6 odds. But 1:100 (die from) x 1:100 (mistake) x 10 hours per year (occasional fixes), fine not worth the bother. Far more chance of dying falling off the ladder than electrocution. DON'T stand on rolly chairs.

Now at an uncontrolled job-site, where I'm payed by the hour, 2000 hours/year? NEVER. It's a lot different when you are a company of one vs. many. I know what I'm doing, and while I make mistakes, I can guess how often. If you have more than 0 co-workers, you cannot trust or predict their mistakes.

I uh, have been guilty of similar lack of safety protocols in the distant past. I fortunately learned my lesson by shorting a $900 AC control board and not shocking myself, but needless to say it really is worth taking the time to do it right.

I just zapped myself so hard my hand flew back and got cut on the metal box. Hurt a bit, but it was $900 cheaper than your lesson. :)

They make clip on lockouts for residential breakers.


Personally, I just lock the panel.

If your panel can't be locked a big piece of masking tape across the door, holding it shut, with "NOPE. call <you>" written with a sharpie should do the job. :)

FWIW, the first photograph in that WP article with the tagged panel is one of mine... from close to 15 years ago.

It doesn't have to be anything fancy - you could just fit a hasp to the fuse box (if one's not already attached) to allow you to lock it closed with a padlock. Then you keep the only key for that padlock on your person until you've finished the job.

If you want to get fancier or if others are going to need to access the fuse box while you're working, you can get "lock dogs" which let you lock individual circuit breakers. Then you just lock off the one for the circuit you're working on.

What I learned when doing electrical work in germany, the procedure for safe electrical working is as follows:

- Switch off (at circuit breaker)

- Prevent switching on (lock the breaker)

- Check voltage free (multimeter cleared for 230V/120V operation with long, isolated test leads)

- Ground and short (put a plug into the socket connecting earth, live and neutral, you can DIY that at home safely by cutting open an unused cord and soldering all three wires together)

- Cover nearby powered equipment

> Ground and short (put a plug into the socket connecting earth, live and neutral

Hmm. Given that breakers in the US don’t disconnect the neutral, grounding the neutral can introduce potentially unpleasant stray currents.

On the flip side, as far as I can tell, it’s entirely possible for a code-compliant installation to give you a moderate zap if you touch the neutral with the breaker off: if you have a long feeder to the panel, and someone turns on a big, single-phase load on a different breaker, the voltage drop on the feeder neutral could zap you. Imagine a 50A inrush current a across 1 ohm. That’s 50V for a few cycles.

No it can't. Neutral is tied to ground at the breaker panel. So long as that breaker is turned off, and the neutral isn't accidentally being used as the neutral for another circuit, then there's zero current across the neutral wire back to the breaker panel. The only difference between neutral and ground on that circuit at that point is the color, check the resistance between neutral and ground and you'll find that they're basically a dead short.

Shorting the neutral to ground as well as hot has the benefit that under fault conditions the neutral wire can become electrically hot and if there's a miswired circuit that has current passing through it shorting it to ground would prevent a shock hazard from forming when you disconnect the neutral wire.

Atleast in germany the standard breakers don't either but the GFCI does and 3-phase breakers need to interrupt all phases. The neutral is also somewhat regularly grounded in the building's I've seen and atleast one grounding point is required at the distro point. Plus the breakers will trip at 50A inrush anyway.

(From experience, 50V AC won't kill you unless you are standing in a bathtub and covered yourself in conductive gel, you'll just get some minor pain in most cases)

> The neutral is also somewhat regularly grounded in the building's I've seen and atleast one grounding point is required at the distro point.

Hmm. Are phase-to-neutral loads permitted? If so, does this mean that the building and ground are allowed to carry neutral currents? This seems like a bad idea.

I’m not an electrician, but I’ve seen enough problems caused by “objectionable current” (the US code name for currents through what is supposed to be ground even in the absence of a fault) that I think that neutral should be treated as a hot wire whose voltage to ground just happens to be quite low. This would involve all breakers switching the neutral as well as having a reliable mechanism to detect neutral-to-ground faults.

Newer US GFCI devices are supposed to detect neutral-to-ground faults, so that’s a start, but I don’t think any of them will actually disconnect the neutral if such a fault is detected. They do this by inductively coupling a low voltage 120 Hz common mode waveform on hot + neutral, or maybe just on neutral. It’s a cute trick.

Any building since 2007 has a GFCI installed (TAB2007-6.1§10 in Germany). Not as is common in the US in the sockets but in the breaker box itself. GFCI sockets and plugs are very rare and only exists for legacy installation that cannot be upgraded (insurance is expensive without one).

We use the TN-C-S system, wherein before the GFCI you have 3-phase with a PEN that is shorted to ground when it enters the building, then it is split into PE and N wires. The GFCI is 3-phase with only 1 phase being put into the building (usually, though multiple phases aren't uncommon in larger housings). The PE wire is connected to the heating system and various other ground potential points (either to provide ground or obtain ground potential). The N wire is shorted to PE before entering the socket (or the socket itself shorts these two). Once it leaves a socket the entire thing becomes unpolarized, so to speak, so devices after the socket can't short PE and N without polarized plugs.

This avoids problems with the inrush since the inrush voltage against ground will be grounded away shortly after entering the socket (and trip your breakers). It also means that it's less likely that a single broken wire results in the entire GFCI becoming useless, though if neutral is broken it can become somewhat dangerous (but the device stops working).

Step three, don’t forget to unplug your short circuitter before flipping back on the breaker.

Usually you just follow this list in reverse; from bottom up and undoing what you did.

If we’re being honest with ourselves, few (if any) home owner is ever going to go through with locking circuit breakers. Because it’s completely overkill.

In the Real World, you’ll just tell your wife/kids/roommates “Hey don’t touch the fuse panel until I’m done doing this thing” and it’s not an issue.

One of the funniest things I saw like that was my dad on a ladder in a closet trying to sort out a switch and light fixture with a voltmeter and my special needs brother repeatedly going outside and flipping off the circuit breaker. Leaving my dad cursing on a ladder in the dark.

I think OP is referring to a job site where people coming and going have access to the panel. If you're home alone or only have a small handful of people to keep in contact with then it's far less of an issue.

In those cases you're 'probably fine' but if someone gets home while you're working, sees that the power is out, and goes to check the circuit breaker (as you've probably trained them to do) then you could still get zapped without warning.

That's why central air conditioners are supposed to have a disconnect within sight of the unit.

I thought it was for easy-money from new/unfamiliar home-owners.

https://youtu.be/fUAIBZKeK74 For the Dateline Special.

I assume he means no lock was involved. Anyone who ventures in house electricity should have a circuit breaker locking device. Use it, lock it, and verify the circuit is dead each time before you work on it.

>How would you recommend people working on their own house implement anything more than turning off the circuit breaker?

Tell the other inhabitants what you're doing and tape over the breaker with a note saying to see you before it's turned on.

Sure you could stick a padlock clasp on the breaker box but when your job-site has a number of people you can count on one hand a note will have 99.99999% of the same benefit and if they're trying to recklessly kill you all a lock does is buy a little time.

Well, I played around enough with electronic equipment as a kid to know that coming in contact with a live 230V house wire is painful and gives you a nice adrenaline rush, but comparing it with the things that could go wrong in a mine (potentially with explosives in place) is exaggerating a bit.

Nuclear also takes this very seriously.

+1 for this one, I work in a nuclear power plant and we use this system even for patch panels.

I worked on Redstone Arsenal, and although the most danger I was in was having an emacs fall on me, the monthly safety bulletins were usually about proper tagout/lockout procedure. Particularly with equipment that people have to crawl into for maintenance.

Well if I tell my partner "do not kill me by touching anything in this box today" I trust her. It really depends on the circumstances.

That's great for you. 50% of people are below average, and they have roommates.

Yea sorry. Totally my privilege speaking here. I just found the claim "everyone should do this" a bit too broad.

Always verify the equipment you are working on is still physically LO-TO. I heard a story about one person who LO-TO a breaker on Friday, and Monday it had power when he went to work on it. The guy went to check the breaker, and the breaker was sitting on the ground with the lock still attached, and a new breaker in its place.

Always verify the motor/equipment you're locking out is prevented from running! Coworkers and I were just dishing commissioning job horror stories where folks get too antsy to run their facility and start bumping motors while people are still working elsewhere.

Just because that breaker is labelled to run a specific motor, unless its been verified, it might be wired to the wrong motor, or the labelling is wrong or any other host of oversights.

Had a manager come in, and run his motor. The electrician who was elsewhere in the facility straddling a auger watched it suddenly spin beneath his feet because the lock he put on a breaker was not physically wired to that motor (had not yet been tested).

Lots of horror stories from that particular site. Always verify YOURSELF. Don't trust other people's word

Hooo boy. I think there might be a few more breakers on the ground if that was me.

You misspelled 'teeth'

Oh, wow. That's tantamount to attempted manslaughter.

This is one of my pet peeves: you are in the middle of a test, or maintenance, or similar ... then the weekend could come, it could be a simple bathroom break and you're at a good spot to pause for five minutes.

You come back, and someone has somehow messed with your equipment. Obviously no one is using anything, everything must be available! They could have done anything from disconnect a cable to outright taking everything over for their own pet curiosity project -- all non-priority, of course. Total break of configuration to say the least, to speak nothing of potential safety issues to people or equipment.

I have had multiple people ignore multiple "test in progress", "do not touch" signs and indicators multiple times for [honestly] no good reason, LO-TO or not. If I had the authority to ban them from the area unless escorted I would have.

High priority emergency? Yes boss, I'll wait to finish or redo from scratch whatever I was doing for you. But if you're low on battery and want more Stardew Valley? You can wait or go somewhere else.


That was the subject of a monthly bulletin once. Reading between the lines, somebody didn't have a job the next day.

When I started at the Lawrence Journal-World (the company who Open Sourced Django) I was forced to watch a really old cheesy video about Lock-Out Tag-Out which at the seemed stupid for a web developer. Then I was walked to the office past some of the biggest machines I’d ever been near to that point in my life. Then I got it.

It definitely saved a few peoples limbs at that company alone.

In software development the closest equivalent I can think of would be locking files in older version control systems like SVN.

I started up a piece of industrial equipment that some one was working on just out of site. He didn't lock it out or even disconnect the power at the switch right next to him. He screamed at me when his arm almost got ripped off. It's an amazing mix of terror for having almost hurt someone and rage at that same person for putting you in that position.

This is unofficially gaining a 3rd step: "Try out". Sometimes people fail to properly lock and tag, and it's usually worth physically testing that the equipment is actually disabled before someone is injured or killed due to incorrect locking / tagging.

EDIT: This is obviously mentioned in the article! Mea culpa ;-)

Hey, it definitely won't kill anyone to reiterate it.

Ex oil and gas health, safety, and environmental advisor, turned software engineer. This was a critical turning point for safety in almost every industry. Here's an unfortunate, but memorable example of its real-world importance: https://www.theguardian.com/us-news/2015/aug/12/bumble-bee-f...

#edit: Oxford comma ocd

Side note: The most secure locks that Master makes (in regards to being pick resistant) are their LOTO padlocks, and they are usually about $10. Most of their other consumer locks are pretty easy to bypass with basic picks, but get marketed as being the "best" in security and cost a lot more.

In my experience this is not true. Some LO/TO locks even have plastic shackles and bodies (for the obvious electrical work). They’re not supposed to be pick proof and super secure—they’re a visual and physical reminder that the system is secured for worker safety. If a lock needs to be removed by someone other than the lock owner there is an OSHA process to remove out that involves cutting and discarding that particular lock.

I recommend watching LockPickingLawyer's video on the lock the parent comment is talking about: https://youtu.be/y4XGY0_cwcM. Master used a very pick resistant core for their LOTO locks but skimped out on the higher priced general-use models.

That is baffling as he says in the video! I’ve never seen anyone on any worksite I’ve been on trying to pick a LO/TO lock, so I just assumed the cores were just as insubstantial.

I suspect it is very deliberate.

Their normal cores are so shitty that there is a reasonable chance that the wrong key will work to open the lock, especially if somebody is trying to open it quickly.

With LOTO locks, Bob could die if Alice's key works on Bob's lock. (e.g. both on working on equipment powered by different circuit breaks, and Alice confuses the breakers, and removes the lock from BOB's breaker, because her key happened to work on it).

A few reports of that happening, and their LOTO locks could be banned from many worksites due to unions rightfully insisting on it.

So it actually is worth having better cores to ensure only the correct keys will work.

Yes, lock pickers love to work on LOTO locks because of this; you can see a lot of these videos by searching YouTube for #LotoLockTuesday

That is ironic since security isn't even the real point of the locks - just providing enough resistance that it can't be done unconsciously and any "accident" is beyond negligence if they were locked out and it was meddled with.

Actually, I suspect it is very deliberate.

For normal master lock key padlocks, it is not a big deal if it accidentally unlocks with somebody else's key.

Their normal cores are shitty enough that even a regular key has a reasonable chance of acting like a bump key, so if you insert the wrong key quickly and turn, it might just open.

With LOTO locks, Bob could die if Alice's key works on Bob's lock. (e.g. both on working on equipment powered by different circuit breaks, and Alice confuses the breakers, and removes the lock from BOB's breaker, because her key happened to work on it).

A few reports of that happening, and their LOTO locks could be banned from many worksites due to unions insisting on it.

Now to be clear, the master LOTO locks offer basically zero physical security, since they can be very easily destroyed or bypassed. But to my knowledge, no master branded lock offers any real security, so that is hardly surprising.


Pretty recent death caused partially by not following this procedure.

Too lazy to include a link, but I believe when work is done on electrified train rails, they attach a huge bar across the power rails to short them. If they're inadvertently powered, breakers elsewhere trip. (Or, worst case, the bar melts?)

I'm not sure how this works for electrified rails (i.e. a third-rail that provides power to the engines), however for a standard rail line (i.e. just 2 tracks, with either an overhead providing electricity, or diesel engines) is used as a method of safety using the track signalling.

Specifically, in many rail signalling network systems, a signal will turn red when it detects a short between the two rails in its section (i.e. an axle rolls into it). It will then turn back green when that short disappears. Workers can therefore clip something between both rails, which triggers the signal relay and makes the signal light green.

This is absolutely not isolation & lockout though, because it doesn't actually remove the energy source. That's not to say it's not a valuable process though, but an isolation & lockout for this sort of circumstance either involves locking the track switches to direct traffic away from the worksite, or installing a derailer [1] on the track that phyiscally throws the train off the rail into the dirt so it stops well clear of the work site.

The above obviously doesn't work if you're working on a running system, though (which does happen, occasionally). In that instance, the track clip lets trains stop at the red light, radio to the worksite, have the worksite clear, then remove the clip, let the train through, then resume work. It's different levels of safety for different perceived risks.

[1]: https://en.wikipedia.org/wiki/Derail

Track circuit operating clips are used for the system you're talking about, they're just a pretty simple arrangement of giant spring clips with a deliberately short lead between them, workers are trained to apply the clips starting with the side away from the third rail, the lead is too short to make it possible to connect the third rail to the running rail if you've done it this way.

The big metal bar is different, as the poster explained it will short the (supposedly dead) power circuit in a third rail system, taking several hundred volts at quite a lot of amps until the short is detected, hence it can't just be a couple of metal clips and a cheap cable like TCOC. If some idiot re-enables power to the circuit or a fault elsewhere re-energises it despite it notionally being switched off, the bar will turn that into a full short and everybody will know there's a problem, although I'm not sure that would save anybody who happens to actually be touching the now surprisingly live rail at the time it's energised.

On overhead systems there is similarly an arrangement where a worker - after confirming that the power is supposedly dead - ensures this is true by physically grounding it. Again it's a failsafe.

They also make LOTO derails to keep the train from running you down: https://www.yesterdaystractors.com/cvphotos/cvphoto33914.jpg

John Ward recently did a video on various lockout-tagout devices for electrical systems: https://youtu.be/3fMueAINzcI

I've spent many career years in sysadmin / process automation for manufacturing companies, and LOTO is one of many pieces of proper procedure and process that really impresses me about that industry. I worked at a big steel recycling plant, and the zero tolerance effort put toward safety and generally ensuring that this type of stuff was upheld was impressive. Not locking out a machine, or forgetting your lock on a machine was a fireable offense with like, one warning I think. You certainly didn't want to be the guy who was working on a machine that morning, and left your lock on it when you went home while someone else was working on it. They'd call you and get you out of bed real quick if it meant the machine couldn't start up because your lock is on there and you weren't accounted for.

SRE's and operations people can pick up good habits from manufacturing gigs. A lot of the same concepts like uptime, good documentation, procedure, discipline are really important to the business at all levels. When lives are at risk good companies put a large sum of time and money in making sure everyone is on the same page.

Any software patterns comparable to this?

(Would help to have a use-case example. And how the pattern helped Vs. what was being done before)

Database operations. ACID compliance. Could also be safety critical to keep your state stateful.

Here's one: https://www.reddit.com/r/announcements/comments/4y0m56/why_r...

Failure to isolate (lock-out) puppet from switching things back on during a migration.

"Lock" as in mutex? Although those don't come with a tag, which could be very handy when debugging.

Depending on the system, I think you can find out who owns the lock.

Locking files in SVN so other people can't edit them until you've unlocked it again.

I've never seen it used, and the only references I can think of was where it was just annoying, if not a risk (someone locking a file then leaving over the weekend or the company entirely).

I've seen it used in games. Often serialised assets won't be text diff friendly. Two people editing the same data will conflict and it won't be possible to merge the result. The solution is only one person checks out the file at a time.

I'm a mech engineer working with heavy machinery, and isolation & lockout rules everything around me. It's probably the most important method of implementing safeworking at an operational level [1]. I was responsible for rolling it out at the first site at my company, implementing the process and documentation, and then seeding it across to other sites.

There's a concept called the hierarchy of hazard control [2]. At the top is eliminating the hazard - just removing it completely. It goes down through substitution, engineering controls, admin controls and then protective equipment is right at the bottom as the least effective method of protection. I&L aims to address the hazards right at the top by eliminating them, which is by far the most effective means of ensuring safety.

It does this by following a process: First, isolate the energy source. Secondly, lock that isolation out so it cannot be reactivated. Third, test for dead by showing that a) the isolation cannot be removed, and b) that there is no residual energy source remaining.

For example, an electrical isolation point might be a switch, which when thrown firstly breaks the circuit, but then also drains out any capacitors or other residual energy storage. The isolating person throws the switch, locks it out, tries to throw the switch back against the lock to show it's secure, then tests the system for dead by trying to power it up or by testing terminals for a voltage to prove that the energy sources have been drained. Once that's all done, they'll then complete the rest of the process and let others lock on to the system.

When someone locks on to an isolated system, there should be sufficient documentation and indication to show that the system is isolated and safe. It might mean that if a mechanical latch is rotated to the 'safe' position, there's a sign that rotates into view from the isolation point so the protected person who is locking on to the isolation can see it, whereas when it's not locked out they cannot. The protected person can in theory go and test the lockout to ensure it's in place, but usually (where I'm at) it's controlled by a dual sign-off process when the above can't be achieved. Then the protected person throws their lock on the isolation point, and that ensures that none of the isolations can be released until they remove their lock. Critically, those who place the isolation are generally a controlled set of people who are trained more highly than the protected person level who just has to know how to verify isolations are in place and then lock on. In general, the people working on the isolated system don't place their own isolations unless it's a simple system/process.

The whole process essentially provides a method of accounting for every person working on a system, and letting them be confident that it can't be powered up whilst working on it. It's not supposed to be secure locks. Mine, for example, have plastic casings, and ones designed for electrical work have a plastic bolt which I could probably easily remove with a bit of percussive persuasion. However, you also realistically generally can't stop a malicious person bypassing those safety measures, e.g. by wiring around a circuit-breaker or by undoing some bolts to remove a latch. So it's not intended to stop malicious parties, but it prevents the vastly more frequent case of were someone starts a machine when someone else is working in it.

It gets far more complex than all that too, for example covering how you pass secure isolations between shifts, or how you chain together layers of an isolated system to a single isolation point, but the above should hopefully provide some insight into why this stuff exists and why it takes the form it does.

[1]: I would consider the concept of 'safety in design' higher overall because that's about removing the hazard from existing at the design stage, but once it exists then I&L is generally the gold standard for dealing with it.

[2]: https://en.wikipedia.org/wiki/Hierarchy_of_hazard_controls

This is a large part of my job because all equipment must be locked out before it is serviced.

Can we talk about how bad that lockout hasp graphic is? It looks like a drunk person broke the last crayon drawing it and just decided to have Inkscape run a trace on what they had.

I noticed that too. It's like bad, stylized clip-art. They even have an image of a real one further down the article.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact