Hacker News new | past | comments | ask | show | jobs | submit login

I'm a mech engineer working with heavy machinery, and isolation & lockout rules everything around me. It's probably the most important method of implementing safeworking at an operational level [1]. I was responsible for rolling it out at the first site at my company, implementing the process and documentation, and then seeding it across to other sites.

There's a concept called the hierarchy of hazard control [2]. At the top is eliminating the hazard - just removing it completely. It goes down through substitution, engineering controls, admin controls and then protective equipment is right at the bottom as the least effective method of protection. I&L aims to address the hazards right at the top by eliminating them, which is by far the most effective means of ensuring safety.

It does this by following a process: First, isolate the energy source. Secondly, lock that isolation out so it cannot be reactivated. Third, test for dead by showing that a) the isolation cannot be removed, and b) that there is no residual energy source remaining.

For example, an electrical isolation point might be a switch, which when thrown firstly breaks the circuit, but then also drains out any capacitors or other residual energy storage. The isolating person throws the switch, locks it out, tries to throw the switch back against the lock to show it's secure, then tests the system for dead by trying to power it up or by testing terminals for a voltage to prove that the energy sources have been drained. Once that's all done, they'll then complete the rest of the process and let others lock on to the system.

When someone locks on to an isolated system, there should be sufficient documentation and indication to show that the system is isolated and safe. It might mean that if a mechanical latch is rotated to the 'safe' position, there's a sign that rotates into view from the isolation point so the protected person who is locking on to the isolation can see it, whereas when it's not locked out they cannot. The protected person can in theory go and test the lockout to ensure it's in place, but usually (where I'm at) it's controlled by a dual sign-off process when the above can't be achieved. Then the protected person throws their lock on the isolation point, and that ensures that none of the isolations can be released until they remove their lock. Critically, those who place the isolation are generally a controlled set of people who are trained more highly than the protected person level who just has to know how to verify isolations are in place and then lock on. In general, the people working on the isolated system don't place their own isolations unless it's a simple system/process.

The whole process essentially provides a method of accounting for every person working on a system, and letting them be confident that it can't be powered up whilst working on it. It's not supposed to be secure locks. Mine, for example, have plastic casings, and ones designed for electrical work have a plastic bolt which I could probably easily remove with a bit of percussive persuasion. However, you also realistically generally can't stop a malicious person bypassing those safety measures, e.g. by wiring around a circuit-breaker or by undoing some bolts to remove a latch. So it's not intended to stop malicious parties, but it prevents the vastly more frequent case of were someone starts a machine when someone else is working in it.

It gets far more complex than all that too, for example covering how you pass secure isolations between shifts, or how you chain together layers of an isolated system to a single isolation point, but the above should hopefully provide some insight into why this stuff exists and why it takes the form it does.

[1]: I would consider the concept of 'safety in design' higher overall because that's about removing the hazard from existing at the design stage, but once it exists then I&L is generally the gold standard for dealing with it.

[2]: https://en.wikipedia.org/wiki/Hierarchy_of_hazard_controls

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact