CE
Compliance Engineering
search
Join Our Discussions
Find Suppliers Useful Links
calendar
Click here for information on advertisers and products!
About CE-Mag
Free Subscriptions
Current Issue
Article Archives
ESD Help
Mr. Static
Web Gallery
Staff Info
Contact us

 

 

 

feature article

Integrating Safety Measures into the Design Control Program

James F. Wright and Mollie A. Foster

Companies that design for safety early can cut compliance costs considerably.

Reactionary product-safety design is an unfortunate part of the product design cycle used by many companies. All too often, consideration is given to product safety only after equipment is designed and built, bringing about the need for a redesign that has direct costs in engineering time, materials, and manufacturing, contributes to missed deadlines, and slows time to market. Weeks or months spent retrofitting and retesting may mean a company loses its competitive advantage, or worse—loses its customers to another company that can better service their needs or meet their timeline.

So how do you break the chain of design, test, redesign, and retest? Companies that integrate a design-for-safety philosophy into all phases of product development can effectively minimize or eliminate the time and resources wasted in this cycle. This can be done in any size firm, large or small. While the resources involved may change from company to company and the timing may differ from one firm to the next, the process elements are the same.

This article will discuss how to get started—from assessing resources to developing a product-safety team—and provide a closer look at one company's program in practice.

Starting an Integrated Product-Safety Program

Compliance and regulatory marketplace expectations are sometimes seen as hoops through which a manufacturer must jump to satisfy its customers. These hurdles vary from industry to industry and, at times, from customer to customer. Knowing how to negotiate these hurdles begins with understanding several factors that influence the compliance and regulatory profile for a product or industry.

First, there are the regulatory or jurisdictional requirements of the marketplace put in place by local or federal government agencies. These requirements are for the sale of a type of product in a given state, country, or region. In Europe, for example, such directives as EMC Directive 89/336/EEC, Low Voltage Directive 73/23/EEC, and Machinery Directive 89/392/ EEC define the legal requirements for importation into EC countries.

Legal and liability requirements also influence product design. Companies attempt to minimize their own risks by knowing the intended use and the possible misuse of a given product. Having a risk manager in place, for example, means that someone is looking out for a company's liability. The type of hazard analysis carried out varies depending on the type of product being developed.

Lastly, manufacturers may develop their own internal design guidelines based on experience with the type of product they produce. These internal guidelines are often shaped by risk-management teams or years of market-driven requirements and may be the foundation for a safety program.

Evaluating Internal Resources

 Once the regulatory objectives for a particular product have been defined and the requirements identified, it's time to assess a company's ability to meet those requirements and integrate a program. Is there someone, or a group of people, who understand all of the factors involved? Are there in-house safety professionals that can drive the design of the equipment to comply with the relevant requirements? If the answer to these questions is no, manufacturers can turn in several directions for help.

 Training can bring internal personnel and engineering teams up to speed with design-safety requirements. Seminars offered publicly are an option, as well as bringing experts in-house to train electrical, mechanical, and process-related engineering personnel. Alternatively, a manufacturer can hire safety professionals either to augment their internal efforts or, in the case of a small company with fewer resources, to spearhead an entire product-safety program. Consultants and other professionals can also be brought in to supplement internal expertise.

Also critical to the success of a product-safety program is getting management to support the program and to make difficult decisions, like giving a group license to hold back a product if it is not ready for release. This can make or break a program. Without this support from management, the efforts of personnel responsible for the product-safety program will be thwarted when the first conflicts over cost, time to market, and safety arise.

How the safety function is aligned within the company will affect safety personnel's effectiveness in leading the design-for-compliance effort. The safety function, which can be one person or several people, not only handles product-design input, but may also be responsible for addressing safety-related issues that arise in the field, performing safety postmortem evaluations after an event occurs, and even carrying out site-safety assessments in some cases. To be most effective this unit should be independent from influences that could bypass or sidestep it. Safety is as important as quality within a company and must be viewed as such.

Integrating a Safety Program

A successful safety program is integrated at all stages of product development. It begins with involving product-safety personnel in engineering planning and feasibility meetings, ensuring that safety principles are considered. Product-safety personnel should also be involved as the product development team goes through needs assessment, internal hazards analysis, and design reviews. This involvement helps to ensure that the product's progression from concept to alpha and beta releases prevents the costly wasting of resources at compliance time.

The following is a simplified look at one company's integrated product-safety program and the resultant benefits.

A Product-Safety Program at Work

Novellus Systems Inc. (San Jose) has implemented a successful, integrated product-safety program. In less than four years, the semiconductor equipment manufacturer has taken its once reactionary development program and made it a model program, one that integrates safety at all aspects of equipment development.

The product-safety program at Novellus Systems is a quality-driven, consistent approach based on a documented ISO 9001 process for new-equipment design and design modifications to existing equipment, custom products, and design improvement. Immediate and long-term results of this design-for-safety process have included

  • Faster time to market.
  • Improved product liability attained by designing for safety, making both the company's workers and its customers safer from the start.
  • Optimized system design for conformance with all applicable requirements.
  • Customer satisfaction.
  • Accommodation of budgetary commitments.

Design Team Development

The successful introduction of any new product depends upon the cooperative efforts of numerous departments, cross-functional teams, and individual contributors. Comprehensive plans, clear communication, and accurate documentation are required to effect the best possible design and efficient manufacture of safe, quality products.

At Novellus Systems, an internal product-development guideline outlines the development and introduction of new products and processes, including joint-development programs with strategic partners and major continuous improvement program (CIP) activities. The guideline applies across all corporate and business-unit departments, and it describes the necessary steps for development, release, manufacture, installation, and continuing support of the company's products. The product-safety program is integrated in all stages of the process.

For a given product or product family, a program manager is appointed and chartered with the responsibility of ensuring the safety program's success. The guideline specifies the content and output required at each process phase, ensuring that goals, market needs, and schedules, as well as quality system, environmental, and product-safety issues, are addressed throughout the project.

Product managers for new and released products have made the company's system-safety department—a watchdog that, in part, spots potential problems product managers might inadvertently miss—responsible for defining and implementing the product-safety program. The system-safety staff implements each product-safety task and has approval authority over each process phase. This authority, together with the engineering product team review, ensures the identification, and more importantly the resolution, of each hazard in accordance with the engineering order of precedence and system compliance with stated requirements and regulations.

It should be noted that the system-safety staff does not report to the product managers. This relationship ensures the objectivity of the system-safety staff by allowing the performance of safety analyses and design and safety problem resolution to be independent of direct control from the product team. Each product-development team and released product groups function together with the system-safety staff to form a cross-functional team. These cross-functional teams include professionals from related disciplines, such as field and maintenance engineering, reliability, facilities, manufacturing, technical publications, purchasing, supplier quality, and other product groups. The system-safety staff is located in a central location to ensure day-to-day communication of design issues as they occur. The Novellus Intranet and design guidelines also allow individual access to design requirements and rationales, and ensure tool designs will meet the industry guidelines and jurisdictional regulations.

The Product-Safety Program Approach

Novellus Systems approaches product safety from an engineering standpoint, applying various scientific and engineering principles methodically to achieve an acceptable level of protection from hazards to personnel, equipment, and the environment. Hazards are identified and risks are minimized beginning at concept and early design meetings and continuing throughout the design, manufacture, test, and release phases. The interactive and integrated safety approach is shown in Figure 1. The results of each action are compared against previous actions or retained for future reference. By reviewing the information compiled and updated over the course of the program, a closed-loop system of identification, analysis, correction and validation, and documentation is established. The integrated approach is broken down into the following five steps.

 
Figure 1. Novellus System's product-safety approach.

 

Product scope and requirements definition. During this phase, the technical and business strengths and weaknesses of the new product idea are evaluated. Feasibility studies are carried out to determine if the product is technically viable and marketable. The system-safety staff identifies, investigates, and reports on specific areas to identify high-risk or establish special safety requirements or procedures. Hazardous gases, high temperatures, or reactive processes, such as the inadvertent mixing of chemicals that could cause an explosion, are examples of potential high-risk criteria that should be considered.

A basic review of safety requirements for equipment under design, equipment already in the field, or components to a given piece of equipment includes

  • Adopted industry consensus guidelines like SEMI or ANSI documents.
  • Regulatory directives and requirements like OSHA, Uniform Fire Code, and Uniform Building Code.
  • Customer internal requirements, as outlined on the procurement specification.
  • Requirements derived from hazard analyses or those pertinent to state-of-the-art technology.
  • Supplier quality control.

Supplier requirements are established consistent with the requirements of Novellus's overall product-safety program. Novellus's requirements for product-safety compliance are defined in purchase orders and design specification documents to ensure consistency with a standard compliance profile and any requirements specific to a given product. The system-safety staff may also attend the supplier's equipment design reviews where safety factors are relevant or where such involvement will clarify design approaches and enhance system safety aspects of product development. For example, the Novellus product-safety staff may facilitate a supplier through a third party.

Comparison of requirements. System requirements and design implementation are compared against the relevant safety requirements in this step. The knowledge gained is combined with an understanding of specific customer and derived requirements. In this way the basis for the compliance requirements against which the equipment will be judged is formed.

Since many regulatory and consensus standards and guidelines do not keep up with the state of the art in technology and manufacturing, the aid of a system-safety professional is critical for interpreting and applying requirements. System-safety analyses and assessments provide the basis for the application of existing safety criteria or the derivation of new requirements. These are often identified during the early design phases using brainstorming sessions. This early detection facilitates better understanding of the evolving product design. The application and interpretation of safety requirements, standards, or principles to product design then requires knowledge of the product or system, knowledge of the principles of the system-safety discipline, and understanding the intent of the consensus or regulatory requirements. Together they help to establish a process that will lead to a safe equipment design.

Design implementation and analysis. In this step, the product design team's implementation of system safety is reviewed by the system-safety staff and analyzed for compliance with specifications and safety standards. In the prototype phase, a fully functional unit is fabricated and tested. This prototype is designed to meet all specifications and criteria for alpha release and must operate under total software control. Review drawings, memos, supplier analyses, and manuals are augmented by the system-safety staff during cross-functional team meetings, design reviews and checkpoints, and interviews with suppliers and Novellus design engineers. Hazards and corresponding potential mishaps are also identified and, where not totally controllable by design action, are resolved at the highest feasible order of precedence. Data obtained as the design matures form the basis for derived system-safety requirements, which are the culmination of continuing hazard analyses. For the preliminary and system technical hazard analyses, the hardware and software detailed system designs are analyzed and compared with previous safety analyses. This technical analysis can be quantitative as well as qualitative. Risks and the means to mitigate them can also be derived from the analytical results of other disciplines, such as FMEA or ergonomic assessments. Such analysis facilitates the collection of potential hazards identified from any source into a closed-loop analysis and tracking system. Potential hazards remain open or unresolved safety issues until an acceptable resolution is established and implemented by incorporating design criteria or operational constraints into the appropriate controlling documents.

The safety analysis techniques and methods of documentation that are chosen, such as qualitative hazard or fault-tree analysis, help to provide the following to the overall product-safety evaluation:

  • Systematic and thorough analyses of potential hazards.
  • Identification, assessment, and proper handling of credible hazards.
  • Permanent recording of hazard and risk data with a compliance database.
  • Quick reference of systems safety/ergonomic–critical areas.
  • Identification of additional derived requirements.
  • *Point of reference for third-party evaluations.

These analyses are documented on the company's internal hazard analysis worksheets and updated as the design matures. They are also shared with the engineering team. During later stages of design, these hazard analyses are provided to the contracted third-party evaluator and to the customer as required.

Document review and verification. During the development and manufacturing pilot phases, several additional units may be built for process and reliability testing. Hardware and software designs are refined. All manufacturing documentation is released for production under an engineering change order (ECO). Some units are shipped to and installed at beta test sites. Assessment of the equipment against regulatory, customer, and derived requirements must be completed by the end of this product development phase. The company's goal is for equipment to comply with all of these requirements at this stage in equipment development.

The system-safety staff participates in formal product design or checkpoint reviews and informal reviews, such as weekly cross-functional team meetings. This is to ensure that safety factors are properly considered and that the developing design is in consonance with the product-safety criteria. The system-safety staff may use checklists and hazard-analysis practices to audit the particular product design, as well as general safety-engineering adequacy as a means for review. The primary objectives of the design reviews are to assess

  • Compliance with system-safety design requirements, including regulatory, customer, and derived.
  • Achievement of system-safety design and procedural objectives.
  • Adequate identification of potential safety hazards and their proper resolution.
  • Engineering decisions, changes, and trade-offs relating to system-safety engineering requirements.
  • Design documentation for compliance with identified system-safety engineering requirements.
  • Design safety or procedural problems that could affect personnel or the environment.
  • Supplier product-safety engineering activities.
  • Status of previously approved design review actions.

Audits, customer acceptance, and maintained compliance. In the semiconductor industry, third-party product evaluators are required to review the new product or modification for concurrence with design safety and related procedures. Once discrepancies are resolved, the third-party evaluators are contracted again to audit the implemented corrections to satisfy compliance requirements. The third-party evaluation process for Novellus (Table I) is a participatory partnership involving individual contributors from several engineering disciplines on both the company and third-party-evaluator sides. Final system approval is customer acceptance from source inspection through the review stage of the final compliance documentation.

Process Steps Novellus Systems Third-Party Evaluator
1. Tool design Internal hazards analysis
Internal safety review
Corrective actions 		Preliminary assessment
Hazard-analysis report
2. Planning process Define scope
Define schedule
Provide key information 		Prepare comprehensive proposal
Schedule third-party resources
3. On-site evaluation process Tool access
Engineering availability
Manuals and schematics
System design information 		Line-by-line evaluation
Testing (e.g., electrical/IH)
Single-fault failure analysis
4. Draft report process Provide additional information upon request
Report review/alignment 		Prepare final report draft
Quality control process
Electronic copy
Report feedback/alignment
5. System design change to meet requirements Review issues from DFR
Implement design, labeling, documentation, and changes 		Review responses
In-house and on-site counseling
6. Reinspection process Tool access
Engineering availability
Updated manuals/schematics
Modified design information 		Reinspect product for changes
Document changes in report
7. Final report process Provide outstanding information prior to "drop dead" deadline to meet final report schedule Prepare final report documenting full conformance

Table I. Novellus's third-party evaluation process.


ECOs and custom designs are evaluated on a case-by-case basis to determine the associated hazards, assess the associated risk, and predict the impact the ECO will have on the safety of the existing system. The initiating engineer completes an initial checklist of the change. As a cross-check, the
system-safety staff reviews the weekly lists of modifications, participates as a member of the change control and specials board, and discusses planned modifications with engineers and customers to better design safety features into the pending modification. At periodic system-safety working group (SSWG) meetings, the company presents results from internal hazard analyses to the third-party evaluators for their review. Any discrepancies identified at this stage must be resolved. Further testing may or may not be needed.

If technical safety issues are discovered after new products are released, the corresponding control measures are communicated effectively to the company's field-service representatives and customers. In the case of a serious incident, the system-safety manager is notified within 24 hours. The system-safety staff coordinates documentation of the relevant safeguard with the company's customer satisfaction department to ensure technical alerts are generated in a timely manner with information on

  • The nature of either a potential hazard or a hazardous incident.
  • The corrective actions required.
  • The points of contact for further information.

The system-safety staff is also responsible for staying current regarding the training of field engineering personnel and for making revisions to procedures and manuals, which helps ensure product safety and the use of appropriate cautions, warnings, and procedures. The system-safety staff develops the appropriate product-safety engineering requirements for input based on system requirements product-safety criteria developed from the checklists and evaluations of the tool.

Finally, lessons learned from fielded systems or from Novellus facilities and site environmental health and safety (EHS) provide a closed-loop back to the engineering design process.

Conclusion

The benefits of integrating a process where product-safety techniques are integrated with and beneficial to the development of equipment are real and achievable for almost any manufacturer. The small manufacturer may feel that the resources needed to implement such a program are out of reach, but this is far from the truth.

A product-safety program, like the Novellus program profiled here, can be implemented in stages, with almost any portion being integrated independently. As shown in Figure 2, Novellus Systems has reduced its compliance costs by roughly 50% in just the last three years by implementing the design-for-safety process.

Figure 2. reductions in EHS costs during tool development at Novellus that resulted from the implementation of a design-for-safety program.

The company achieved this by first committing to product safety through design. The system-safety department had, among the other necessary ingredients for a successful program, support from management. By becoming a forward-looking organization, the company was able to focus its resources where they could be used most efficiently—up front in the design phase. The decrease in product-development time also helped to cut compliance costs. The key is committing to the notion of an integrated, forward-looking product-safety program. Once the commitment is there, a product-safety program has a chance to make a difference.

James F. Wright is general manager for Global Semiconductor Safety Services (GS3; Menlo Park, CA). Mollie A. Foster is product safety manager for Novellus Systems (San Jose, CA).

Back to January/February Table of Contents