from Hacker News

Lockout-Tagout

by restlessdesign on 11/20/19, 2:14 AM with 111 comments

• by taneq on 11/20/19, 3:18 AM

  After working in mining for a long while, where this kind of isolation procedure is standard and is taken very seriously (pretty much any breach of procedure is an instantly firable offense) it's terrifying coming back home and seeing people working on house wiring etc. with nothing more than a turned-off circuit breaker protecting them from electrocution or other injury. I've seen some trades start to pick up isolation procedures but they're generally still far behind industry best practices.

• by RandomBacon on 11/20/19, 3:33 AM

  Always verify the equipment you are working on is still physically LO-TO. I heard a story about one person who LO-TO a breaker on Friday, and Monday it had power when he went to work on it. The guy went to check the breaker, and the breaker was sitting on the ground with the lock still attached, and a new breaker in its place.

• by frankwiles on 11/20/19, 2:58 AM

  When I started at the Lawrence Journal-World (the company who Open Sourced Django) I was forced to watch a really old cheesy video about Lock-Out Tag-Out which at the seemed stupid for a web developer. Then I was walked to the office past some of the biggest machines I’d ever been near to that point in my life. Then I got it.

  It definitely saved a few peoples limbs at that company alone.

• by beart on 11/20/19, 3:12 AM

  I started up a piece of industrial equipment that some one was working on just out of site. He didn't lock it out or even disconnect the power at the switch right next to him. He screamed at me when his arm almost got ripped off. It's an amazing mix of terror for having almost hurt someone and rage at that same person for putting you in that position.

• by Intermernet on 11/20/19, 2:51 AM

  This is unofficially gaining a 3rd step: "Try out". Sometimes people fail to properly lock and tag, and it's usually worth physically testing that the equipment is actually disabled before someone is injured or killed due to incorrect locking / tagging.

  EDIT: This is obviously mentioned in the article! Mea culpa ;-)

• by zwilson on 11/20/19, 3:41 AM

  Ex oil and gas health, safety, and environmental advisor, turned software engineer. This was a critical turning point for safety in almost every industry. Here's an unfortunate, but memorable example of its real-world importance: https://www.theguardian.com/us-news/2015/aug/12/bumble-bee-f...

  #edit: Oxford comma ocd

• by geekamongus on 11/20/19, 2:59 AM

  Side note: The most secure locks that Master makes (in regards to being pick resistant) are their LOTO padlocks, and they are usually about $10. Most of their other consumer locks are pretty easy to bypass with basic picks, but get marketed as being the "best" in security and cost a lot more.

• by asperous on 11/20/19, 2:32 AM

  https://www.oregonlive.com/silicon-forest/2018/10/intel_sued...

  Pretty recent death caused partially by not following this procedure.

• by downerending on 11/20/19, 3:29 AM

  Too lazy to include a link, but I believe when work is done on electrified train rails, they attach a huge bar across the power rails to short them. If they're inadvertently powered, breakers elsewhere trip. (Or, worst case, the bar melts?)

• by zxcvgm on 11/20/19, 2:35 AM

  John Ward recently did a video on various lockout-tagout devices for electrical systems: https://youtu.be/3fMueAINzcI

• by alsysadmin on 11/20/19, 8:37 PM

  I've spent many career years in sysadmin / process automation for manufacturing companies, and LOTO is one of many pieces of proper procedure and process that really impresses me about that industry. I worked at a big steel recycling plant, and the zero tolerance effort put toward safety and generally ensuring that this type of stuff was upheld was impressive. Not locking out a machine, or forgetting your lock on a machine was a fireable offense with like, one warning I think. You certainly didn't want to be the guy who was working on a machine that morning, and left your lock on it when you went home while someone else was working on it. They'd call you and get you out of bed real quick if it meant the machine couldn't start up because your lock is on there and you weren't accounted for.

  SRE's and operations people can pick up good habits from manufacturing gigs. A lot of the same concepts like uptime, good documentation, procedure, discipline are really important to the business at all levels. When lives are at risk good companies put a large sum of time and money in making sure everyone is on the same page.

• by symplee on 11/20/19, 6:36 AM

  Any software patterns comparable to this?

  (Would help to have a use-case example. And how the pattern helped Vs. what was being done before)

• by NamTaf on 11/20/19, 3:50 AM

  I'm a mech engineer working with heavy machinery, and isolation & lockout rules everything around me. It's probably the most important method of implementing safeworking at an operational level [1]. I was responsible for rolling it out at the first site at my company, implementing the process and documentation, and then seeding it across to other sites.

  There's a concept called the hierarchy of hazard control [2]. At the top is eliminating the hazard - just removing it completely. It goes down through substitution, engineering controls, admin controls and then protective equipment is right at the bottom as the least effective method of protection. I&L aims to address the hazards right at the top by eliminating them, which is by far the most effective means of ensuring safety.

  It does this by following a process: First, isolate the energy source. Secondly, lock that isolation out so it cannot be reactivated. Third, test for dead by showing that a) the isolation cannot be removed, and b) that there is no residual energy source remaining.

  For example, an electrical isolation point might be a switch, which when thrown firstly breaks the circuit, but then also drains out any capacitors or other residual energy storage. The isolating person throws the switch, locks it out, tries to throw the switch back against the lock to show it's secure, then tests the system for dead by trying to power it up or by testing terminals for a voltage to prove that the energy sources have been drained. Once that's all done, they'll then complete the rest of the process and let others lock on to the system.

  When someone locks on to an isolated system, there should be sufficient documentation and indication to show that the system is isolated and safe. It might mean that if a mechanical latch is rotated to the 'safe' position, there's a sign that rotates into view from the isolation point so the protected person who is locking on to the isolation can see it, whereas when it's not locked out they cannot. The protected person can in theory go and test the lockout to ensure it's in place, but usually (where I'm at) it's controlled by a dual sign-off process when the above can't be achieved. Then the protected person throws their lock on the isolation point, and that ensures that none of the isolations can be released until they remove their lock. Critically, those who place the isolation are generally a controlled set of people who are trained more highly than the protected person level who just has to know how to verify isolations are in place and then lock on. In general, the people working on the isolated system don't place their own isolations unless it's a simple system/process.

  The whole process essentially provides a method of accounting for every person working on a system, and letting them be confident that it can't be powered up whilst working on it. It's not supposed to be secure locks. Mine, for example, have plastic casings, and ones designed for electrical work have a plastic bolt which I could probably easily remove with a bit of percussive persuasion. However, you also realistically generally can't stop a malicious person bypassing those safety measures, e.g. by wiring around a circuit-breaker or by undoing some bolts to remove a latch. So it's not intended to stop malicious parties, but it prevents the vastly more frequent case of were someone starts a machine when someone else is working in it.

  It gets far more complex than all that too, for example covering how you pass secure isolations between shifts, or how you chain together layers of an isolated system to a single isolation point, but the above should hopefully provide some insight into why this stuff exists and why it takes the form it does.

  [1]: I would consider the concept of 'safety in design' higher overall because that's about removing the hazard from existing at the design stage, but once it exists then I&L is generally the gold standard for dealing with it.

  [2]: https://en.wikipedia.org/wiki/Hierarchy_of_hazard_controls

• by swixmix on 11/20/19, 3:50 AM

  https://www.osha.gov/laws-regs/regulations/standardnumber/19...

• by sunkenvicar on 11/20/19, 2:28 AM

  This is a large part of my job because all equipment must be locked out before it is serviced.

• by Igelau on 11/20/19, 4:57 AM

  Can we talk about how bad that lockout hasp graphic is? It looks like a drunk person broke the last crayon drawing it and just decided to have Inkscape run a trace on what they had.