Quebec regulation on occupational health and safety (RSST) states that maintenance technicians who service hazardous equipment must apply lockout/tagout (LOTO) procedures (cf. art. 188.2). This regulation sets forth safety precautions to follow before undertaking any maintenance activity, repair or unlocking operation involving such equipment. LOTO is defined as a preventive measure taken to avoid injuries caused by premature release of energy during installation, maintenance or repair of industrial machinery, equipment or process devices (D. 1187-2015, a. 3.). In other words, LOTO is a set of procedures and good practices intended to control all of the energy sources of a system during servicing. Only the person authorized to carry out the LOTO procedure on the system is authorized to remove the lock or tag. Inappropriate maintenance activities due to HE increases the total duration and intrinsic cost of servicing  and possibly the occupational health and safety risk.
According to Quebec standards, equity, health and work safety commission (CNESST) statistics for the year 2014, a work-related accident costs the life of a worker in Quebec approximately every six days (63 for the year). More than 80,000 accidents occur each year in the workplace. Machinery is involved in 10% - 15% of these. The injuries caused by machines are often severe, causing on average 20 fatalities, 295 amputations and 1125 permanent scars per year. The risk of accident generally increases throughout the machine lifecycle. Particular attention must be paid to risks associated with the production, adjustment and maintenance phases .
In September of 2015, the CNESST endorsed a draft proposing stricter occupational health and safety guidelines. The RSST includes now more specific regulations with regard to LOTO and hazardous energy control methods. These new regulations will spell out the duties of each actor and encourage workers and employers to stay mindful of health and safety in the workplace. Nevertheless, the use of LOTO in procedural form alone is an imperfect solution to the problem of accidents involving machinery . A mechanism is needed for monitoring and follow-up of LOTO procedures. Such a mechanism has been proposed .
2. Literature Review
Maintenance technicians frequently need to enter hazardous spaces near or even within machinery or processing equipment since these devices break down repeatedly during their lifespan. In recent decades, hundreds of workers have been victims of accidents or incidents while performing routine maintenance on machinery or repairing damaged equipment in manufacturing facilities  . The high level of risk inherent in machine maintenance has been confirmed repeatedly     . The Quebec health and safety work act (LSST (art. 51)) stipulates that among their obligations, employers are required 1) to ensure that employee working conditions are safe and not unhealthy, 2) to control health and safety risks associated with tasks, 3) to inform workers about these risks, and 4) to train workers to detect and avoid hazards. Furthermore, article 59 provides guidance and recommendations for eliminating risks at the source. On the other hand, workers must help to ensure occupational health and safety (art. 49). One of their principal duties in this respect is to comply with LOTO policies as set forth in occupational health and safety legislation. This is one way to avoid risks associated with equipment maintenance and repair . Researchers point out that the legislation in its current form is of limited effectiveness, its principal shortcomings including inadequate provisions regarding training, inappropriate use of tags or locks, process design weaknesses and others . In addition, many managers continue to regard LOTO as a time-consuming unproductive activity .
Recent studies show the numerous conditions that must be satisfied simultaneously for compliance with the recommendations of RSST regarding access to hazardous areas around machinery . This includes alternative access to these areas when LOTO cannot be carried out, for example detection and diagnosis of malfunctions requiring observation of the machine in operation. On the other hand, LOTO is not mandatory when the machine ON/OFF switch is close to and under the exclusive control of the operator. A machine must have only one energy source, and any residual energy remaining after switching the machine off represents a hazard and must be released safely before any examination. It is the duty of the employer to specify these procedures and to ensure compliance with them in accordance with the RSST, in other words to inform and properly educate all workers having access to the hazardous areas with regard to the applicable preventive measures (LSST (1979, c. 63, a. 50)). These measures must indicate procedures to follow when shifts change, when LOTO is forgotten or when more than one employer (e.g. subcontractors) will be present. The LOTO program must guide managers as well as workers, and should cover  1) what hazardous energy is, 2) what types of tools or devices are required for isolating or de-energizing hazardous devices, 3) who is responsible for the tasks, 4) the steps for turning on and off and de-energizing machinery, 5) what steps for locking/tagging the system to put in writing, 6) what training is required, 7) what aspects must be covered by audits. The implementation criteria of these occupational health and safety regulations are described in detail in Canadian standard CSA-Z460 2013―Control of hazardous energy―Lockout and other methods. However, it should be noted that a LOTO system is not an end in itself and must not be viewed as just a padlock . The system must be monitored after its implementation. The documentation and bill of material coding are as crucial as the LOTO mechanism. The documentation must contain the LOTO files and procedures. Software is needed for the audit management, as well as training and reporting. Whereas the success of a LOTO program lies in the quality of daily monitoring (i.e. of reports and audits) .
Venkatraman  has pondered the connection between safety and maintenance effectiveness. These questions have been of interest to manufacturers for decades and have led to significant progress in understanding of workplace safety . The CSA Z1000 standard indicates that a LOTO system must be integrated into occupational health and safety policies.
We have noted the existence of three categories of study in this subject area: 1) optimizing production planning and maintenance strategies     , 2) taking LOTO into account in maintenance activities   and 3) taking human factors and human error (HE) into account  . The number of studies in this third category is small.
In production scheduling, there is considerable leeway for varying the frequency of machine maintenance. A planner might prefer to stop a machine when its performance has dropped below some threshold or run it to breakdown. In the latter case, the machine may be repaired immediately, or repair may be deferred. Some authors have suggested that manufacturing system performance improves when maintenance task and production activities are scheduled at the same time . A policy based on a stochastic approach to planning production and preventive maintenance activities in an FMS had been developed more than a decade earlier . This strategy incorporated periodic maintenance with the increase in the likelihood of failure depending on machine age. Not long after, the optimality conditions of the hedging point policy were studied . It was thus shown that this policy is optimal when the failure rate does not depend on the production rate; the linearity of the breakdown rate function is sufficient to show that a hedging point policy is optimal. An extension of these models was then proposed, in which maintenance activity scheduling is based on inventory level . This was then expanded to production systems comprising several machines producing several parts  . The gains achieved under this policy are measurable in terms of downtime. The problem of planning production and preventive maintenance for a manufacturing operation involving several machines was then treated using analytical formalism combined with simulation and response surface methodology to develop an approximation of optimal control policies . These authors provide an illustration and sensitivity analysis to quantify production and preventive maintenance rates that minimize the production costs and the frequency of maintenance and repair.
Production and maintenance planning have been optimized in conjunction with LOTO policies based on consideration of two types of corrective maintenance (CM): 1) routine failure associated with machine age, in which the mean time between failures decreases with machine deterioration and no LOTO procedure is required, and 2) major failure, with a constant mean time between failures and LOTO is required for repair . In view of the effectiveness of such planning, the study was expanded to include the elimination of possibilities of circumventing LOTO . Considering lockout as a separate and integral machine state while performing maintenance activities is suggested as means of achieving this, and optimal planning for modern manufacturing systems subject to stochastic breakdowns is proposed. This raised the question of the existence of an optimal cost, taking into account reductions in the risk of accidents. Based on numerical illustration and sensitivity analysis, it has been shown that controlling LOTO rather than setting it at a fixed frequency offers more optimal planning . However, the complexity of the problem increases rapidly with the number of machines.
Nowadays, human factors, particularly HE and human reliability, are receiving much attention. In manufacturing settings, HE occurs at a significant rate during equipment maintenance activities  and is involved in most of the accidents or incidents that occur during maintenance activities in conjunction with LOTO. Although contributing to more than 25% of the breakdowns that process plant machines undergo during their lifespan, human factors are still not given sufficient consideration . HE or control failures are often behind undesirable events that happen due to unforeseen releases of hazardous energy . For example, most of the deviations (>80%) in quality and productivity in pharmaceutical production appear to be due to HE . Despite technological control of risks inherent in equipment, the probability of HE in machine maintenance remains high, as does production equipment downtime . The findings of more recent studies on the role of HE in risk analysis have been applied to pre-maintenance and post-maintenance procedures. These authors later estimated HE probabilities for several possible failure scenarios associated with the maintenance procedures for a pump . Using HEART (human error assessment and reduction technique, developed in 1988 by J.C. Williams to evaluate the probability of HE occurring while performing a particular task, a reliable technique used in safety analyses),  calculated acceptable levels of risk (based on the level of error recovery) beyond which actions should be taken through risk management strategies to raise the level of safety of the maintenance procedure. Other studies show that HE lengthens repair time and increases production costs, inventory costs and shortage as well as the risk of workplace accidents . An optimal policy has been defined to minimize production cost, emphasizing the impact of human on inventory shortage and system capacity . The authors examined occupational health and safety risk acceptability from eight perspectives: economic, personal, cultural, political, social, ethical, psychological, and risk characteristics. These parameters influence the acceptability mechanism and its pervasiveness in workplace safety.
Two approaches appear predominant in system failure research . The first focuses on humans (inattention, forgetfulness and so on) whereas the second focuses on the system (work conditions). Accidents happening to individuals are more recurrent and catastrophic compared to organizational accidents and have adverse side effects in terms of harm, loss of quality of life or of life itself . Studies show the typical limitations on human perception, cognition and physical performance . Factors such as fatigue and stress influence human performance to the point that no amount of effort can eradicate HE    . To deal adequately with this reality, Harris et al.  recommend keeping two specific goals in mind: 1) reducing HE by implementing a systematic approach and a design methodology focused on human operators, 2) quick identification and correction of sources of malfunction, on the assumption that human error will occur inevitably.
Many authors have militated in favor of flexible manufacturing systems and emphasized their importance in productivity and quality in many manufacturing industries  . Indeed, human intervention is less important in such systems compared to those based on conventional material handling. In the latter, the human operator is constantly involved in the transportation of materials between sites, whereas in a flexible manufacturing system, this function is supported fully, for example by automated guided vehicles and material handling systems. This subject has been reviewed . Human intervention is nevertheless required in flexible systems during start-up of operations, as well as in programming, repair activities or loading and unloading of materials and parts. There is a need to take into consideration the system/human mutual impact in terms of HE during these phases. These states lead to the concept of industry 4.0. Elsewhere, Bengtsson  warns about this concept very famous in the maintenance community nowadays. These authors show through a case study the necessity of taking basic maintenance concepts and management together. In the same idea, Salonen  noticed that on average, 40% of equipment failures are related to improper maintenance practices by human operators.
The purpose of this paper is to develop a production and CM plan with LOTO to improve the safety of a flexible manufacturing system consisting of a failure-prone machine meeting two types of demand. The main contribution of this study is a control strategy that facilitates the integration of LOTO into production and considers the impact of HE during maintenance. Optimal costs of shortage, inventory build-up and CM are identified over an unbounded planning horizon.
Notations and assumptions are presented in Section 3. The FMS under study is presented in Section 4. A numerical illustration is developed in Section 5. A discussion is provided in Section 6. Section 7 is devoted to the conclusion and proposal of future studies.
3. Notations and Assumptions
The notations used in this study are as follows:
The following assumptions are considered:
CM is performed with LOTO;
CM may be completed with HE;
Repairing time with HE is longer than it is without HE;
CM activities restore the system performance to a new one (as good as new).
4. Problem Statement
The subject of this paper is a decision-making problem in an FMS consisting of one failure-prone machine meeting two types of demand. Machine availability is enhanced through CM activities. The decision variables are the frequencies of machine repair with human error (WHE) or without human error (WOHE), which influence the system capacity and the inventory level. HE is considered as an inappropriate action that results in increased CM duration and costs . We are investigating the impact of HE that occurs during CM activities in conjunction with LOTO. We determine an optimal total cost associated with shortage, inventory and CM over an unbound planning horizon. Analytical modeling and numerical resolution approaches were used with discrete events simulation. DOE and a GA were then used to define the optimal plan. Figure 1 summarizes the methodological approach:
Many researchers     use in their studies the same approach based on analytical modeling and numerical resolution. To achieve this, they used assumptions that do not take into account phenomena such as the impact of human factors. In response to this situation, a sequential optimization approach combining a numerical method, simulation, experimental designs, genetic algorithm is promising for dealing with optimal control problems. GAs are simple and fast optimization methods for a global exploration and allow to obtain a solution in an interesting time.
Optimization based on simulation makes the resolution of optimal control problems simpler compared to conventional direct search techniques which are too demanding in computing time. Indeed, direct research requires many hypotheses for numerical resolution of control problems compared to simulation models. In addition, simulation techniques provide a detailed description of the dynamic behavior of the manufacturing system . Azadivar  recommends simulation as an optimization approach for choosing maintenance strategies. Indeed, in their work, they noticed that the results from the simulation experiment indicate the same forms of response surfaces as those derived from direct search optimization methods. However, the problem of these classical methods (direct search) are not often easy to solve and often involve many assumptions, because the performance of the system depends on the combination of quantitative variables and qualitative variables (choice of maintenance strategy). For more details on these aspects of performance, the reader is referred to reference . A combined approach, which is based on a combination of analytical formalism, simulation modelling, design of experiments and a genetic algorithm presents a more realistic model for industries.
Treating this task as a stochastic dynamic programming problem, we developed
Figure 1. Methodological approach.
a continuous-time Markov chain model integrating possibilities of HE during maintenance activities with mandatory LOTO by human operators over an unbounded planning horizon. Three variables characterize the system in any given state: the stock level , the stochastic process of machine states and the demand type . Raw material is always available (Figure 2).
The dynamics of such a system include continuous and discrete variables. The continuous variable represents the cumulative inventory/shortage vector, which can be positive (stock build-up) or negative (shortage). The dynamics of are presented by the differential equation below:
where: initial stock level); ; ;
The discrete variable defines machine status (six possible status):
Its representation as a continuous-time Markov chain (CTMC) is shown in Figure 3.
The mathematical model of the continuous-time stochastic process takes values in the finite state space .
The transition probabilities from state to state at time t are given in Equation (3):
Figure 2. The flexible manufacturing system under study.
Figure 3. Transition diagram of machine states.
The transition rate is given by the following equations:
The transition rates matrix of the continuous-time Markov process (ξ(t)) is defined such that it meets conditions (5) and (6) below:
The transitions rates matrix describes the stochastic process (Equation (7)):
The admissible production decisions set and control variables at state are defined as follows:
The total cost function is given in Equation (9). The total cost function is convex and non-negative. Our goal is to control the production rate as demand varies, to minimize the total production cost.
is the mathematical expectation is the instantaneous cost over an unbound planning horizon. The instantaneous cost is given as follows:
is the inventory cost per unit; is the inventory level; is the shortage cost per unit; is the shortage level; is the operation cost under CM; is the cost index
The mathematical value function is given in Equation (11). The value function should satisfy a set of specific properties represented by the Hamilton-Jacobi-Bellman (HJB) partial differential equations.
The HJB equations characterize the optimality conditions (cf. Appendix 1) for the FMS:
The optimal control policy stands for minimizing the HJB partial differential equations over the set of admissible production capacity for each . A numerical method for stochastic control problems based on the Kushner and Dupuis method  is used to solve the optimality conditions of the HJB equations. Let designate the increment of the finite difference interval of the variable . Emami-Mehrgani  provides a demonstration showing that the value function can be approximated by
and the partial derivative of the value function for a small increment of :
From Equation (13) we derive Equation (14):
The dynamic programming equation resulting from the HJB equations therefore can be presented as shown below   :
5. Numerical Example
A numerical approach  is used to solve the HJB equations for the system under study. It is described in details in Appendix 2. The system is feasible if inequality 16 is satisfied:
The feasibility in equation is structured so that it satisfies a set of specific properties called probability limits, the details of which are provided below:
A policy improvement approach is used to determine an approximate solution. The search algorithm is presented below:
For a given production control policy , where n is the number of iterations and h is a given finite difference interval, let and be defined by
a given accuracy and the value function.
Compute the new value of the value function at rank n and compare it with the old value in memory.
Determine the production control policy
Compute the convergence tests and repeat the above steps until a fixed point precision is found.
The system capacity is described as a Markov process with six state The system is subject to random failure requiring repair. Machine availability is enhanced through CM activities. The frequencies of machine repair with or without HE influences system capacity and output, which determine the inventory levels and are the decision variables. Table 1 indicates the computational parameters used to run the numerical model.
The following mesh grid is defined to perform the computational domain .
5.1. Production Policy Structure
Since HJB differential equations cannot be solved analytically, a finite-difference (discretization) method  was used to obtain approximate numerical solutions. The resulting value functions are the solutions of the optimality conditions. They represent the cost of operating the production system. Figure 4 and Figure 5 respectively show the outputs of products 1 and 2. These outcomes show that there is no manufacturing urgency for either product (inventory level is adequate). The control policy advises keeping the machine idle in an energy-conserving mode to save power. However, when the inventory drops below a specific threshold, the production control policy recommends setting the machine at its maximal output. Otherwise, its operation is adjusted to meet customer demand.
Based on the results above, the policy illustrated can be summarized as follows:
Table 1. Values of the numerical parameters.
Figure 4. FMS production rate for product 1.
Figure 5. FMS production rate for product 2.
The above policy is based on the optimal rates of production that depend on . It is known as the hedging-point policy (HPP), as described previously   . The following sections describe the optimization of using a simulation approach and DOE combined with a GA.
5.2. Simulation Model
For solving optimal control problems, DOE, statistical analysis, and response surface methodology (RSM) are often used, in combination with simulation, to model the behavior of the studied system and the interactions that have an impact on its performance   . At the end, system performance is expressed through linear regression. In doing so, the optimum conditions of the system can be approximated by minimizing the cost function (regression equation) thus obtained. Discrete/continuous event simulation models are used to obtain the real-time production cost.
The simulation software (Arena) and SIMAN language were chosen to perform the discrete simulation. Figure 6 shows the simulation model. The control policy characterized above is used as the simulation model input.
Figure 6. Simulation model.
The graph of average inventory has a repeating trapezoidal profile because of the limit on the machine output. The stock level increases to this maximum, remains there and then decreases during corrective maintenance (CM) activities. When the machine breaks down, a stock shortage occurs (x drops below zero). After the machine is repaired, the stock begins to increase again and the cycle repeats. This strategy recommends building up inventory while the machine is available at its full capacity to meet demand while production capacity is nil due to CM activities with LOTO. However, this requires accelerating production or paying the workers for overtime, which carry a risk of HE and accidents. The curves of the time spent in the system show that the products are produced at the same pace. We note an initial phase where the time varies considerably, representing the transitional regime, and then varies very little around an average value representing the steady state. The difference in values comes from the fact that each part type has its own distinctive processing time.
5.3. Design of Experiment and Genetic Algorithm Methodologies
The numerical approach enabled us to solve the HJB equations and thereby obtain a first draft of the optimal production control policy, which is a threshold
Figure 7. Average inventory level.
Figure 8. Average time in system.
policy (HPP). The simulation software (Arena) and SIMAN language were then used to perform the discrete event simulation.
Simulation, on the other hand, as a decision support tool alone, is not able to directly perform the solving calculations of production system control problems . However, simulation helps to facilitate the analysis, interpretation and understanding of the behavior of the production system. So, it is necessary to combine this approach with other optimization techniques, in this case meta-heuristics and evolutionary optimization, for example the genetic algorithms. For more details on the simulation-based optimization approach, the reader can refer to the work of Kenné  ; Azadivar   and their bibliographic references.
The advantage of heuristic resolution approaches, including GA, lies in their ability to provide an acceptable solution in a record time of non-prohibitive calculation. It is worth mentioning that the solution obtained with a heuristic approach is not necessarily the optimal value of the problem to be solved. Nevertheless, the heuristic resolution techniques allow to obtain global optima, allowing the resolution of the problem with a realistic computation time .
In this section, the DOE approach and a GA were combined. The DOE model characterized the variation of the control factors to identify the main factor effects (and those of their interactions) on the average cost. The independent variables ranged from a low of 1 to a high of 100 (Table 2).
One response variable and two experimental factors were specified, allowing an experimental design with 27 runs, one sample taken per run. The default model is quadratic with 6 coefficients. P values below 0.05 indicate a probability of less than 5% that the fit with the model is due to chance, while the R2 statistic indicates the percentage of the variation in the response that is explained by the fitted model. In this case, five effects have P values less than 0.05, indicating that it is at least 95% certain that their effects are real (not due to chance), while the model as fitted explains 94.47% (adjusted R2) of the variability in cost. The average cost is a function of z1 and z2. In fact, there is a close correlation between the use of DOE and the regression analysis . The regression equation that was fitted to the data is shown below (Equation (20)). The regression coefficients for the cost function are given Equation (20).
The regression coefficient for the cost function are given below.
The MATLAB Genetic Algorithm “Optimtool” was used to estimate the minimum of the cost function. Table 3 shows the parameters that the GA uses for the computation .
The optimal cost (166.87) was found at and where and are the optima of independent variables and . This policy constitutes an expansion of the hedging-point policy approach in a flexible manufacturing system where the cost function is minimized using GA. Controlled in this manner, the system is able to respond efficiently to customer demand with an infinite planning horizon.
5.4. Sensitivity Analysis
We now provide a sensitivity analysis to verify the usefulness and efficiency of the manufacturing control policy.
Table 4 reveals that the production threshold increases for product 1 as well as for product 2 while the cost of their shortages increases. However, while
Table 2. Levels on input factors.
Table 3. MATLAB parameters for the GA.
Table 4. Sensitivity analysis outcomes.
the inventory costs for both products increase, the production thresholds drop to adjust to the new condition.
The effect of the cost of shortages on production hedging point values is shown in Figure 9. Increases in this cost increase the threshold level while all other costs related to production (inventory, repair, and lockout) remain constant. The production policy therefore suggests keeping a large inventory to meet demand in case of machine breakdown.
Figure 10 shows the production threshold as a function of the inventory cost. Increases and decreases in inventory costs both have a direct and significant impact on the threshold. This shows the sensitivity of the inventory cost to the hedging point. Increases in this cost (while other production costs remain constant) accompany decreases in the threshold. At threshold production, the cost of maintaining inventory is closely related to the threshold. Smaller inventory costs less to maintain. However, the production manager must seek the optimal compromise, bearing in mind that a small inventory can easily lead to a shortage in the event of a sudden increase in demand, of machine breakdown or other randomness in production . The outcomes of this analysis suggest increasing inventory to allow for CM and LOTO activities, in spite of the costs associated with accelerated production and the increased risk of HE and accidents.
Figure 9. Changes in the production threshold as a function of the cost of product shortage.
Figure 10. Change in the production threshold as a function of the inventory cost.
Figure 11 shows the production threshold as a function of the duration of CM with LOTO. When the duration of CM and LOTO is very high, machine breakdown cuts into the profit margin of the company.
The aim of this study is to improve occupational health and safety in a flexible manufacturing system (FMS) by developing a policy of production control that withstands human error (HE) in the practice of lockout/tagout. Analytical formalism was combined with a numerical approach to solve Hamilton-Jacobi-Bellman equations for a system comprising a machine used to manufacture two different products. The outcomes suggest a hedging-point policy (a threshold policy based on stock levels) to maintain a level of inventory that meets demand during machine downtime. The machine is thus set on standby as soon as this threshold
Figure 11. Change in the production threshold as a function of the CM and LOTO duration.
level is reached and operated at its maximal output when the level decreases to (or drops below) the threshold for either product. Hedging-point policies have been described in detail elsewhere  . To obtain a model more realistic for flexible systems, the SIMAN processor and simulation language was combined with DOE and a GA to perform a discrete simulation. This yielded a cost optimization policy. A sensitivity analysis was then performed to verify the usefulness and the efficiency of the control policy over an infinite production horizon. It was thus shown that it is possible to integrate CM with LOTO into production in an FMS while optimizing the costs of LOTO, shortage and inventory.
The control method constitutes an extension of the HPP structure. Its outcomes suggest ways for managers to facilitate the integration of occupational health and safety into FMS. However, the proposed model is based on certain simplifying assumptions. It could be improved to allow investigation of systems comprising two or more machines and meeting the demands of several customers. In addition, the likelihood of human error is a constraint on the effectiveness of the model and needs to be addressed properly. The impact of factors such as fatigue and stress also need to be investigated, as do the implications of the limited capacities of humans to perform repetitive tasks without error. Most machinery breakdowns are a result of operator performance and machinery age .
As noted in previous studies   , LOTO should be included in system planning as a whole rather than treated as an add-on to maintenance. This would allow managers of operations and maintenance to plan their respective activities such that workers have no legitimate excuse for non-compliance with LOTO procedures. Although LOTO does increase the cost of CM, managers should be able to appreciate it as an investment in the reduction of risk (of accidents) rather than as non-value-adding activity. In any case, LOTO is now required by law according to article 188.2 of Quebec regulation respecting occupational health and safety, (RSST - D. 1187-2015, a. 3).
According to CNESST reports for the years 1999 to 2003, machinery was involved in more than 63,000 accidents and more than 100 deaths . HE during maintenance activities must be considered to maintain both productivity and occupational health and safety in a flexible manufacturing system. It increases downtime and hence cost as well as the risk of accidents . HE probabilities in maintenance procedures can be estimated for each possible failure case using the HEART approach . Although a systematic approach focused on human factors does help reduce the likelihood of HE during maintenance activities, error is inevitable and there will be no substitute for awareness and quick adjustment. The fundamental human nature of workers cannot be modified no matter how their working conditions might be .
This study shows clearly the impact of HE on a flexible manufacturing system in terms of cost and occupational health and safety when production and CM are planned conjointly. HE during CM activities certainly compromises the safety of maintenance technicians while raising production costs. A seemingly minor flaw in a flexible manufacturing system can lead to economic losses and threaten lives.
The aim of this study was to develop a theoretical way of planning production and CM with LOTO procedures that increases safety in a flexible manufacturing system. A system comprising a single machine meeting two types of customer demand and prone to failure was examined. Numerical methods based on finite-difference methods were used to solve Hamilton-Jacobi-Bellman differential equations. An iterative approach was used to improve the manufacturing control policy. A hedging-point policy was thus obtained, and the SIMAN processor and simulation language (Arena software) were then used to carry out the discrete simulation. Finally, DOE and a GA were combined to obtain a more realistic model for industries and to optimize the cost structure.
Our principal contribution is a control strategy that facilitates the integration of LOTO into production and CM and takes into account the impact of HE. The costs of shortage, inventory build-up and CM can thus be optimized over an unbounded planning horizon. This study clearly illustrates the impact of HE on a flexible manufacturing system in terms of production cost and occupational health and safety. The implications for corrective maintenance planning are clear: HE in CM activities compromises the safety of maintenance technicians and increases production cost. A seemingly minor flaw in a flexible manufacturing man-machine system can lead to economic losses and threaten lives.
Inventory must be sufficient to satisfy customer demand during CM. Integrating preventive measures such as LOTO into a flexible manufacturing system can result in a remarkable improvement in occupational health and safety. LOTO helps prevent contact with hazardous spaces during maintenance operations, inadvertent release of hazardous energy and unforeseen start-up of machinery. All activities at risk of HE in a flexible manufacturing system must be identified. This risk can be reduced substantially by paying particular attention to critical maintenance tasks. Accident prevention is a crucial aspect of modern manufacturing systems.
The model is based on certain assumptions and could be improved through study of flexible manufacturing systems comprising a plurality of machines and customers with different demand types. Factors such as fatigue and stress need to be investigated to determine their influence on human performance in such systems.
We gratefully acknowledge Natural Sciences and Engineering Research Council of Canada and Association Québécoise pour l’Hygiène, la Santé et la Sécurité au travail. The authors also thank the anonymous reviewers, whose critique and suggestions increased the quality of this manuscript.
Appendix 1―Optimality Conditions
The value functions and the HJB partial differential equations have properties called optimality conditions. Let be a function where , has
a derivative along the direction .
for every and if is differentiable at x, where is the gradient of . Moreover, if is convex and continuous on a domain , then is differentiable and admit a derivative at any point and along direction such that for some . See Emami-Mehrgani et al.  for more in depth details regarding the optimality conditions. Let be the admissible directions at x regarding the optimality condition. The HJB equations can be written in terms of the derivative as follows:
The system is considered feasible if:
The feasibility in Equation (22) is formulated to satisfy a set of specific properties called probability limits, defined in more detail in Equation (23):
Let designate the horizon of , if exists. Let of be differentiable at an x0. There is a vector such that for any acceptable direction at x0. The horizon condition from the continuity on the value function can be presented as below:
The flexible manufacturing system optimal policy designates a reduction of the value function over the set of admissible production capacities. It is practically impossible to solve the HJB equations analytically. Finite difference methods, based on a numerical approach to stochastic control problems  , are used to solve the optimality conditions of the HJB equations.
Appendix 2―Numerical Method
• Value function at mode 1
• Value function at mode 2
• Value function at mode 3
• Value function at mode 4
• Value function at mode 5
• Value function at mode 6
 Dhillon, B.-S. (2014) Basic Human Factors, Reliability, and Error Concepts. In: Human Reliability, Error, and Human Factors in Power Generation, Springer Series in Reliability Engineering, Springer International Publishing, 27-47.
 Burlet-Vienney, D., Chinniah, Y. and Pizarro-Chong, A. (2014) Design of an Intelligent Tool for the Observation and Follow-Up of Lockout Procedures during Maintenance Activities on Industrial Machines. Open Journal of Safety Science and Technology, 4, 106-118.
 Bulzacchelli, M.-T., Vernick, J.-S., Sorock, G.-S., Webster, D.-W. and Lees, P. (2008) Circumstances of Fatal Lockout/Tagout-Related Injuries in Manufacturing. American Journal of Industrial Medicine, 51, 728-734.
 Bulzacchelli, M.-T., Vernick, J.-S., Webster, D.-W. and Lees, P. (2007) Effects of the Occupational Safety and Health Administration’s Control of Hazardous Energy (Lockout/Tagout) Standard on Rates of Machinery-Related Fatal Occupational Injury. Injury Prevention, 13, 334-338.
 Grusenmeyer, C. (2000) Interactions maintenance-exploitation et sécurité. Etude bibliographique. 1. Les taches de maintenance: définitions et caractéristiques contribuant à leur criticité. INRS_188.
 Lind, S. (2008) Types and Sources of Fatal and Severe Non-Fatal Accidents in Industrial Maintenance. International Journal of Industrial Ergonomics, 38, 927-933.
 Chinniah, Y. and Burlet-Vienney, D. (2013) Study on Lockout Procedures for the Safety of Workers Intervening on Equipment in the Municipal Sector in Quebe. International Journal of Occupational Safety and Ergonomics, 19, 495-511.
 Emami-Mehrgani, B., Nadeau, S. and Kenné, J.-P. (2011) Lockout/Tagout and Operational Risks in the Production Control of Manufacturing Systems with Passive Redundancy. International Journal of Production Economics, 132, 165-173.
 Chinniah, Y., Aucourt, B. and Bourbonnière, R. (2015) Prévention des risques mécaniques et physiques: étude sur la sécurité des machines lors des interventions en mode de vitesse ou d’efforts réduits. RAPPORT R-888. Institut de recherche Robert-Sauvé en santé et en sécurité du travail (IRSST), Montreal.
 Burlet-Vienney, D., Jocelyn, S., Chinniah, Y., Daigle, R. and Massé, S. (2009) Vérification du contenu d’un programme de cadenassage. Institut de recherche Robert-Sauvé en santé et en sécurité du travail (IRSST), Montréal, Québec, Canada, Guide RF-617.
 Venkatraman, N. (2012) Business Performance and Maintenance: How Are Safety, Quality, Reliability, Productivity and Maintenance Related? Journal of Quality in Maintenance Engineering, 18, 183-195.
 Bulzacchelli, M.-T., Vernick, J.-S., Webster, D.-W. and Lees, P. (2007) Effects of the Occupational Safety and Health Administration’s Control of Hazardous Energy (Lockout/Tagout) Standard on Rates of Machinery-Related Fatal Occupational Injury. Injury Prevention, 13, 334-338.
 Assid, M., Gharbi, A. and Hajji, A. (2015) Production Planning and Opportunistic Preventive Maintenance for Unreliable One-Machine Two-Products Manufacturing Systems. IFAC-PapersOnLine, 48, 478-483.
 Ben-Salem, A., Gharbi, A. and Hajji, A. (2014) Production Planning and Emission Control for an Unreliable Manufacturing System with Subcontracting Strategy to Achieve Environmental Objectives. MScA. école de technologies supérieure, éTS, Montreal, 201 p.
 Ouaret, S., Kenné, J.-P., Gharbi, A. and Polotski, V. (2015) Age-Dependent Production and Replacement Strategies in Failure-Prone Manufacturing Systems. Proceedings of the Institution of Mechanical Engineers, Part B: Journal of Engineering Manufacture, 231, 540-554.
 Rivera-Gómez, H., Gharbi, A., Kenné, J.-P., Monta-o-Arango, O. and Hernandez-Gress, E. (2016) Production Control Problem Integrating Overhaul and Subcontracting Strategies for a Quality Deteriorating Manufacturing System. International Journal of Production Economics, 171, 134-150.
 Badiane, A., Nadeau, S., Kenné, J.-P. and Polotski, V. (2016) Optimizing Production While Reducing Machinery Lockout/Tagout Circumvention Possibilities. Journal of Quality in Maintenance Engineering, 22, 188-201.
 Charlot, E., Kenné, J.-P. and Nadeau, S. (2007) Optimal Production, Maintenance and Lockout/Tagout Control Policies in Manufacturing Systems. International Journal of Production Economics, 107, 435-450.
 Emami-Mehrgani, B., Nadeau, S. and Kenné, J.-P. (2014) Optimal Lockout/Tagout, Preventive Maintenance, Human Error and Production Policies of Manufacturing Systems with Passive Redundancy. Journal of Quality in Maintenance Engineering, 20, 453-470.
 Emami-Mehrgani, B., Neumann, W.-P., Nadeau, S. and Bazrafshan, M. (2015) Considering Human Error in Optimizing Production and Corrective and Preventive Maintenance Policies for Manufacturing Systems. Applied Mathematical Modelling, 40, 2056-2074.
 Lee, C.-Y. and Lin, C.-S. (2001) Single-Machine Scheduling with Maintenance and Repair Rate-Modifying Activities. European Journal of Operational Research, 135, 493-513.
 Boukas, E.-K. and Haurie, A. (1990) Manufacturing Flow Control and Preventing Maintenance: A Stochastic Control Approach. IEEE Transactions on Automatic Control, 35, 1024-1031.
 Hu, J.-Q., Vakili, P. and Yu, G.-X. (1994) Optimality of Hedging Point Policies in the Production Control of Failure Prone Manufacturing Systems. IEEE Transactions on Automatic Control, 39, 1875-1880.
 Kenné, J.-P. and Boukas, E.-K. (2003) Hierarchical Control of Production and Maintenance Rates in Manufacturing Systems. Journal of Quality in Maintenance Engineering, 9, 66-82.
 Kenné, J.-P. and Gharbi, A. (2004) Stohastic Optimal Production Control Problem with Corrective Maintenance. Computers & Industrial Engineering, 46, 865-875.
 Gharbi, A. and Kenné, J.-P. (2005) Maintenance Scheduling and Production Control of Multiple-Machine Manufacturing Systems. Computers & Industrial Engineering, 48, 693-707.
 Collazo, G.-M. (2010) Reducing Human Error on the Manufacturing Floor.
 Noroozi, A., Khan, F., MacKinnon, S., Amyotte, P. and Deacon, T. (2014) Determination of Human Error Probabilities in Maintenance Procedures of a Pump. Process Safety and Environmental Protection, 92, 131-141.
 Tchiehe, D.-N. and Gauthier, F. (2017) Classification of Risk Acceptability and Risk Tolerability Factors in Occupational Health and Safety. Safety Science, 92, 138-147.
 Harris, S. and Simpson, B. (2016) Human Error and the International Space Station: Challenges and Triumphs in Science Operations. 14th International Conference on Space Operations, Daejeon, 16-20 May 2016, 2406.
 Givi, Z.-S., Jaber, M.-Y. and Neumann, W.-P. (2015) Modelling Worker Reliability with Learning and Fatigue. Applied Mathematical Modelling, 39, 5186-5199.
 Jaber, M.-Y., Givi, Z.-S. and Neumann, W.-P. (2013) Incorporating Human Fatigue and Recovery into the Learning-Forgetting Process. Applied Mathematical Modelling, 37, 7287-7299.
 Neumann, W.-P. and Dul, J. (2010) Human Factors: Spanning the Gap between OM and HRM. International Journal of Operations & Production Management, 30, 923-950.
 Chan, F., Bhagwat, R. and Wadhwa, S. (2007) Taguchi’s Method Analysis of an FMS under Review-Period-Based Operational Controls: Identification of Control Periodicity. IEEE Transactions on Systems, Man and Cybernetics, Part A: Systems and Humans, 37, 212-225.
 Chan, F., Bhagwat, R. and Wadhwa, S. (2008) Comparative Performance Analysis of a Flexible Manufacturing System (FMS): A Review-Period-Based Control. International Journal of Production Research, 46, 1-24.
 Bengtsson, M. and Lundström, G. (2018) On the Importance of Combining “the New” with “the Old”—One Important Prerequisite for Maintenance in Industry 4.0. Procedia Manufacturing, 25, 118-125.
 Dhillon, B.-S. (2014) Human Reliability, Error, and Human Factors in Power Generation. USA: Springer Series in Reliability Engineering, Springer, Cham, Heidelberg, New York, Dordrecht, London, 188 p.
 Emami-Mehrgani, B., Kenné, J.-P. and Nadeau, S. (2012) Lockout/Tagout and Optimal Production Control Policies in Failure-Prone Non-Homogenous Transfer Lines with Passive Redundancy. International Journal of Production Research, 51, 1006-1023.
 Hlioui, R., Gharbi, A. and Hajji, A. (2015) Replenishment, Production and Quality Control Strategies in Three-Stage Supply Chain. International Journal of Production Economics, 166, 90-102.
 Azadivar, F. and Shu, J.-V. (1998) Use of Simulation in Optimization of Maintenance Policies. Proceedings of the 30th Conference on Winter Simulation, Washington DC, 13-16 December 1998, 1061-1068.
 Akella, R. and Kumar, P. (1986) Optimal Control of Production Rate in a Failure Prone Manufacturing System. IEEE Transactions on Automatic Control, 31, 116-126.
 Assid, M., Gharbi, A. and Hajji, A. (2015) Joint Production, Setup and Preventive Maintenance Policies of Unreliable Two-Product Manufacturing Systems. International Journal of Production Research, 53, 4668-4683.
 Hajji, A.G. and Kenne, J.P. (2004) Production and Set-Up Control of a Failure-Prone Manufacturing System. International Journal of Production Research, 42, 1107-1130.
 Azadivar, F. and Tompkins, G. (1999) Simulation Optimization with Qualitative Variables and Structural Model Changes: A Genetic Algorithm Approach. European Journal of Operational Research, 113, 169-182.
 Chipperfield, A.J. and Fleming, P.J. (1995) The Matlab Genetic Algorithm Toolbox. IEE Colloquium on Applied Control Techniques Using MATLAB, 26 January 1995, 10/1-10/4.
 Nadeau, S., Kenné, J.P., Emami-Mehrgani, B. and Badri, A. (2016) Advances in Integration of Equipment Lockout/Tagout, Determination of Actual Production Capacity and Production/Maintenance Planning. Safety Science Monitor, 19, 1-8.
 Njike, A.-N., Pellerin, R. and Kenné, J.-P. (2011) Maintenance/Production Planning with Interactive Feedback of Product Quality. Journal of Quality in Maintenance Engineering, 17, 281-298.
 Chinniah, Y., Champoux, M. and Burlet-Vienney, D. (2008) Comparative Analysis of Lockout Programs and Procedures Applied to Industrial Machines. REPORT R-575. Institut de recherche Robert-Sauvé en santé et en sécurité du travail (IRSST), Montreal.