ISO 17757:2017

INTERNATIONAL ISO
STANDARD 17757
First edition
2017-09
Earth-moving machinery and
mining — Autonomous and semi-
autonomous machine system safety
Engins de terrassement et exploitation minière — Sécurité de système
de machine autonome et semi-autonome
Reference number
ISO 17757:2017(E)
©
ISO 2017

---------------------- Page: 1 ----------------------
ISO 17757:2017(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO 2017, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO 2017 – All rights reserved

---------------------- Page: 2 ----------------------
ISO 17757:2017(E)

Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms, definitions and abbreviated terms . 2
4 Safety requirements and/or protective/risk reduction measures . 6
4.1 General . 6
4.2 Stop systems . 6
4.2.1 General. 6
4.2.2 All-stop system . 6
4.2.3 Remote stop system . 6
4.3 Warning devices and safety signs . 6
4.3.1 Visual indicators . 6
4.3.2 Audible alarms . 7
4.3.3 Safety signs . 7
4.4 Fire protection . 7
4.5 Machine access systems . 7
4.6 Braking and steering . 7
4.6.1 General. 7
4.6.2 Braking . 8
4.6.3 Steering . 8
4.7 Adaptation to environmental conditions . 9
4.8 On-board electrical power . 9
4.8.1 General. 9
4.8.2 Requirements . 9
5 Positioning and orientation (POSE) .10
5.1 General .10
5.2 Risk and failure modes .10
5.3 Requirements .10
6 Digital terrain map (DTM) .10
6.1 General .10
6.2 Requirements .11
7 Perception .11
7.1 General .11
7.2 Risk and failure modes .11
7.2.1 Failure to detect or late detection of an object .11
7.2.2 False detection of non-existent object .12
7.2.3 Erroneous location of a detected object .12
7.2.4 Misclassification of an object .12
7.3 Requirements .12
8 Navigation system .12
8.1 General .12
8.2 Risks .13
8.3 Requirements .13
9 Task planner .13
9.1 General .13
9.2 Risks .13
9.3 Requirements .13
10 Communications and networks .14
10.1 General .14
© ISO 2017 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO 17757:2017(E)

10.2 Risk and failure modes .14
10.2.1 Risks .14
10.2.2 Failure modes .14
10.2.3 Potential causes .15
10.3 Communication systems requirements .15
10.3.1 Communication security .15
10.3.2 Communication security .15
10.4 Safety messages.15
11 ASAM supervisor system .16
11.1 General .16
11.2 Requirements .16
12 AOZ access, permissions and security .17
12.1 Permissions and security .17
12.2 AOZ access and warnings .17
12.3 Operational risks .17
12.4 Mode changes .18
13 ASAMS site operating procedures .18
13.1 General .18
13.2 Incident recording .18
13.3 Commissioning .18
13.4 Documentation and training .18
13.4.1 Documentation .18
13.4.2 Training .19
14 Operational hazard controls .19
15 Verification of safety requirements and/or protective/risk reduction measures .19
16 Information for use .20
16.1 Safety labels and machine markings .20
16.2 User manual .20
Annex A (informative) List of significant hazards.21
Annex B (informative) Safety and the risk management process .23
Annex C (informative) Integration of ASAMS into the site planning process.26
Annex D (informative) Access control systems .28
Annex E (informative) Change management — Example for mining.30
Annex F (informative) Supervision .32
Annex G (informative) Commissioning .33
Annex H (informative) Operational hazard controls .35
Bibliography .36
iv © ISO 2017 – All rights reserved

---------------------- Page: 4 ----------------------
ISO 17757:2017(E)

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following URL:
www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 127, Earth-moving machinery,
Subcommittee SC 2, Safety, ergonomics and general requirements.
© ISO 2017 – All rights reserved v

---------------------- Page: 5 ----------------------
ISO 17757:2017(E)

Introduction
This document is a type-C standard as stated in ISO 12100.
The machinery concerned and the extent to which hazards, hazardous situations or hazardous events
are covered are indicated in the Scope of this document.
When requirements of this type-C standard are different from those which are stated in type-A or -B
standards, the requirements of this type-C standard take precedence over the requirements of the
other standards for machines that have been designed and built according to the requirements of this
type-C standard.
Mining input for this document was obtained through liaisons with the GMSG (global mining standards
and guidelines group) and the Western Australia Mobile Autonomous Machine Systems Working Group.
vi © ISO 2017 – All rights reserved

---------------------- Page: 6 ----------------------
INTERNATIONAL STANDARD ISO 17757:2017(E)
Earth-moving machinery and mining — Autonomous and
semi-autonomous machine system safety
1 Scope
This document provides safety requirements for autonomous machines and semi-autonomous machines
used in earth-moving and mining operations, and their autonomous or semi-autonomous machine
systems (ASAMS). It specifies safety criteria both for the machines and their associated systems and
infrastructure, including hardware and software, and provides guidance on safe use in their defined
functional environments during the machine and system life cycle. It also defines terms and definitions
related to ASAMS.
It is applicable to autonomous and semi-autonomous versions of the earth-moving machinery
(EMM) defined in ISO 6165 and of mobile mining machines used in either surface or underground
applications. Its principles and many of its provisions can be applied to other types of autonomous or
semi-autonomous machines used on the worksites.
Safety requirements for general mobile EMM and mining machines, as well as operators, trainers or
passengers on the machine, are given by other International Standards (e.g. ISO 20474, ISO 19296). This
document addresses additional hazards specific and relevant to ASAMS when used as intended.
It is not applicable to remote control capability (covered by ISO 15817) or function-specific automated
features, except when those features are used as part of ASAMS.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 2867, Earth-moving machinery — Access systems
ISO 3450:2011, Earth-moving machinery — Wheeled or high-speed rubber-tracked machines —
Performance requirements and test procedures for braking systems
ISO 5010:2007, Earth-moving machinery — Rubber-tyred machines — Steering requirements
ISO 6165, Earth-moving machinery — Basic types — Identification and terms and definitions
ISO 9533, Earth-moving machinery — Machine-mounted audible travel alarms and forward horns — Test
methods and performance criteria
ISO 10265:2008, Earth-moving machinery — Crawler machines — Performance requirements and test
procedures for braking systems
ISO 12100:2010, Safety of machinery — General principles for design — Risk assessment and risk reduction
ISO 19296, Mining and earth-moving machinery — Mobile machines working underground — Machine
1)
Safety
ISO 20474-1, Earth-moving machinery — Safety — Part 1: General requirements
1) Under preparation.
© ISO 2017 – All rights reserved 1

---------------------- Page: 7 ----------------------
ISO 17757:2017(E)

3 Terms, definitions and abbreviated terms
For the purposes of this document, the terms and definitions given in ISO 6165, ISO 12100 and the
following terms, definitions and abbreviated terms apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at http://www.iso.org/obp
— IEC Electropedia: available at http://www.electropedia.org/
3.1
autonomous or semi-autonomous machine system
ASAMS
machine and supporting systems and infrastructure (3.11) that enable the machine to operate in
autonomous mode (3.3)
Note 1 to entry: An example of representative components of an ASAMS is shown in Figure 1. However, this
document does not describe or provide detail for all the specific components identified in Figure 1.
Figure 1 — Representative ASAMS components
2 © ISO 2017 – All rights reserved

---------------------- Page: 8 ----------------------
ISO 17757:2017(E)

3.2
autonomous or semi-autonomous machine supervisor system
ASAM supervisor system
system providing the primary user interface and “command and control centre” for operation in
autonomous mode (3.3)
3.3
autonomous mode
mode of operation in which a mobile machine performs all machine safety-critical and earth-moving or
mining functions related to its defined operations without operator interaction
Note 1 to entry: The operator could provide destination or navigation input, but is not needed to assert control
during the defined operation.
3.3.1
autonomous machine
mobile machine that is intended to operate in autonomous mode (3.3) during its normal operating cycle
Note 1 to entry: The abbreviation “ASAM” is used throughout this document to refer both to autonomous
machines and semi-autonomous machines (3.3.2) operating in autonomous mode.
3.3.2
semi-autonomous machine
mobile machine that is intended to operate in autonomous mode (3.3) during part of its operating cycle
and which requires active control by an operator to complete some of the tasks assigned to the machine
Note 1 to entry: The abbreviation “ASAM” is used throughout this document to refer both to semi-autonomous
machines operating in autonomous mode and autonomous machines (3.3.1).
3.4
autonomous operating zone
AOZ
autonomous area
designated area in which machines are authorized to operate in autonomous mode (3.3)
3.5
AOZ access control system
physical barrier or virtual or electronic system that monitors, authorizes and controls access, egress and
transition of people and equipment between existing autonomous operating zones (3.4) and other areas
3.6
competent person
person who, in relation to the work undertaken, has the necessary knowledge, skill, training and
experience to complete the work satisfactorily and without danger or injury to any person
[SOURCE: ISO 7240-19:2007, 3.1.5]
3.7
digital terrain map
DTM
topographical description of the site in digital format
3.8
function-specific automated feature
automated feature having a specific control function whereby the operator has overall control and is
solely responsible for safe operation, but can cede limited authority over a manual control (e.g. grade
control, auto-dig, antilock brakes, traction control)
Note 1 to entry: The feature can automatically assume limited authority over a machine function (e.g. electronic
stability control).
© ISO 2017 – All rights reserved 3

---------------------- Page: 9 ----------------------
ISO 17757:2017(E)

3.9
halted state
condition in which all motion of a machine is stopped and an operator action is required to resume its
operation
3.10
operator interaction
involvement of an operator to provide information to or control of an ASAMS (3.1), such as the transition
between autonomous mode (3.3) and manual mode (3.13), or to provide any type of exception handling
3.11
infrastructure
work site equipment and facilities used in support of a machine’s operation in autonomous mode (3.3)
EXAMPLE Communications network, solar power stations, GNSS base station, physical barrier systems.
3.12
layers of protection
independent processes or actions taken to prevent or address potential hazardous events leading to an
unsafe consequence
3.13
manual mode
mode of operation in which a machine is controlled by an operator who is responsible for monitoring
the surroundings and for safe operation of all machine controls
Note 1 to entry: Manually operated machines can have function-specific automated features.
3.14
approach mode
mode that allows access to the ASAMS (3.1)
3.15
mode indicator
means by which a machine shows whether it is in manual mode (3.13), autonomous mode (3.3) or
remote-control mode
3.16
operator
system operator
person having control and responsibility for the operation of an autonomous machine (3.3.1) or a
semi-autonomous machine (3.3.2) and the ASAMS (3.1)
3.17
remote-stop system
system that brings all autonomous machines (3.3.1) and semi-autonomous machines (3.3.2) within a
defined range of a mobile stop device to a halted state (3.9) when initiated
3.18
all-stop system
system that brings all autonomous machines (3.3.1) and semi-autonomous machines (3.3.2) in the AOZ
(3.4) to a halted state (3.9) when initiated
3.19
perception system
system comprising sensors used to detect, locate and recognize a potential feature of interest
3.20
remote control
operator control of a machine from a device not located on the machine
4 © ISO 2017 – All rights reserved

---------------------- Page: 10 ----------------------
ISO 17757:2017(E)

3.21
safe state
condition, whether or not an autonomous machine (3.3.1) or semi-autonomous machine (3.3.2) is
operating or is shut down, such that a hazardous safety, health and environment event is at an acceptable
level of risk based on a risk assessment
3.22
site manager
entity responsible for managing the entire work site, with overall responsibility for the operators and
site operations
3.23
situational awareness
perception of elements in the environment, and a com
...