Digital Permits Tie CMMS and SCADA for Consistent, Safer Lockout-Tagout in Mining Equipment Maintenance

Overview

A mining equipment plant experienced safety incidents and near-misses tied to uneven lockout-tagout (LOTO) practices during maintenance. Procedures varied by crew and shift, permits were paper-based, and verification of de-energization depended on memory and radios. Intelligex implemented digital permits integrated with Supervisory Control and Data Acquisition (SCADA) and the Computerized Maintenance Management System (CMMS) to enforce steps, verify interlocks and isolation states, capture e-signatures, and require supervisor approvals. Maintenance became safer and more consistent, with clear records for audits and faster coordination—without changing control logic or replacing existing systems.

Client Profile

• Industry: Heavy mining equipment fabrication and test
• Company size (range): Multi-bay plant with machining, welding, assembly, and test stands
• Stage: Established CMMS and SCADA/PLC environment; LOTO on paper forms with spotty standardization
• Department owner: Operations & Manufacturing
• Other stakeholders: EHS, Maintenance/Reliability, Instrumentation & Controls, Production, Quality, IT/OT Security, Contractors/Vendors

The Challenge

LOTO steps differed by asset and by who was on duty. Isolation points were listed in binders that did not always match field reality. Paper permits and tags circulated between the crib, the bay, and a supervisor’s desk. Crews relied on experience to de-energize, dissipate stored energy, and test for zero energy state before work. When schedules changed or shift handoffs were tight, steps were sometimes skipped or completed out of sequence. SCADA screens showed permissives and interlock status, but those signals were not tied to a permit or e-signature gate.

Investigations after incidents revealed gaps in consistency and traceability. The plant did not have a reliable chain showing who isolated which points and when, what readings were taken to verify de-energization, and who authorized re-energization. Contractors added complexity with varying practices and unclear accountability for locks and tags. EHS needed a way to standardize LOTO, enforce verification against live states, and produce complete records aligned to expectations such as OSHA’s control of hazardous energy; reference: OSHA lockout/tagout.

Constraints were practical. Controls engineers could not accept new logic that might affect machine safety. Maintenance had to keep the shop running, not learn a new system for its own sake. Any solution needed to be mobile, robust, and integrated with CMMS work orders and existing SCADA/PLC tags using read-only methods.

Why It Was Happening

Root causes were fragmentation and manual handoffs. Isolation lists lived in binders and spreadsheets, while live states were visible only in SCADA. Paper permits did not reliably capture sequence or test-for-zero steps, and signatures were hard to reconcile with who was on the job. Stored energy controls for pneumatics, hydraulics, and gravity relied on notes rather than a clear checklist tied to the asset.

Ownership was diffuse. Maintenance owned isolation and execution; EHS owned policy; Production owned schedules; IT/OT protected system integrity. Without a shared workflow that combined the permit, the asset’s verified state, and approvals, crews optimized locally and consistency suffered—especially during shift changes and contractor work.

The Solution

Intelligex delivered a digital permit-to-work workflow integrated with CMMS and SCADA. Each permit was tied to a work order and an asset-specific isolation plan. The app guided technicians through LOTO steps, verified interlocks and permissives via read-only SCADA tags, captured e-signatures at key gates, and required supervisor approval before re-energization. Exceptions and overrides flowed through EHS for review. Records included photos, tag IDs, and time-aligned SCADA snapshots, creating a complete audit trail while leaving PLC logic untouched.

• Integrations: CMMS (e.g., IBM Maximo, Fiix) for work orders, assets, and calibration/inspection history; SCADA/PLC via Open Platform Communications Unified Architecture (OPC UA) for read-only verification of interlocks, permissives, and energy indicators; reference: OPC UA. Optional links to access control for badge IDs and QMS for incident tie-ins.
• Asset isolation registry: Canonical isolation lists per asset with electrical, pneumatic, hydraulic, and gravity energy points, linked drawings/photos, and required devices (locks, hasps, blanks).
• Step enforcement: Mobile checklists for de-energize, lock, tag, verify, and try-out, with conditional branches by stored energy type. Required photo or meter reading capture where applicable.
• State verification: Read-only checks of SCADA tags for permissives/interlocks aligned with isolation steps. Zero-energy tests recorded as snapshots with timestamp and tag values.
• E-signatures and approvals: Technician and supervisor e-signatures at defined gates (isolation complete, test for zero, ready-to-energize). Re-energization required a second check and approval.
• Contractor controls: Contractor-specific permit flow with badge ID capture, shared lock tracking, and sponsor approvals. Orientation acknowledgments tied to the permit.
• Exception handling: Time-bound overrides with reason codes routed to EHS. Deviations linked to QMS or incident logs for follow-up.
• Dashboards and notifications: Live views of open permits, locks in place, and aging. Alerts to supervisors and EHS on stalled permits, missing verifications, or attempted re-energization before approval.
• Security and governance: Least-privilege, read-only access to SCADA/PLC; all writes occurred in CMMS and the permit application. Role-based permissions for isolation edits and approvals. Immutable audit logs.
• Standards alignment: Workflow mapped to policy and industry expectations for controlling hazardous energy; see OSHA lockout/tagout.

Implementation

• Discovery: Cataloged assets and isolation points, reviewed recent incidents and near-misses, and walked bays to validate isolation lists. Assessed SCADA tag availability for permissives and indicators. Mapped CMMS work order and approval flows and contractor onboarding practices.
• Design: Defined the isolation registry format, permit steps by energy type, e-signature gates, and re-energization approvals. Selected SCADA tags for read-only verification. Established exception paths and EHS review criteria. Set audit fields and badge/role access.
• Build: Configured CMMS and OPC UA connectors, built the mobile permit app with conditional logic and photo capture, and implemented dashboards and Teams notifications. Loaded initial isolation lists with photos and diagrams under change control.
• Testing/QA: Piloted in shadow mode: technicians completed digital permits in parallel with paper. Verified tag reads against field meters, tuned checklists, and refined isolation lists. Included a human-in-the-loop review board with EHS, Maintenance, and OT before enabling approvals.
• Rollout: Activated by bay and asset class, starting with high-risk equipment. Paper permits remained as a controlled fallback during early cycles. Contractor flow enabled after internal adoption stabilized.
• Training/hand-off: Delivered toolbox talks and hands-on sessions at the crib and bays. Updated LOTO procedures to reference digital permits. Transferred isolation registry ownership to Maintenance and EHS under change control with periodic audits.

Results

LOTO became a guided, verifiable process. Technicians worked from asset-specific isolation plans, verified states against SCADA tags where available, and documented try-out steps with photos and readings. Supervisors approved re-energization with confidence because signatures and checks were visible in one record. Incidents tied to inconsistent LOTO declined, and investigations relied on complete permit packets rather than recollection.

Audits were more straightforward. Each permit showed who did what, when, and under which conditions. Variances and overrides carried reason codes and EHS approvals. Contractors followed the same flow with sponsor oversight, and lock accountability improved. The plant retained its CMMS and SCADA; the difference was a governed workflow that made safe isolation predictable and traceable.

What Changed for the Team

• Before: Paper permits and binders guided steps. After: Mobile permits enforced sequence with asset-specific isolation lists and photos.
• Before: De-energization was verified by memory and radios. After: Read-only SCADA checks and meter readings were recorded as evidence.
• Before: Re-energization relied on verbal go-aheads. After: E-signatures and approvals were required before restoring power or pressure.
• Before: Contractor practices varied. After: Contractors used a sponsor-approved permit with shared lock tracking.
• Before: Incident reviews assembled scattered notes. After: Complete, time-aligned records supported audits and improvements.
• Before: Isolation lists drifted. After: A governed registry with photos and diagrams stayed current under change control.

Key Takeaways

• Put LOTO in the workflow; digital permits tied to assets and work orders create consistency and traceability.
• Verify with live signals; read-only SCADA checks and recorded test-for-zero steps strengthen control without touching PLC logic.
• Require e-signatures and governed overrides; approvals and reason codes build accountability and learning.
• Maintain a canonical isolation registry; clear lists with photos reduce interpretation at the bay.
• Integrate, don’t replace; connect CMMS, SCADA, and identity systems rather than replatforming.
• Roll out in shadow mode; pilot, tune isolation lists and tags, then enforce gates with confidence.

FAQ

What tools did this integrate with? The solution tied digital permits to CMMS work orders and assets (for example, IBM Maximo or Fiix), read interlock and permissive status from SCADA/PLC via OPC UA in a read-only mode, and used the site’s identity system for badge-based user verification. Where incident or deviation tracking was required, permits linked to the QMS record for follow-up.

How did you handle quality control and governance? Isolation lists and permit templates lived under change control with Maintenance and EHS ownership. E-signature gates enforced who could approve isolation and re-energization. Overrides required reason codes and routed to EHS. All steps, tag checks, photos, and signatures were immutably logged. The workflow aligned with expectations for controlling hazardous energy; see OSHA lockout/tagout.

How did you roll this out without disruption? The team ran the digital permit in shadow mode alongside paper permits, validated tag reads and isolation lists, and tuned checklists with a cross-functional review. Rollout proceeded by bay and asset category, with paper retained as a controlled fallback until crews were comfortable. No PLC logic was modified; integrations used read-only paths and existing CMMS approvals.

Did this write to PLCs or change machine safety logic? No. All SCADA/PLC interactions were read-only to verify interlocks and permissives. Holds and approvals occurred in the permit workflow and CMMS. Any physical lockout, keyswitch, or maintenance mode remained the authoritative means of control, consistent with site standards.

How were contractors and stored energy types handled? Contractors used a sponsor-enabled permit with badge capture, shared lock tracking, and required acknowledgments of site LOTO policy. The permit checklist branched by energy type (electrical, pneumatic, hydraulic, gravity, thermal), requiring appropriate isolations and verification (bleed-down, blocking, zero voltage) with photo or meter evidence before approval.