EN ISO 13849-1 – Functional Safety Standard, Basis for Performance Level (PL)

June 21, 2023

The standard EN ISO 13849-1 is the basis for evaluating the safety of complex machine control systems. It is a basic functional safety standard and contains internationally unified requirements, referring to the determination of the required performance level and identification of safety-related control parts, through to implementation of safety functions. The standard is to be applied to safety-related parts of control systems, irrespective of the technology and energy used (electrical, hydraulic, pneumatic, mechanical). It describes the safety requirements of the design and integration of safety-related parts of control systems. Properties such as performance level – PLr are defined for these parts; properties that are required to execute specific safety functions.  

The greater the risk, the higher the requirements of the control systems. The hazardous situation is classified into five levels, known as performance levels (PL), from PL “a” (low) to PL “e” (high). The required PL is determined and assigned as part of the risk assessment in accordance with EN ISO 13849-1.

ISO 13849-1 – Significant changes 2023

In 2023, the International Organization for Standardization (ISO) published the new edition of ISO 13849-1. The revised version specifies a range of guidelines, for determining the performance level for example, and thus provides better support with implementation. It also takes account of the greater significance of software. It is far from clear when it will be harmonised into the EU standard EN ISO 13849-1, whether there will be a transition period for publication of the standard in the Official Journal and, if so, how long this might be. The standards experts from Pilz recommend that designers and operators deal with the upcoming changes at an early stage. 

Significant changes in ISO 13849-1:2023 compared with the previous version ISO 13849-1:2015: 

Compass with standards
  • Clearer structure overall, focusing on the implementation of a safety function as a combination of several subsystems 
  • Use of the term “subsystem” throughout the document (instead of SRP/CS)   
  • Improved and extended specification of safety functions (Clause 5)  
  • Improved guidelines and additional requirements relating to the SRS (safety requirements specification) (Clause 5)  
  • Clarifications regarding design aspects (Clause 6); e.g. optimised Category 2 definition, determination of CCF per subsystem and with regard to fault consideration, fault exclusion and well-tried components 
  • Improvements and clarifications regarding software (Clause 7)  
  • Validation (Clause 10); the normative requirements of ISO 13849-2 were revised and incorporated into Part 1 
  • Determination of the required performance level (Annex A); changes with regard to parameter P 
  • Clarification of measures against common cause failures (CCF) – (Annex F) 
  • Guidelines for the management of functional safety were extended (Annex G.5)  
  • Details of how to guarantee that EMC noise immunity is sufficiently high (Annex L) 
  • Supplementary information for the safety requirements specification (Annex M) 
  • Avoidance of systematic failure through software design (Annex N); contains a simple example for software validation 
  • Additional information on safety-related values of components (Annex O), adapted to the approach of VDMA standard sheet 66413 

EN ISO 13849 as an instrument for achieving machinery safety

Screen on a machine

Safety is a key topic, especially in Europe – among other things it is incorporated and formulated in law in the Machinery Directive (MD) and in future in the new Machinery Regulation (MR). Standards such as EN ISO 13849 can be applied as a building block for verification in order to meet the essential health and safety requirements for safety-related parts of control systems.  

The standard EN ISO 13849 consists of two parts and was developed and published by ISO (International Organization for Standardization).  

Part 1 – ISO 13849-1 with the general principles for design was technically revised to clarify and detail some requirements, without introducing any new technical concepts. This part was republished in 2023.  

Part 2 of the standard – EN ISO 13849-2:2012: Validation will initially remain as it is and will be revised afterwards. The normative annexes from Part 2 are embedded in the update of Part 1.  

The last edition of EN ISO 13849-1 was published in 2015. The standard is based on a probabilistic approach for the assessment of safety-related control systems and contains internationally unified requirements, referring to the risk assessment, required performance levels and identification of safety-related control parts, through to implementation of safety functions.  

ISO 13849-1 uses a graph to deal with the assignment of risks to the required performance level and uses structural and statistical methods to evaluate safety functions. The objective is to establish the suitability of safety measures to reduce risks.

Risk assessment and risk reduction combined with functional safety

In the European Union, the standard EN ISO 12100 is used to determine the steps you need to consider when assessing and reducing risk on machinery. The evaluation and verification of safety functions are the prevail of the standards EN ISO 13849 and EN IEC 62061. The design of the safety-related parts of control systems is an iterative process, which is executed in several steps.  

  1. Step – Define the safety function requirements 
  2. Step – Determine the required performance level (PL) 
  3. Step – Design and technically implement the safety functions 
  4. Step – Determine and quantitively evaluate the performance level 
  5. Step – Verification 
  6. Step – Validation 

Risk evaluation and determination of the required performance level PLr

Graph to determine the PLr.

Risks are assessed in EN ISO 13849-1 with the aid of a graph. The assessed criteria include severity of injury, frequency of exposure to the risk and the possibility of avoiding the risk. The outcome of the assessment is the required performance level (PLr) for the individual safety functions, which are intended to minimise the risks. 

PL a corresponds to a low risk, PL e to a high risk.

S – Severity of injury 

  • S1 = Slight (normally reversible injury) 
  • S2 = Serious (normally irreversible injury or death) 

F – Frequency and/or exposure to hazard 

  • F1 = Seldom to less often and/or exposure time is short  
  • F2 = Frequent to continuous and/or exposure time is long 

P – Possibility of avoiding hazard or limiting harm 

  • P1 = Possible under specific conditions  
  • P2 = Scarcely possible 

The possibility of avoiding the hazard is further specified through five factors for parameter P: 

  • Speed with which the hazard arises (e.g. quickly or slowly) 
  • Possibilities for hazard avoidance (e.g. by escaping) 
  • Practical safety experiences relating to the process 
  • Operation by experts or non-professionals  
  • Operation with or without supervision 
Determination of parameter P – FactorsΑBC
Machine is used bySpecialistLayperson 
Speed of the part of the machine that can cause a hazardous eventEvent at low or very low speedEvent at medium speedEvent at high speed 
Physical possibility of avoiding the hazardPossible in at least 50 % of cases  Possible in less than 50 % of cases  Not possible
Possibility of recognising/sensing the hazard  Possible in at least 50 % of cases  Only possible in less than 50 % of casesNot possible
Complexity of the operationsLow complexity or no interaction Medium to high complexity  

*If “C” is selected OR “B” is selected at least 3 times; avoidance “P2”: # “C” >=1; #”B” >=3àP2 

*If “C” is selected OR “B” is selected at least 3 times; avoidance “P2”: # “C” >=1; #”B” >=3àP2 

Aim of EN ISO 13849-1 and the performance level – Risk reduction

The risk is the combination of the probability of occurrence of harm and the severity of that harm. Typically, several safety functions are available to reduce the risks. Each safety function is implemented as a combination of several subsystems. A subsystem is a unit of the architectural design of a safety-related system at the highest level, whereby the architecture represents the specific configuration of hardware and software elements in a safety-related control system (SCS). Subsystems are either already validated by the manufacturer or are designed as new subsystems by the machine manufacturer or integrator. 

A safety requirements specification (SRS) is required for a clear description of the safety functions. This is documentation containing all the details required for safe and correct performance of the safety functions. The following is recorded for each safety function: 

  • Function description with the triggering event, reaction and safe state 
  • Required PLr 
  • Corresponding operating modes 
  • Reaction times 
  • Error reaction and behaviour 
  • Priority 
  • Interfaces (with other safety functions) 

Evaluation of the implementation of self-developed subsystems

A pair of red pliers with symbol

In ISO 13849-1 and EN ISO 13849-1, the following aspects must be defined in order to determine the PL of a subsystem.  

  • System category (structural requirement): this classifies the subsystem in respect of its resistance to faults and its subsequent behaviour in the event of a fault, which is achieved by the structural arrangement of the parts, fault detection and/or its reliability  
  • Mean time to dangerous failure (MTTFD) 
  • Diagnostic coverage (DC), defined as a measure of the effectiveness of the diagnostics: [ratio between the failure rate of detected dangerous failures and the total rate of dangerous failures] 
  • Common cause failure (CCF) 

Software – Informative Annex N for avoiding systematic faults

Two hands typing on a keyboard

The requirements of application software have been increased in comparison with the previous version EN ISO 13849-1: 2015. 

An informative Annex N has been included on the subject of avoiding faults/fault avoidance measures for the safety-related software design.  ISO 13849-1 now covers various software types: 

  • Safety-related embedded software (SRESW) 
  • Safety-related application software (SRASW) 
  • Parameter setting software 

Also, suggestions for improvement have been included, with regard to how these can be linked to the requirements for programming languages with limited (LVL = limited variability language) or unlimited language scope (FVL = full variability language). 

Validation in accordance with EN ISO 13849-1

The validation specifications have been adapted and the normative requirements regarding the validation procedure from ISO 13849-2:2012 have been revised and integrated into ISO 13849-1:2023, e.g. 

  • The analysis supplements the test, it does not replace it 
  • Validation and examination of the SRS is described in detail 
  • A simple example of software validation is provided 

Please note: the tables for fault evaluation are still only included in EN ISO 13849-2 or ISO 13849-2.

Electromagnetic compatibility requirements (EMC)

An informative Annex L  has been  incorporated into ISO 13849-1. This contains details of how to guarantee sufficient EMC noise immunity. EMC interference can mean that electrical or electronic systems behave unexpectedly. For this reason, basic measures should be taken against EMC influences at subsystem and overall system level. Various options are listed for this, including the help of an EMC measures table. The EMC Directive regulates the essential requirements for electromagnetic compatibility.

Important_Links_Bar.jpg

https://www.pilz.com/en-INT/support/knowhow/law-standards-norms/functional-safety/en-iso-13849-1?etcc_med=Push&etcc_cmp=230621_1131_RSS

Related Articles

Network Infrastructure Featured Product Spotlight

PBUS 14 Panduit logo 400

This webinar presented by Beth Lessard and Keith Cordero will be highlighting three Panduit solutions that will optimize network equipment and cabling to ensure that your spaces are efficiently and properly managed to support ever-evolving business needs of today and beyond. Products that will be featured include PanZone TrueEdge Wall Mount Enclsoure, Cable Managers, and Adjustable Depth 4-Post Rack.

REGISTER HERE


Editor’s Pick: Featured Product News

Siemens: SIMOVAC Non-Arc-Resistant and SIMOVAC-AR Arc-Resistant Motor Controllers

The Siemens SIMOVAC medium-voltage non-arc-resistant and SIMOVAC-AR arc-resistant controllers have a modular design incorporating up to two 12SVC400 (400 A) controllers, housed in a freestanding sheet steel enclosure. Each controller is UL 347 class E2, equipped with three current-limiting fuses, a non-load-break isolating switch, and a fixed-mounted vacuum contactor (plug-in type optional for 12SVC400). The enclosure is designed for front access, allowing the equipment to be located with the rear of the equipment close to a non-combustible wall.

Read More


Sponsored Content
Electrify Your Enterprise

Power is vital to production, and well-designed control cabinets are key. Allied Electronics & Automation offers a comprehensive collection of control cabinet solutions including PLCs, HMIs, contactors, miniature circuit breakers, terminal block connectors, DIN-rail power supplies, pushbutton switches, motor starters, overloads, power relays, industrial Ethernet switches and AC drives engineered to keep your operations running safely, reliably and efficiently.

Learn more HERE.


Products for Panel Builders