- ISO 13849 – 1 Analysis — Part 1: Start with Risk Assessment
- ISO 13849 – 1 Analysis — Part 2: Safety Requirement Specification”>ISO 13849 – 1 Analysis — Part 2: Safety Requirement Specification
- ISO 13849 – 1 Analysis — Part 3: Architectural Category Selection”>ISO 13849 – 1 Analysis — Part 3: Architectural Category Selection
- ISO 13849 – 1 Analysis — Part 4: MTTFD – Mean Time to Dangerous Failure”>ISO 13849 – 1 Analysis — Part 4: MTTFD – Mean Time to Dangerous Failure
- ISO 13849 – 1 Analysis — Part 5: Diagnostic Coverage (DC)”>ISO 13849 – 1 Analysis — Part 5: Diagnostic Coverage (DC)
- ISO 13849 – 1 Analysis — Part 6: CCF — Common Cause Failures”>ISO 13849 – 1 Analysis — Part 6: CCF — Common Cause Failures
- ISO 13849 – 1 Analysis — Part 7: Safety-Related Software”>ISO 13849 – 1 Analysis — Part 7: Safety-Related Software
- How to do a 13849 – 1 analysis: Complete Reference List
- ISO 13849 – 1 Analysis — Part 8: Fault Exclusion”>ISO 13849 – 1 Analysis — Part 8: Fault Exclusion
This post was updated 2019-07-24
I often get questions from clients about how to get started on Functional Safety using ISO 13849. This article is the first in a series that will walk you through the basics of using ISO 13849. Keep in mind that you will need to hold a copy of the 3rd edition of ISO 13849 – 1  and the 2nd edition of ISO 13849 – 2  to use as you go along. There are other standards which you may also find useful, and I have included them in the Reference section at the end of the article. Each post has a Reference List. I will publish a complete reference list for the series with the last post.
ISO 13849 provides a simplified approach to functional safety for machine builders. The scope of the standard lays out the specifics in detail. ISO 13849 is scoped specifically for machinery. If you are building something else, there are other standards that will better address your application.
This part of ISO 13849 provides safety requirements and guidance on the principles for the design and integration of safety-related parts of control systems (SRP/CS), including the design of software. For these parts of SRP/CS, it specifies characteristics that include the performance level required for carrying out safety functions. It applies to SRP/CS for high demand and continuous mode, regardless of the type of technology and energy used (electrical, hydraulic, pneumatic, mechanical, etc.), for all kinds of machinery.
It does not specify the safety functions or performance levels that are to be used in a particular case.
This part of ISO 13849 provides specific requirements for SRP/CS using programmable electronic system(s).
It does not give specific requirements for the design of products which are parts of SRP/CS. Nevertheless, the principles given, such as categories or performance levels, can be used.
NOTE 1 Examples of products which are parts of SRP/CS: relays, solenoid valves, position switches, PLCs, motor control units, two-hand control devices, pressure sensitive equipment. For the design of such products, it is important to refer to the specifically applicable International Standards, e.g. ISO 13851, ISO 13856?1 and ISO 13856?2.
NOTE 2 For the definition of required performance level, see 3.1.24.
NOTE 3 The requirements provided in this part of ISO 13849 for programmable electronic systems are compatible with the methodology for the design and development of safety-related electrical, electronic and programmable electronic control systems for machinery given in IEC 62061.
NOTE 4 For safety-related embedded software for components with PLr = e, see IEC 61508 – 3:1998, Clause 7.
In particular, pay attention to the first paragraph and the last sentence where it states “…for all kinds of machinery.” The intent of ISO 13849 – 1 is to provide a means to determine the functional safety requirements and subsequently, to analyze the resulting design and develop a verification and validation plan.
Note 1 is also significant. Notes in standards offer non-normative, i.e., non-mandatory, information to the reader to help the reader apply the preceding information. Note 1 reminds readers that specific types of products have their own standards that must be followed.
Where to start?
You have just learned that you need to do an ISO 13849 functional safety analysis. You have the two parts of the standard, and you have skimmed them, but you are feeling a bit overwhelmed and unsure of where to start. By the end of this series, you should be feeling more confident about how to get this job done.
Step 1 – Risk Assessment
For the purpose of this article, I am going to assume that you have a risk assessment for the machinery, and you have a copy for reference. If you do not have a risk assessment, stop here and get that done. There are several good references for that, including ISO 12100 , CSA Z432 , and ANSI B11.TR3 . You can also have a look at my series on Risk Assessment.
The risk assessment should identify which risks require mitigation using the control system, e.g., use of an interlocked gate, a light curtain, a two-hand control, an enabling device, etc. See the MS101 glossary for detailed definitions. Each of these becomes a safety function. Each safety function requires a safety requirements specification (SRS), which I will describe in more detail a bit later.
The 3rd edition of ISO 13849  provides two tables that give some examples of safety function characteristics [1, Table 8] and parameters [1, Table 9] and also provides references to corresponding standards that will help you to define the necessary parameters. These tables should not be considered to be exhaustive – there is no way to list every possible safety function in a table like this. The tables will give you some good ideas about what you are looking for in machine control functions that will make them safety functions.
While you are identifying risk reduction measures that will use the control system for mitigation, don’t forget that complementary protective measures like emergency stop, enabling devices, etc. all need to be included. Some of these functions may have minimum requirements set by Type B2 standards, like ISO 13850  for emergency stop which sets the minimum performance level for this function at PLc.
Selecting the Required Performance Level
ISO 13849 – 1:2015 provides a graphical means for selecting the minimum Performance Level (PL) required for the safety function based on the risk assessment. A word of caution here: you may feel like you are re-assessing the risk using this tool because it does use risk parameters (severity, frequency/duration of exposure and possibility to avoid/limit harm) to determine the PL. Risk assessment This tool is not a risk assessment tool, and using it that way is a fundamental mistake. Its output is in terms of performance level, which is failure rate per hour of operation. For example, it is entirely incorrect to say, “This machine has a risk level of PLc” since we define PLs in terms of probable failure rate per hour.
Once you have assigned a required Performance Level (PLr) to each safety function, you can move on to the next step: Developing the Safety Requirements Specification.
Here are some books that I think you may find helpful on this journey:
[0.2] Electromagnetic Compatibility for Functional Safety, 1st ed. Stevenage, UK: The Institution of Engineering and Technology, 2008.
[0.3] Overview of techniques and measures related to EMC for Functional Safety, 1st ed. Stevenage, UK: Overview of techniques and measures related to EMC for Functional Safety, 2013.