CanadaCE MarkComplementary Protective MeasuresControl FunctionsControl ReliabilityEmergency StopEU European UnionFunctional SafetyGuards and GuardingHierarchy of ControlsHow toInterlocksInterlocksInternationalISO 13849Risk Assessment

ISO 13849 – 1 Analysis — Part 1: Start with Risk Assessment

This entry is part 1 of 9 in the series How to do a 13849 – 1 ana­lys­is

I often get ques­tions from cli­ents about how to get star­ted on Func­tion­al Safety using ISO 13849. This art­icle is the first in a series that will walk you through the basics of using ISO 13849. Keep in mind that you will need to hold a copy of the 3rd edi­tion of ISO 13849 – 1 [1] and the 2nd edi­tion of ISO 13849 – 2 [2] to use as you go along. There are oth­er stand­ards which you may also find use­ful, and I have included them in the Ref­er­ence sec­tion at the end of the art­icle. Each post has a Ref­er­ence List. I will pub­lish a com­plete ref­er­ence list for the series with the last post.

Where to start?

So you have just learned that you need to do an ISO 13849 func­tion­al safety ana­lys­is. You have the two parts of the stand­ard, and you have skimmed them, but you are feel­ing a bit over­whelmed and unsure of where to start. By the end of this art­icle, you should be feel­ing more con­fid­ent about how to get this job done.

Step 1 – Risk Assessment

For the pur­pose of this art­icle, I am going to assume that you have a risk assess­ment for the machinery, and you have a copy for ref­er­ence. If you do not have a risk assess­ment, stop here and get that done. There are sev­er­al good ref­er­ences for that, includ­ing ISO 12100 [3], CSA Z432 [4], and ANSI B11.TR3 [5]. You can also have a look at my series on Risk Assess­ment.

The risk assess­ment should identi­fy which risks require mit­ig­a­tion using the con­trol sys­tem, e.g., use of an inter­locked gate, a light cur­tain, a two-hand con­trol, an enabling device, etc. See the MS101 gloss­ary for detailed defin­i­tions. Each of these becomes a safety func­tion. Each safety func­tion requires a safety require­ments spe­cific­a­tion (SRS), which I will describe in more detail a bit later.

Safety Functions

The 3rd edi­tion of ISO 13849 [1] provides two tables that give some examples of safety func­tion char­ac­ter­ist­ics [1, Table 8] and para­met­ers [1, Table 9] and also provides ref­er­ences to cor­res­pond­ing stand­ards that will help you to define the neces­sary para­met­ers. These tables should not be con­sidered to be exhaust­ive – there is no way to list every pos­sible safety func­tion in a table like this. The tables will give you some good ideas about what you are look­ing for in machine con­trol func­tions that will make them safety func­tions.

While you are identi­fy­ing risk reduc­tion meas­ures that will use the con­trol sys­tem for mit­ig­a­tion, don’t for­get that com­ple­ment­ary pro­tect­ive meas­ures like emer­gency stop, enabling devices, etc. all need to be included. Some of these func­tions may have min­im­um require­ments set by Type B2 stand­ards, like ISO 13850 [6] for emer­gency stop which sets the min­im­um per­form­ance level for this func­tion at PLc.

Selecting the Required Performance Level

ISO 13849 – 1:2015 provides a graph­ic­al means for select­ing the min­im­um Per­form­ance Level (PL) required for the safety func­tion based on the risk assess­ment. A word of cau­tion here: you may feel like you are re-assess­ing the risk using this tool because it does use risk para­met­ers (sever­ity, frequency/duration of expos­ure and pos­sib­il­ity to avoid/limit harm) to determ­ine the PL. Risk assess­ment This tool is not a risk assess­ment tool, and using it that way is a fun­da­ment­al mis­take. Its out­put is in terms of per­form­ance level, which is fail­ure rate per hour of oper­a­tion. For example, it is entirely incor­rect to say, “This machine has a risk level of PLc” since we define PLs in terms of prob­able fail­ure rate per hour.

ISO 13849-1 graphical selection tool for determining PLr requirement for a safety function
Graph­ic­al Per­form­ance Level Selec­tion Tool [1]
Once you have assigned a required Per­form­ance Level (PLr) to each safety func­tion, you can move on to the next step: Devel­op­ing the Safety Require­ments Spe­cific­a­tion.

Book List

Here are some books that I think you may find help­ful on this jour­ney:

[0]     B. Main, Risk Assess­ment: Basics and Bench­marks, 1st ed. Ann Arbor, MI USA: DSE, 2004.

[0.1]  D. Smith and K. Simpson, Safety crit­ic­al sys­tems hand­book. Ams­ter­dam: Elsevi­er­/But­ter­worth-Heine­mann, 2011.

[0.2]  Elec­tro­mag­net­ic Com­pat­ib­il­ity for Func­tion­al Safety, 1st ed. Steven­age, UK: The Insti­tu­tion of Engin­eer­ing and Tech­no­logy, 2008.

[0.3]  Over­view of tech­niques and meas­ures related to EMC for Func­tion­al Safety, 1st ed. Steven­age, UK: Over­view of tech­niques and meas­ures related to EMC for Func­tion­al Safety, 2013.


[1]     Safety of machinery — Safety-related parts of con­trol sys­tems — Part 1: Gen­er­al prin­ciples for design. 3rd Edi­tion. ISO Stand­ard 13849 – 1. 2015.

[2]     Safety of machinery – Safety-related parts of con­trol sys­tems – Part 2: Val­id­a­tion. 2nd Edi­tion. ISO Stand­ard 13849 – 2. 2012.

[3]      Safety of machinery – Gen­er­al prin­ciples for design – Risk assess­ment and risk reduc­tion. ISO Stand­ard 12100. 2010.

[4]     Safe­guard­ing of Machinery. CSA Stand­ard Z432. 2004.

[5]     Risk Assess­ment and Risk Reduc­tion- A Guideline to Estim­ate, Eval­u­ate and Reduce Risks Asso­ci­ated with Machine Tools. ANSI Tech­nic­al Report B11.TR3. 2000.

[6]    Safety of machinery – Emer­gency stop func­tion – Prin­ciples for design. ISO Stand­ard 13850. 2015.

Series Nav­ig­a­tionISO 13849 – 1 Ana­lys­is — Part 2: Safety Require­ment Spe­cific­a­tion”>ISO 13849 – 1 Ana­lys­is — Part 2: Safety Require­ment Spe­cific­a­tion