Machinery Safety 101

ISO 13849 – 1 Analysis — Part 1: Start with Risk Assessment

This entry is part 1 of 9 in the series How to do a 13849 – 1 analysis

This post was updated 2019-07-24

I often get ques­tions from cli­ents about how to get star­ted on Func­tion­al Safety using ISO 13849. This art­icle is the first in a series that will walk you through the basics of using ISO 13849. Keep in mind that you will need to hold a copy of the 3rd edi­tion of ISO 13849 – 1 [1] and the 2nd edi­tion of ISO 13849 – 2 [2] to use as you go along. There are oth­er stand­ards which you may also find use­ful, and I have included them in the Ref­er­ence sec­tion at the end of the art­icle. Each post has a Ref­er­ence List. I will pub­lish a com­plete ref­er­ence list for the series with the last post.


ISO 13849 provides a sim­pli­fied approach to func­tion­al safety for machine build­ers. The scope of the stand­ard lays out the spe­cif­ics in detail. ISO 13849 is scoped spe­cific­ally for machinery. If you are build­ing some­thing else, there are oth­er stand­ards that will bet­ter address your application.

1 Scope

This part of ISO 13849 provides safety require­ments and guid­ance on the prin­ciples for the design and integ­ra­tion of safety-related parts of con­trol sys­tems (SRP/CS), includ­ing the design of soft­ware. For these parts of SRP/CS, it spe­cifies char­ac­ter­ist­ics that include the per­form­ance level required for car­ry­ing out safety func­tions. It applies to SRP/CS for high demand and con­tinu­ous mode, regard­less of the type of tech­no­logy and energy used (elec­tric­al, hydraul­ic, pneu­mat­ic, mech­an­ic­al, etc.), for all kinds of machinery.

It does not spe­cify the safety func­tions or per­form­ance levels that are to be used in a par­tic­u­lar case.

This part of ISO 13849 provides spe­cif­ic require­ments for SRP/CS using pro­gram­mable elec­tron­ic system(s).

It does not give spe­cif­ic require­ments for the design of products which are parts of SRP/CS. Nev­er­the­less, the prin­ciples giv­en, such as cat­egor­ies or per­form­ance levels, can be used.

NOTE 1 Examples of products which are parts of SRP/CS: relays, solen­oid valves, pos­i­tion switches, PLCs, motor con­trol units, two-hand con­trol devices, pres­sure sens­it­ive equip­ment. For the design of such products, it is import­ant to refer to the spe­cific­ally applic­able Inter­na­tion­al Stand­ards, e.g. ISO 13851, ISO 13856?1 and ISO 13856?2.

NOTE 2 For the defin­i­tion of required per­form­ance level, see 3.1.24.

NOTE 3 The require­ments provided in this part of ISO 13849 for pro­gram­mable elec­tron­ic sys­tems are com­pat­ible with the meth­od­o­logy for the design and devel­op­ment of safety-related elec­tric­al, elec­tron­ic and pro­gram­mable elec­tron­ic con­trol sys­tems for machinery giv­en in IEC 62061.

NOTE 4 For safety-related embed­ded soft­ware for com­pon­ents with PLr = e, see IEC 61508 – 3:1998, Clause 7.

In par­tic­u­lar, pay atten­tion to the first para­graph and the last sen­tence where it states “…for all kinds of machinery.” The intent of ISO 13849 – 1 is to provide a means to determ­ine the func­tion­al safety require­ments and sub­sequently, to ana­lyze the res­ult­ing design and devel­op a veri­fic­a­tion and val­id­a­tion plan. 

Note 1 is also sig­ni­fic­ant. Notes in stand­ards offer non-norm­at­ive, i.e., non-man­dat­ory, inform­a­tion to the read­er to help the read­er apply the pre­ced­ing inform­a­tion. Note 1 reminds read­ers that spe­cif­ic types of products have their own stand­ards that must be followed.

Where to start?

You have just learned that you need to do an ISO 13849 func­tion­al safety ana­lys­is. You have the two parts of the stand­ard, and you have skimmed them, but you are feel­ing a bit over­whelmed and unsure of where to start. By the end of this series, you should be feel­ing more con­fid­ent about how to get this job done.

Step 1 – Risk Assessment

For the pur­pose of this art­icle, I am going to assume that you have a risk assess­ment for the machinery, and you have a copy for ref­er­ence. If you do not have a risk assess­ment, stop here and get that done. There are sev­er­al good ref­er­ences for that, includ­ing ISO 12100 [3], CSA Z432 [4], and ANSI B11.TR3 [5]. You can also have a look at my series on Risk Assess­ment.

The risk assess­ment should identi­fy which risks require mit­ig­a­tion using the con­trol sys­tem, e.g., use of an inter­locked gate, a light cur­tain, a two-hand con­trol, an enabling device, etc. See the MS101 gloss­ary for detailed defin­i­tions. Each of these becomes a safety func­tion. Each safety func­tion requires a safety require­ments spe­cific­a­tion (SRS), which I will describe in more detail a bit later.

Safety Functions

The 3rd edi­tion of ISO 13849 [1] provides two tables that give some examples of safety func­tion char­ac­ter­ist­ics [1, Table 8] and para­met­ers [1, Table 9] and also provides ref­er­ences to cor­res­pond­ing stand­ards that will help you to define the neces­sary para­met­ers. These tables should not be con­sidered to be exhaust­ive – there is no way to list every pos­sible safety func­tion in a table like this. The tables will give you some good ideas about what you are look­ing for in machine con­trol func­tions that will make them safety functions.

While you are identi­fy­ing risk reduc­tion meas­ures that will use the con­trol sys­tem for mit­ig­a­tion, don’t for­get that com­ple­ment­ary pro­tect­ive meas­ures like emer­gency stop, enabling devices, etc. all need to be included. Some of these func­tions may have min­im­um require­ments set by Type B2 stand­ards, like ISO 13850 [6] for emer­gency stop which sets the min­im­um per­form­ance level for this func­tion at PLc.

Selecting the Required Performance Level

ISO 13849 – 1:2015 provides a graph­ic­al means for select­ing the min­im­um Per­form­ance Level (PL) required for the safety func­tion based on the risk assess­ment. A word of cau­tion here: you may feel like you are re-assess­ing the risk using this tool because it does use risk para­met­ers (sever­ity, frequency/duration of expos­ure and pos­sib­il­ity to avoid/limit harm) to determ­ine the PL. Risk assess­ment This tool is not a risk assess­ment tool, and using it that way is a fun­da­ment­al mis­take. Its out­put is in terms of per­form­ance level, which is fail­ure rate per hour of oper­a­tion. For example, it is entirely incor­rect to say, “This machine has a risk level of PLc” since we define PLs in terms of prob­able fail­ure rate per hour.

ISO 13849-1 graphical selection tool for determining PLr requirement for a safety function
Graph­ic­al Per­form­ance Level Selec­tion Tool [1]

Once you have assigned a required Per­form­ance Level (PLr) to each safety func­tion, you can move on to the next step: Devel­op­ing the Safety Require­ments Spe­cific­a­tion.

Book List

Here are some books that I think you may find help­ful on this journey:

[0]     B. Main, Risk Assess­ment: Basics and Bench­marks, 1st ed. Ann Arbor, MI USA: DSE, 2004.

[0.1]  D. Smith and K. Simpson, Safety crit­ic­al sys­tems hand­book. Ams­ter­dam: Elsevi­er­/But­ter­worth-Heine­mann, 2011.

[0.2]  Elec­tro­mag­net­ic Com­pat­ib­il­ity for Func­tion­al Safety, 1st ed. Steven­age, UK: The Insti­tu­tion of Engin­eer­ing and Tech­no­logy, 2008.

[0.3]  Over­view of tech­niques and meas­ures related to EMC for Func­tion­al Safety, 1st ed. Steven­age, UK: Over­view of tech­niques and meas­ures related to EMC for Func­tion­al Safety, 2013.

[0.4] Code of prac­tice for elec­tro­mag­net­ic resi­li­ence, 1st ed. Steven­age, UK: IET Stand­ards TC4.3 EMC, 2017.

[0.5] Code of Prac­tice: Com­pet­ence for Safety Related Sys­tems Prac­ti­tion­ers, 1st ed. Steven­age, UK: The Insti­tu­tion of Engin­eer­ing and Tech­no­logy, 2016.


[1]     Safety of machinery — Safety-related parts of con­trol sys­tems — Part 1: Gen­er­al prin­ciples for design. 3rd Edi­tion. ISO Stand­ard 13849 – 1. 2015.

[2]     Safety of machinery – Safety-related parts of con­trol sys­tems – Part 2: Val­id­a­tion. 2nd Edi­tion. ISO Stand­ard 13849 – 2. 2012.

[3]      Safety of machinery – Gen­er­al prin­ciples for design – Risk assess­ment and risk reduc­tion. ISO Stand­ard 12100. 2010.

[4]     Safe­guard­ing of Machinery. CSA Stand­ard Z432. 2004.

[5]     Risk Assess­ment and Risk Reduc­tion- A Guideline to Estim­ate, Eval­u­ate and Reduce Risks Asso­ci­ated with Machine Tools. ANSI Tech­nic­al Report B11.TR3. 2000.

[6]    Safety of machinery – Emer­gency stop func­tion – Prin­ciples for design. ISO Stand­ard 13850. 2015.

Series Nav­ig­a­tionISO 13849 – 1 Ana­lys­is — Part 2: Safety Require­ment Spe­cific­a­tion”>ISO 13849 – 1 Ana­lys­is — Part 2: Safety Require­ment Specification

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.