EN ISO 13849-1 Safety related parts of control systems
EN ISO 13849-1 is the successor to EN 954-1 and, instead of safety categories, uses so-called Performance Levels for assessing the required safety level of the safety control system.
The safety level (Pr) for a particular safety function is determined by a risk assessment. Every safety system that is part of the machine must at least comply with this Performance Level (PL).
Safety-related parts of control systems can have many different safety functions, so it is important to determine the required Performance Level for each safety function separately.
The Performance Level (PL) of the safety system is divided into five levels, ranging from A (low) to E (high). The PL is determined or assigned based on the probability of a dangerous failure occurrence and the ability of the system to monitor such dangerous failures (which is a mixture of the diagnostic coverage and the structure of the safety system).
The PL of the overall safety system (and each of its components) must at least meet the minimum safety requirements / Performance (Pr) to achieve a system that is balanced in terms of complexity and risk. The greater the risk to the user, the greater the measures needed within the safety system to prevent dangerous errors. Low-risk applications can therefore use simpler components and system architectures.
The greater the risk to the user, the more severe the safety measures
In order to compose a system that is balanced in complexity and risk, the PL of the overall safety system must at least meet the minimum safety requirements/performance (Pr). Low-risk applications can use simpler components and system architectures than high-risk applications for the user. The higher the risk to the user, the more severe measures are needed within the safety system to prevent dangerous errors.
The minimum requirements expressed in the Performance Level (PL) are determined with the help of this flow chart. Each Performance Level ( from a to e) sets specific requirements for the safety system.
Severity of effects
S1 = Repairable, light
S2 = Irreparable, severe or deadly
Frequency and/or exposure to danger
F1 = Seldom to less often and/or exposure time is short
F2 = Frequent to continuous and/or exposure time is long
Possibility to prevent or limit damage
P1 = Possible under certain conditions
P2 = Barely possible

What is the probability of dangerous failure?
Safety switches or safety sensors that need to achieve a high-performance level need a solid, robust and reliable design. Any theoretical failure that cannot be detected by the control system must be designed or proven so that it is unlikely to occur during operation. This can be done by using a calculation, testing and using the fault exclusions that can be used according to the standard under specific circumstances.
Dangerous failure must be detected by the safety system or proven to be extremely unlikely (covered by a fault exclusion) to achieve a high-Performance Level. The probability of dangerous failure can be calculated using the standard, one of the parameters for which is the B10d value. For this, safety components are tested until 10% of the test group dangerously fails.
Because EN ISO 13849-1 uses failure probability calculations, the probability of undetected dangerous failures decreases with a higher Performance Level.
Do you need support?
Contact our specialists
Failure probability calculations reduce the risk of undetected errors
Changing the design architecture (e.g. by using redundant switches), preventing common failures (through diversity) or adding a monitoring system to provide high diagnostic coverage (DC) are ways to further increase the Performance Level of safety components.
The Performance Level of the entire safety function can be determined by entering the information of the individual components in a calculation. These calculations can be made using priority software, such as SISTEMA. But the calculation can also be done manually. These tools make it possible to determine the Performance Level by selecting different types of components and architectures to achieve the required Performance Levels.
The EN ISO 13849-1 standard can be used for simple and complex safety systems, but does not describe complex electronics. However, the standard can provide the equivalent SIL levels so that components approved according to EN ISO 13849-1 can be included in systems that are designed according to EN 61508 or EN IEC 62061 that use Safety Integrity Levels (SIL) instead of Performance Levels (PL).
EN ISO 13849-1 Basic elements of the standard
- Risk assessment for determining the required Performance Level
- Assessment of the design architecture of the system (Categories)
- Establishing the reliability of the individual components of the system and determining the associated Performance Level
- The diagnostic coverage (DC) of the system and the ability to monitor and control faults
- Specification of safety functions
- Detection and elimination of errors
- Protection against failure from common causes
- Protection against systematic errors
- Specific requirements for the software (if applicable)
- Ergonomics of the design
Different types of safety switches
Actuation principle examples | Actuator examples | Coded/Uncoded | Type | |
---|---|---|---|---|
Mechanical | Physical contact / force | Uncoded | Rotary cam | Type 1 |
Linear cam | ||||
Hinge | ||||
Coded | Tongue (shaped actuator) | Type 2 | ||
Trapped-key | ||||
Non-contact | Inductive | Uncoded | Suitable ferric metal | Type 3 |
Magnetic | Magnet, solenoid | |||
Capaciative | Any suitable object | |||
Ultrasonic | Any suitable object | |||
Optic | Any suitable object | |||
Magnetic | Coded | Coded magnet | Type 4 | |
RFID | Coded RFID tag | |||
Optic | Optically coded tag |