ISO 13849: Functional safety of machinery

ISO 13849 is a functional safety standard for machine construction based on the basic functional safety standard (Safety) IEC 61508. It describes safety requirements and contains guidelines for the design and integration of safety-related parts of control systems (SRP/CS) for machines. The standard takes a holistic approach to design, validation, and documentation across all phases of the development and integration of safety functions.

It was first published in November 1999; the current edition of the first part (ISO 13849-1) dates from 2023, and the latest edition of part 2 (ISO 13849-2) dates from 2012. The standard is available in German as DIN EN ISO 13849.

What is the scope of ISO 13849?
The structure of the standard
- Overview of content
Performance Level (PL)
- Determination of PLr
Important new features in ISO 13849-1:2023
In the context of standards IEC 61508 and IEC 62061
ISO 13849 and the Machinery Directive
Sources of supply
Support for the development and operation of functionally safe machines and components

What is the scope of ISO 13849?

ISO 13849 applies to all SRP/CS of electrical, hydraulic, pneumatic, and mechanical machines.

The target audience includes designers and manufacturers of machines and systems, hardware and software developers, project and development managers, safety and product managers, and those responsible for integration, testing, verification, and validation.

The structure of the standard

ISO 13849 consists of two parts, the first of which covers general design principles for safety-related control systems. This is available as a completely revised new edition, ISO 13849-1:2023, and is the focus of this review.

The second part, ISO 13849-2:2012, specifies the requirements for the validation of safety-related parts of control systems (SRP/CS). It supplements the first part and defines how the intended safety functions, categories, and performance levels (PLr, see below) must be verified through analysis and testing. The second part is also being revised. A new version is expected.

Overview of contents

Chapters 1-3: Scope, normative references, terminology
Chapter 4: Overview of the basic structure and process of risk assessment
Chapter 5: Specification of safety functions and safety requirements, determination of the required performance level (PL)
Chapter 6: Design aspects (including evaluation of the achieved PL, parameters for evaluating the PL, relationship between PL and SIL, systematic failures)
Chapter 7: Software safety functions (programming languages, safety-related embedded software, safety-related application software)
Chapter 8: Verification of the achieved performance level
Chapter 9: Ergonomic design aspects
Chapter 10: Validation (validation plan, error lists, analysis techniques, test procedures, environmental requirements, maintenance requirements)
Chapter 11: Maintainability of SRP/CS
Chapter 12: Technical documentation

Appendices A to O are informative. They mainly contain guidelines and practical templates for applying the normative part.

Among other things, they contain guidelines for estimating the required performance level (PLr) for each safety function,

the MTTFD of each channel
the diagnostic coverage,
measures against failures due to common causes,
measures to prevent/control systematic failures
the achievable performance level.

Performance Level (PL)

According to the Machinery Directive (see below), a systematic risk assessment must be carried out for each machine. Based on this assessment, the required performance level (PLr) for risk reduction is determined for each safety function. The corresponding procedure is described in the appendix to ISO 13849-1:2023. The standard defines five levels from a to e. The higher the PLr, the greater the risk reduction required by the safety function. The higher the safety-related performance (achievable PL) of the SRP/CS, the lower the probability of a dangerous failure and the better the protection provided by the implemented safety function.

The relationship between the existing hazard level, the required risk reduction, the PLr of the safety function, the required safety performance of the SRP/CS, and the achievable PL can be simplified as follows.

Relationship between hazard level, risk reduction, PLr, performance of the SRP/CS, and achievable PL.

Determining the achievable PL

A key component in determining the achievable PL is the assessment of the failure probability of the corresponding control components. This is done on the basis of the parameters (discussed in Chapter 6 of the standard):

PFH (Probability of Dangerous Failure per Hour): average frequency of a dangerous failure per hour).
Category: Classification of the subsystem of an SRP/CS with regard to its resistance to faults and its subsequent behavior in the event of a fault.

In addition to the systematic requirements of the components used, their interaction, and a redundancy or test channel, each category requires compliance with certain metrics. These are:

MTTFD (Mean Time to Dangerous Failure): average operating time until dangerous failure (measure of reliability).
DC (Diagnostic Coverage): Key figure for the reliability with which a system detects dangerous faults.
CCF (Common Cause Failure): Probability of faults based on a common cause in redundant systems.

Important changes in ISO 13849-1:2023

The completely revised and restructured version of ISO 13849-1 was published in April 2023 and now includes more detailed specifications for the design of safety requirements. With Chapter 7, “Software safety requirements,” software now plays a much more important role. The standard addresses various programming languages and also considers different types of software (safety-related application software, safety-related embedded software, parameterization software). The protection of data in machine software is also taken into account.

With the new Chapter 10, Part 1 of the standard is expanded to include the aspect of validation, which was previously only covered in Part 2 (see above). In addition, the new version specifies a number of guidelines, in particular for determining the achievable performance level.

Manufacturers and designers will also find more detailed, concrete assistance for the safety design of a system in the appendix, for example with regard to electromagnetic immunity. For software developers, the verification steps and the results of the phases in the V-model are specified in more detail, covering the entire software safety lifecycle. For programming languages with limited language scope (LVL) that use validated function blocks and run on tested hardware, there is now a simplified, two-stage variant of the V-model.

The standard in the context of IEC 61508 and IEC 62061

ISO 13849 is compatible in key aspects with the functional safety standard for machine construction IEC 62061 and the basic functional safety standard IEC 61508. However, IEC 62061 is limited to electrical, electronic, and programmable systems (E/E/PES), while ISO 13849 includes mechanical, hydraulic, and pneumatic components in addition to electrical ones.

The generic standard IEC 61508 also focuses on E/E/PES, but also comprehensively covers quality management and product life cycle (ISO 13849, on the other hand, concentrates on the safety-related design and evaluation of control components). Both the basic standard and IEC 62061 use classifications based on SIL (Safety Integrity Level).

During development, the choice of standard should be made depending on the selected technology and safety requirements. However, since the standards are largely compatible, safety-related parts of machine controls developed in accordance with ISO 13849 may contain components that comply with IEC 62061 or IEC 61508.

ISO 13849 and the Machinery Regulation

The Machinery Regulation (Regulation (EU) 2023/1230) is a binding set of rules issued by the European Union that will apply in all EU countries from 2027 and replace the previous Machinery Directive 2006/42/EC. It requires that the safety of machines, including safety components, software, and mechanical components, be implemented in accordance with the “state of the art.” In addition, all relevant risks associated with the use of the machines must be reduced to an acceptable level.

ISO 13849 is harmonized under the Machinery Directive 2006/42/EU. Harmonization with the Machinery Regulation 2023/1230 is considered very likely. When applying the standard, it is therefore assumed that ISO 13849-compliant safety-related parts of machine controls meet the basic safety and health requirements of the directive. By applying ISO 13849, manufacturers, operators, and integrators can thus demonstrate that the safety requirements of the binding Machinery Directive or Machinery Regulation are being implemented.

Sources of supply

The current edition of DIN EN ISO 13849-1:2023 can be purchased from DIN Media and the International Organization for Standardization. Other versions of the standard are also available from these suppliers.

Support in the development and operation of safe machines and components

Our safety experts provide comprehensive support to manufacturers and designers in the development of functionally safe machines and components. As specialists in functional safety, we offer engineering services ranging from the introduction and support of safety concepts and plans to assistance with TÜV certification. With special training courses for process managers and project staff, we equip your employees with the skills they need for safety, requirements, and systems engineering, as well as safety management.

Our safety development platforms also enable you to accelerate your product development. They offer ready-to-use hardware and software modules for the development of functionally safe machines and machine components. On request, we can also support you with an experienced team of safety specialists in hardware and software development in accordance with ISO 13849.

Questions? Contact us: Contact.
Or call us on +49 7302 9611-0.