Standards & Safety 5 min read

ISO 13849-1 Performance Level Calculation: A Technical Guide for MRO Operations

Technical analysis: ISO 13849-1 Performance Level: calculating PL for safety circuits

ISO 13849-1 Performance Level Calculation: A Technical Guide for MRO Operations - UNITEC-D Industrial MRO
A technical guide to ISO 13849-1 for MRO professionals, covering PL calculations, component certification, and compliance strategies for safety circuits.

1. Introduction

Machine safety is not merely a legal obligation; it is a fundamental requirement for reliable industrial operations. The transition from deterministic standards—such as the legacy EN 954-1, which relied solely on Categories (B, 1, 2, 3, 4)—to the probabilistic approach defined in ISO 13849-1, marked a significant shift in safety engineering. ISO 13849-1:2023 provides a structured framework for assessing the reliability of safety-related parts of control systems (SRP/CS). Maintenance managers and safety officers must understand how to calculate Performance Levels (PL) to ensure the integrity of safety circuits, minimize machine downtime, and protect personnel.

2. Scope & Applicability

ISO 13849-1 applies to safety-related parts of control systems regardless of the technology used (electrical, hydraulic, pneumatic, or mechanical). This includes emergency stop circuits, light curtains, interlocked guards, and safety-rated PLCs. The standard is globally recognized and applies to virtually all manufacturing sectors, from automotive and aerospace to food and pharmaceutical production. It is essential for any equipment where failure in the safety control system could lead to hazardous situations.

3. Key Requirements

The Performance Level (PL) of a safety function is determined by four main parameters: Mean Time To Dangerous failure (MTTFd), Diagnostic Coverage (DC), Common Cause Failure (CCF) mitigation, and the chosen Category. The Required Performance Level (PLr) is established through a risk assessment (typically per ISO 12100).

Parameter Description Objective/Target
MTTFd Mean Time To Dangerous failure High (10-100 years per channel)
DC Diagnostic Coverage None, Low, Medium, High
CCF Common Cause Failure Score ≥ 65
Category Structure/Architectural requirements B, 1, 2, 3, 4

To achieve PL d or PL e, high MTTFd values, medium-to-high DC, and architectural redundancy are mandatory.

4. Impact on MRO Operations

Compliance with ISO 13849-1 directly influences maintenance and procurement strategies. MRO teams can no longer substitute components based solely on physical dimensions or basic electrical specs. Every replacement part in a safety circuit—from a simple limit switch to a safety relay—must possess documented safety data (B10d values for mechanical components, PFHd for electronic devices) to maintain the calculated PL of the overall safety function. Maintenance managers must update documentation to include the safety lifecycle data of all critical components.

5. Component Requirements

Safety-related spare parts must hold specific certifications (e.g., UL, CE, CSA) and be tested for their intended safety function. A standard, non-safety rated inductive sensor is insufficient in a PL d circuit. When sourcing components, it is critical to verify the manufacturer’s data sheet for the component’s PFHd (Probability of dangerous Failure per hour) and MTTFd. Using components not rated for the specific PL can invalidate the entire safety circuit certification.

6. Compliance Checklist

Maintenance managers should utilize this checklist to audit safety circuits:

  1. Verify risk assessment is current for all machines.
  2. Identify PLr for all identified safety functions.
  3. Document the safety architecture (block diagram).
  4. Ensure all components have documented safety ratings (e.g., PFHd, MTTFd).
  5. Confirm the use of redundant channels for PL d/e circuits.
  6. Validate the Diagnostic Coverage (DC) meets the required level.
  7. Verify compliance with CCF measures (separation of channels, diversity).
  8. Maintain accurate documentation of all safety-related modifications.
  9. Conduct functional safety testing at commissioning.
  10. Perform periodic functional safety testing (e.g., annually).
  11. Record all testing results and findings.
  12. Ensure spare parts inventory only contains certified safety components.
  13. Train maintenance personnel on safety circuit diagnostics.
  14. Audit third-party equipment and modifications.
  15. Verify correct wiring and installation practices according to manufacturer specifications.
  16. Ensure safety relays are not bypassed.
  17. Check light curtains and sensors for correct alignment and obstruction.
  18. Test emergency stop button actuation times.
  19. Verify safety PLC firmware is up-to-date and compliant.
  20. Review lockout/tagout (LOTO) procedures in relation to safety circuits.

7. Common Non-Compliance Issues

Auditors frequently identify the following: 1) Substitution of safety-rated components with non-rated parts for maintenance cost-saving; 2) Inadequate CCF mitigation, such as routing both safety channels in the same cable tray; 3) Lack of documented functional testing; 4) Incorrect calculation of MTTFd for complex assemblies; 5) Failure to update safety documentation after control system modifications.

8. Penalties & Liability

Non-compliance carries severe consequences. In the US, OSHA can impose significant fines per violation, and incidents resulting in injury can trigger lawsuits with damages often exceeding $500,000 to several million dollars, depending on the severity and findings of negligence. Insurance providers may void coverage if the machinery fails to meet the safety standards certified in the manufacturer’s operational manuals. Furthermore, regulatory bodies in the UK can issue prohibition notices, effectively shutting down production until compliance is achieved, costing organizations tens of thousands of dollars per day in lost production revenue.

9. Conclusion

Achieving and maintaining ISO 13849-1 compliance is a continuous process of verification, documentation, and careful component selection. By applying probabilistic methods, MRO teams can improve the reliability of safety circuits and protect both personnel and operational assets. For certified, compliant components designed to meet the rigorous demands of safety-critical applications, visit the UNITEC-D E-Catalog.

10. References

  • ISO 13849-1:2023, Safety of machinery — Safety-related parts of control systems — Part 1: General principles for design.
  • ISO 12100:2010, Safety of machinery — General principles for design — Risk assessment and risk reduction.
  • IEC 62061:2021, Safety of machinery — Functional safety of safety-related control systems.
  • OSHA 29 CFR 1910.212, General requirements for all machines.

Related Articles