People often speak of there being "three" sides to every story: one side, the opposite side and the truth, which usually falls somewhere in the middle. In the case of international safety standard ISO 13849-1 (Safety of Machinery – Safety-Related Parts of Control Systems – Part 1: General Principles for Design), there is the good, the bad and the ugly.
The standard uses statistical analysis to make a probabilistic determination as to the reliability of the components, devices and circuitry used in the safety-related part of the control system(s) of industrial machinery. This determination represents the probability of a failure to danger over time and is represented by a performance level (PL).
The ISO 13849-1 methodology uses the category of circuit structure/architecture, mean time to dangerous failure (MTTFd), number of cycles with which 10 percent of components have a failure to danger (B10d), diagnostic coverage (DC) and common cause failure (CCF) to determine the PL of a control system.
This information then can be used in a risk assessment (e.g. ISO 12100, ANSI B11.0, etc.) to evaluate and ensure the appropriate risk reduction has been achieved by implementing safeguarding devices, proper interfacing, control logic and machine actuators.
After being postponed for 3 years – due mostly to pushback from European manufacturers – ISO 13849-1 predecessor EN 954-1 was withdrawn, and EN ISO 13849-1 was recognized as the primary means to provide presumption of conformity to the Machinery Directive 2006/42/EC for the safety-related parts of control systems. This has reduced confusion by providing a single standard to follow for the CE mark.
A big ISO 13849-1 advantage is that it allows designers to "fine-tune" safety circuits according to the level of risk, potentially resulting in lower installed costs. Furthermore, designers are better able to document and justify the component choices used in their application. This can be crucial if questions are raised about how the safety system was implemented.
ISO 13849-1 does an excellent job highlighting design considerations that make a "safe" control circuit (especially ones that often are overlooked). The methodology removes some gray area that historically has existed in determining the "level of safety" a circuit/system can provide. Additionally, it can be applied to fluid power and electromechanical devices for a complete system evaluation.
While the calculations can be overwhelming, free Sistema software and tutorials are available from the IFA, an institute for research and testing of the German Social Accident Insurance. Well-supported by safety device suppliers, the standard has the ISO credibility with the EU "stamp of approval."
For those complying with U.S. Control Reliability requirements, two important American safety standards, ANSI B11.19 (2010) covering safeguarding and ANSI/RIA R15.06 (2012) addressing robot safety, have provided guidance for correlating categories and PLs. ANSI B11.19 states, "While the requirements of control reliability are not directly comparable to the requirements of ISO 13849-1 … complying with Category 3 or 4 and/or Performance Level "d" or "e," at a minimum, will satisfy the requirements of control reliability."