The standard has two parts: ISO 13849 is designed for use in machinery with high to continuous demand rates.
The standard is developed and maintained by ISO/TC 199, Safety of machinery, Working Group 8 — Safe Control Systems.
[3] The scope of ISO 13849 includes control systems using mechanical, electrical, electronic, and fluidic (hydraulic and pneumatic) technologies.
According to an informal stakeholder survey done in 2013, more than 89% of machine builders and more than 90% of component manufacturers and service providers use ISO 13849 as the primary functional safety standard for their products.
Following ISO 13849-1, the design of the safety system is based on a risk assessment performed by the manufacturer of the machine.
The Performance Level of a safety function is determined by the architectural characteristics of the controller (classified according to designated architectural categories, Category B, 1, 2, 3, 4), the MTTFD of the components in the functional channel(s) of the system, the average diagnostic coverage (DCavg) implemented in the system, and the application of measures against Common Cause Failures (CCF).
The structures are the basis for the calculations used to determine the PFHd values given in Annex K. Each designated architecture has an associated block diagram.
When analyzing SRP/CS designs, a block diagram should be developed to assist the analyst in calculating the MTTFD of the functional channel(s).
The diagnostic frequency depends on the demand rate on the safety function, and on the PLr that must be achieved.
A minimum CCF score of 65 is required, see Annex F. The maximum PL = d. Category 3 is the first architecture with a redundant structure.
Building on Category B, and using components with MTTFD = Low to High, this architecture introduces cross-monitoring between the two active channels, as well as cyclic monitoring of the output device(s).
A minimum CCF score of 65 is required, see Annex F. In Category 3, no single component failure is permitted to cause the loss of the safety function.
Using components limited to MTTFD = High, this architecture includes cross-monitoring between the two active channels, as well as cyclic monitoring of the output device(s).
A minimum CCF score of 65 is required, see Annex F. In Category 4, no single component failure is permitted to cause the loss of the safety function.