Performance Level (PL)

ISO 13849-1 has a critical role to play with regard to the functional safety (FuSa) of a machine or facility. It contains general design principles for the safety of machines and focuses on the design and integration of safety-related parts of a control system. The performance level (PL) is an important parameter for risk classification and for assessing the reliability of safety-related functions. 

Safety-related parts of a control system (SRP/CS) are intended to fulfil safety features under specific conditions and thereby reduce risks when operating a machine or facility. SRP/CS must be designed in accordance with one of the processes established in ISO 13849-1. Once the necessary safety features and their corresponding properties have been defined, the standard provides for the machine builder to determine the required performance level (PL).

According to ISO 13849-1, the PL is a "discrete level used to specify the ability of safety-related parts of control systems to perform a safety function under foreseeable conditions." It therefore serves as a measurement of the reliability of a safety feature. There are five PLs (a, b, c, d, e), which represent the average probability values of a dangerous failure per hour. PL a describes the lowest and PL e the highest technical safety performance of an SRP/CS. This means that the higher the PL, the safer and more reliable the feature in question.

Performance Level (PL) is a key concept derived from ISO 13849-1, a widely recognized international standard for the safety of machinery. It provides a framework for the design and evaluation of safety-related parts of control systems (SRP/CS).

Here's a breakdown of what PL means and how it's derived:

What is Performance Level (PL)?

• A measure of reliability: PL quantifies the ability of safety-related parts of control systems to perform a safety function under foreseeable conditions. In simpler terms, it tells you how reliable and effective a safety system is at preventing harm.

• Five levels (a to e): ISO 13849-1 defines five discrete performance levels: PL 'a' (lowest reliability) to PL 'e' (highest reliability). A higher PL indicates a lower probability of a dangerous failure.

• Probability of Dangerous Failure per Hour (PFHd): Each PL corresponds to a specific range of PFHd values. This value represents the average probability of a dangerous failure occurring within one hour of operation. For example, PL 'e' has a much lower PFHd than PL 'a', meaning it's significantly less likely to experience a dangerous failure.

• Technology-neutral: PL is a flexible concept that can be applied to various technologies, including electrical, mechanical, pneumatic, and hydraulic safety solutions.

How is Performance Level (PL) derived from ISO 13849-1?

The process of deriving and evaluating PL involves several steps and considers multiple factors:

Risk Assessment and Determination of Required Performance Level (PLr):

• Before designing a safety system, a thorough risk assessment of the machine is conducted.

• This assessment uses a "risk graph" (provided in ISO 13849-1) to determine the Required Performance Level (PLr) for each safety function.

• The PLr is determined by considering three key parameters:

Severity of injury (S):

• • • S1: Slight (normally reversible injury)

    • S2: Serious (normally irreversible injury or death)

Frequency and/or exposure to hazard (F):

• F1: Seldom to less often and/or exposure time is short

• F2: Frequent to continuous and/or exposure time is long

Possibility of avoiding the hazard or limiting harm (P):

• P1: Possible under specific conditions

• P2: Scarcely possible

The higher the risk, the higher the PLr required for the safety function.

Design and Evaluation of the Safety-Related Control System (SRP/CS): Once the PLr is determined, the safety-related control system is designed to achieve that level (or higher). The achieved PL of the system is calculated based on:

• Control Architecture (Category): ISO 13849-1 defines different "Categories" (B, 1, 2, 3, 4) that describe the structural design of the safety system and its ability to withstand faults. Higher categories generally provide more robust safety functions through measures like redundancy and self-checking.

• Mean Time to Dangerous Failure (MTTFd): This is a statistical measure of the average time a component or system is expected to operate before experiencing a dangerous failure. Components with higher MTTFd contribute to a higher overall PL.

• Diagnostic Coverage (DC): DC represents the effectiveness of the system in detecting dangerous faults. A high DC means that a large percentage of potential dangerous failures are detected by the safety system, preventing them from leading to a hazardous state.

• Common Cause Failures (CCF): These are failures of multiple components resulting from a single event (e.g., power surge, contamination). ISO 13849-1 requires measures to mitigate CCF to improve the overall reliability of the system.

Calculation and Validation:

• Specialized software tools and calculation methods (often provided by manufacturers or in the standard itself) are used to calculate the achieved PL of the designed system, taking into account the Category, MTTFd, DC, and CCF.

• The calculated PL is then compared to the required PLr. The achieved PL must be equal to or greater than the PLr to ensure adequate safety.

• Validation is crucial to confirm that the implemented safety functions meet the specified PL and perform as intended.

In essence, ISO 13849-1 provides a systematic approach to link the level of risk associated with a machine to the required performance of its safety-related control systems. The Performance Level (PL) is the numerical expression of this required and achieved safety performance.