Understanding Safety-Related Parts of Control Systems (PL Rating) in Machine Safety
Introduction
In industrial environments, safety is not a suggestion—it’s a requirement. From robotic arms to CNC machines and packaging lines, every automated system must protect both the machine and human operators from unexpected hazards. This is where Safety-Related Parts of Control Systems (SRP/CS) and their Performance Level (PL) come into play.
Based on ISO 13849-1, the PL rating system helps engineers evaluate whether the safety functions within a machine’s control system meet the necessary reliability for risk reduction. With experience in machine automation, I’ve seen firsthand how a misunderstanding of PL ratings can lead to non-compliance or even accidents.
In this post, you’ll learn:
- What SRP/CS are and why they matter
- How the Performance Level (PL) system works
- How to determine the required PL for your machine
- Common components of safety systems
- Examples and best practices in PL-based safety design
🛡️ What are Safety-Related Parts of Control Systems (SRP/CS)?
SRP/CS are the components in a machine control system that perform safety functions. This includes everything from emergency stop buttons to safety interlocks and safety PLCs.
Typical SRP/CS elements include:
- Emergency stop (E-Stop) buttons
- Safety light curtains and laser scanners
- Safety relays and safety PLCs
- Safety door switches and interlocks
- Two-hand control systems
- Guard monitoring and presence sensing
These components monitor and control safety functions. Their design and reliability must align with the level of risk associated with the machine or process.
📏 What is Performance Level (PL)?
The Performance Level (PL) is a quantitative measure of the reliability of a safety function, defined by ISO 13849-1. It reflects the probability of a dangerous failure per hour and ranges from:
- PL a: Lowest safety integrity
- PL b
- PL c
- PL d
- PL e: Highest safety integrity
Each level corresponds to a probability range of dangerous failure, as shown below:
| Performance Level | Probability of Dangerous Failure per Hour (PFHd) |
|---|---|
| PL a | ≥ 10⁻⁵ to < 10⁻⁴ |
| PL b | ≥ 3 x 10⁻⁶ to < 10⁻⁵ |
| PL c | ≥ 10⁻⁶ to < 3 x 10⁻⁶ |
| PL d | ≥ 10⁻⁷ to < 10⁻⁶ |
| PL e | ≥ 10⁻⁸ to < 10⁻⁷ |
📘 The higher the PL, the more reliable and robust the safety function must be.
🔍 Determining the Required PL (PLr)
To determine the Performance Level required (PLr), a risk assessment must be performed using a simplified method based on:
- Severity of injury (S)
- Frequency and exposure to hazard (F)
- Possibility to avoid the hazard (P)
This is commonly referred to as the S-F-P method:
| S | Severity | S1 = Minor injury, S2 = Serious/permanent injury |
|---|---|---|
| F | Frequency | F1 = Rare, F2 = Frequent |
| P | Possibility to avoid | P1 = Possible, P2 = Impossible |
The combination of these values results in a required PLr (a to e).
Example:
- S = S2 (serious injury)
- F = F2 (frequent exposure)
- P = P2 (hazard cannot be avoided)
→ Required PL = PL d or PL e
🧠 How to Achieve the Required PL
The actual PL achieved depends on the design architecture and quality of components used. According to ISO 13849-1, this involves:
✅ 1. Architecture (Categories B, 1, 2, 3, 4)
Each category defines a structure with increasing levels of redundancy, diagnostics, and fault tolerance:
| Category | Description | Typical PL Achievable |
|---|---|---|
| B | Basic safety principles | a |
| 1 | Reliable components | b |
| 2 | Diagnostics included | b-c |
| 3 | Redundancy and diagnostics | c-d |
| 4 | High fault tolerance and redundancy | d-e |
✅ 2. MTTFd (Mean Time to Dangerous Failure)
Quantifies the expected lifespan of a component before a dangerous failure. Classified as:
- Low: 3–10 years
- Medium: 10–30 years
- High: 30–100 years
✅ 3. DC (Diagnostic Coverage)
Represents the system’s ability to detect faults:
- Low: <60%
- Medium: 60–90%
- High: 90–99%
✅ 4. CCF (Common Cause Failures)
Redundant systems must be protected against CCFs (e.g., electromagnetic noise, software bugs, environmental factors).
🧩 PL is achieved only when all parameters—architecture, MTTFd, DC, and CCF—are properly addressed.
🏗️ Example: Emergency Stop Circuit with PL d Requirement
- S: Serious injury (S2)
- F: Frequent access to the hazard (F2)
- P: Hazard cannot be avoided (P2)
→ Required PLr: PL d
Implementation:
- Use dual-channel E-Stop circuit (redundant)
- Integrate with safety relay with diagnostic feedback
- Monitor safety status via safety PLC or relay with feedback loop
- Use components with High MTTFd and Medium-High DC
- Achieve Category 3 architecture
Result: Meets PL d requirement for risk reduction.
⚙️ Common Safety Devices by PL Application
| Device Type | Typical Use | Target PL |
|---|---|---|
| Emergency Stop | General purpose | PL c–d |
| Safety Light Curtain | Access protection on presses/robots | PL d–e |
| Interlock Switches | Guard doors | PL c–e |
| Safety PLCs | Centralized safety logic | PL d–e |
| Two-Hand Control | Prevent hand injury on machines | PL d–e |
🧰 Interactive Self-Assessment: Are Your Machine Safety Systems PL Compliant?
Answer Yes or No:
✅ Do you conduct PL-based risk assessments on new machines?
✅ Are your safety devices rated according to ISO 13849-1?
✅ Have you verified diagnostic coverage and redundancy in critical circuits?
✅ Are PL ratings documented in your machine’s technical file?
✅ Have you tested the entire SRP/CS loop under fault conditions?
Scoring:
- 4–5 Yes: Excellent—your safety systems are well managed.
- 2–3 Yes: Good—review and strengthen your PL compliance.
- 0–1 Yes: Action needed—start with risk analysis and design review.
✅ Conclusion
Performance Level (PL) is not just a compliance requirement—it’s a framework for ensuring human safety in increasingly automated industrial environments. By understanding SRP/CS and the elements that contribute to a reliable safety function, engineers can build smarter, safer machines that align with international standards.
🔐 PL-based safety design isn’t an afterthought—it’s your first line of defense.
🔑 Key Takeaways:
- SRP/CS includes components that execute safety functions in machines.
- ISO 13849-1 classifies Performance Levels (a–e) to quantify safety integrity.
- PL is determined by risk (S-F-P) and achieved by architecture, MTTFd, diagnostics, and CCF resistance.
- Proper PL compliance is critical for legal, operational, and ethical responsibilities.