Safety Circuit Integrity and ISO 13849-1 Safety Circuit Principles
Safety circuits involve the safety-related functions of a machine that minimize the level of risk of harm. These safety-
related functions can prevent initiation, or they can stop or remove a hazard. The failure of a safety-related function or its
associated safety circuit usually results in an increased risk of harm.
The integrity of a safety circuit depends on several factors, including fault tolerance, risk reduction, reliable and well-tried
components, well-tried safety principles, and other design considerations.
Depending on the level of risk associated with the machine or its operation, an appropriate level of safety circuit integrity
(performance) must be incorporated into its design. Standards that detail safety performance levels include ANSI B11.19
Performance Criteria for Safeguarding and ISO 13849-1 Safety-Related Parts of a Control System.
Safety Circuit Integrity Levels
Safety circuits in International and European standards have been segmented into Categories and Performance Levels,
depending on their ability to maintain their integrity in the event of a failure and the statistical likelihood of that failure.
ISO 13849-1 details safety circuit integrity by describing circuit architecture/structure (Categories) and the required
performance level (PL) of safety functions under foreseeable conditions.
In the United States, the typical level of safety circuit integrity has been called "Control Reliability". Control Reliability
typically incorporates redundant control and self-checking circuitry and has been loosely equated to ISO 13849-1 Category
3 or 4 and/or Performance Level “d” or “e” (see ANSI B11.19).
Perform a risk assessment to ensure appropriate application, interfacing/hookup, and risk reduction (see ANSI B11.0 or
ISO 12100). The risk assessment must be performed to determine the appropriate safety circuit integrity in order to
ensure that the expected risk reduction is achieved. This risk assessment must take into account all local regulations and
relevant standards, such as U.S. Control Reliability or European "C" level standards.
Fault Exclusion
An important concept within the requirements of ISO 13849-1 is the probability of the occurrence of a failure, which can
be reduced using a technique termed "fault exclusion." The rationale assumes that the possibility of certain well-defined
failure(s) can be reduced via design, installation, or technical improbability to a point where the resulting fault(s) can be,
for the most part, disregarded—that is, "excluded" in the evaluation.
Fault exclusion is a tool a designer can use during the development of the safety-related part of the control system and the
risk assessment process. Fault exclusion allows the designer to design out the possibility of various failures and justify it
through the risk assessment process to meet the requirements of ISO 13849-1/-2.
Safety Mat Requirements
WARNING: Risk Assesment
The level of safety circuit integrity can be greatly affected by the design and installation of the safety
devices and the means of interfacing of those devices. A risk assessment must be performed to
determine the appropriate level of safety circuit integrity to ensure the expected risk
reduction is achieved and all relevant regulations and standards are complied with.
The following are minimum requirements for the design, construction, and installation of four-wire safety mat sensor(s) to
be interfaced with the Safety Mat Monitoring Module. These requirements are a summary of standards ISO 13856-1 and
ANSI/B11.19. Review all relevant applicable regulations and standards and apply the Module and any sensors in full
compliance.
Design and Constructions
The safety mat system [Safety Module, sensor(s), and any additional devices] must have a response time that is fast
enough (less than 100 to 200 ms, depending on the relevant standard) to reduce the possibility of an individual stepping
lightly and quickly over the mat’s sensing surface, without being detected.
For a safety mat system, the minimum object sensitivity of the sensor must detect, at a minimum, a 30 kg (66 lb.) weight
on an 80 mm (3.125 in) diameter circular disk test piece, anywhere on the mat’s sensing surface, including at joints and
junctions. The effective sensing surface or area must be identifiable and can comprise one or more sensors. The safety
mat supplier should state this minimum weight and diameter as the minimum object sensitivity of the sensor.
User adjustments to actuating force and response time are not allowed (ISO 13856-1). The sensor should be
manufactured to prevent any reasonably foreseeable failures (for example, oxidation of the contact elements) which could
cause a loss in sensitivity.
MAX1524 and MAX2324 Safety Mat Monitoring Modules
P/N 122366 Rev. B
www.LARCO.com TEL: 800-523-6996
3