Risk Assessment and Risk Reduction According to ISO 12100
In machinery safety engineering, one of the most critical challenges is translating a risk assessment performed according to ISO 12100 into concrete safety requirements implemented under ISO 13849-1. This transition is essential whenever a risk reduction measure relies on a safety-related control function.While both standards are industry benchmarks, the connection between them is often not explicitly defined in digital engineering workflows. Risk assessments (HARA) are frequently documented in isolated spreadsheets, separate from functional safety design. This fragmentation increases the likelihood of inconsistencies between identified hazards and the resulting Performance Level (PLr).This article explains how to systematically derive safety requirements from a risk assessment and how to determine the required PLr in a structured, traceable, and audit-ready way.
ISO 12100 defines the general methodology for risk assessment and risk reduction in machinery. It requires a systematic identification of hazards and estimation of risks across the entire lifecycle of a machine—from commissioning to decommissioning.
The 3-Step Method for Risk Reduction
Risk reduction must follow a strict normative hierarchy:
- Step 1: Inherently Safe Design Measures: Elimination of hazards through mechanical or architectural changes.
- Step 2: Technical Protective Measures: Implementing safeguards such as light curtains, interlocks, or safety functions.
- Step 3: Information for Use: Warnings, manuals, and instructions for residual risks.
If a hazard cannot be sufficiently reduced by design alone, technical protective measures are required. When these measures depend on a control system, functional safety requirements must be defined according to ISO 13849-1.
From Hazard to Safety Function: The Interface to ISO 13849
The transition from ISO 12100 to ISO 13849 occurs precisely when a risk requires a safety-related control function. At this point, the hazard identified in the HARA must be translated into a specific safety function (e.g., Safe Torque Off or Safely-Limited Speed).
This is a critical engineering step. The assumptions made during risk estimation must remain consistent through the entire V-Model, as they directly dictate the required reliability and architectural constraints of the safety-related parts of the control system (SRP/CS).
How to Determine the Required Performance Level (PLr)
The required Performance Level (PLr) is determined using the risk graph defined in ISO 13849-1. It is based on three parameters derived from the initial ISO 12100 risk assessment:
- S (Severity of Injury): S1 (slight/reversible) or S2 (serious/irreversible injury or death).
- F (Frequency/Duration of Exposure): F1 (rare to less often) or F2 (frequent to continuous).
- P (Possibility of Avoidance): P1 (possible under specific conditions) or P2 (hardly possible).
Example: Deriving PLr from a Mechanical Hazard
Consider a rotating blade with frequent operator intervention:
- Severity: S2 (Serious injury)
- Exposure: F2 (Frequent access)
- Avoidance: P2 (Hardly possible)
Based on these parameters, the ISO 13849-1 risk graph typically yields a PLr = e. This requirement then dictates the necessary hardware architecture (e.g., Category 3 or 4) and diagnostic coverage.
The Necessity of Traceability in Safety Design
While ISO 12100 focuses on the “What” (risk) and ISO 13849 on the “How” (reliability), maintaining traceability between them is essential for modern compliance. Traceability enables:
- Impact Analysis: If a machine’s limit changes, you can immediately identify which safety functions and PLr calculations are affected.
- Audit Readiness: Proving to notified bodies exactly why a certain PLr was chosen based on the initial hazard identification.
Integrated Engineering: Ensuring Consistency with EnCo Software
Managing the transition from ISO 12100 to ISO 13849 in manual spreadsheets is a high-risk strategy for complex projects. EnCo Software provides an integrated engineering environment that maintains a centralized data structure, ensuring that your safety lifecycle remains consistent.
- Seamless Data Flow: Risk parameters from your HARA are directly linked to PLr determination, eliminating manual data transfer errors.
- Bidirectional Traceability: Establish a clear link between hazards, safety requirements, and validation results.
- Efficient Documentation: Generate structured, norm-compliant technical files for ISO 12100 and ISO 13849 at the push of a button.
Conclusion
Translating a risk assessment according to ISO 12100 into safety requirements under ISO 13849 is a core engineering task that demands methodological rigor. By explicitly linking hazards to safety functions, engineering teams reduce liability, minimize rework, and ensure that safety is an integrated part of the system design—not an afterthought.
