ISO/TR 13849-3:2026

ISO/TR 13849-3:2026 /  Safety-related parts of control systems (Markov model-based PFH calculation) - Edition 1. 2026

ID 25812 | 21.03.2026 / Preview attached

ISO/TR 13849-3:2026
Safety of machinery - Safety-related parts of control systems - Part 3: Markov model-based PFH calculation

Puplished March 2026 / Edition 1, 2026
_________

This document provides formulas for the estimation of the PFH (Probability of dangerous Failure per Hour) value of single-channel architectures as well as two-channel architectures with and without diagnostics in accordance with ISO 13849-1. 

The formulas presented in this document are based on Markov modelling and can be used as an alternative to the simplified procedure of ISO 13849-1 for estimating the quantifiable aspects of the performance level (see ISO 13849-1:2023, 6.1.8, Figure 12, and Annex K). They can also serve as an alternative to any other adequate method for estimating the quantifiable aspects of the performance level.

NOTE Different estimation methods can vary in the resulting PFH values due to their nature. A certain variation is usually the consequence of different modelling approaches and unavoidable simplifications specific to the method.

Other requirements of ISO 13849-1, e.g. on categories or software, are not addressed by this document.
_________

This document has been prepared to enhance the capabilities of the simplified procedure of ISO 13849-1:2023, 6.1.8 and Annex K, for estimating the performance level for subsystems.

By addressing the designated architectures of ISO 13849-1, the document presents an approach using Markov model-based formulas to estimate the average frequency of a dangerous failure of the safety function. As well as the simplified procedure of ISO 13849-1, the method considers the architecture, the MTTFD of channels, diagnostic coverage DCavg, the common cause factor β and the mission time TM.

Beyond the capabilities of the simplified procedure the method presented here can allow for different test rates, a mission time different from 20 years, a common cause factor different from 2 % and any MTTFD ratio of a functional channel and its related test channel. Asymmetric redundancy is supported without beforehand symmetrisation.

The formulas of this document can also be used in the context of other standards demanding the estimation of PFH as long as the system under assessment meets the method's underlying assumptions (see Clause 4).

ISO 13849-1 and IEC 62061 govern the functional safety of machinery and require the probability of failure to be determined for each safety function in terms of a quantitative estimation of the PFH value (average frequency of a dangerous failure of the safety function).

NOTE In IEC 62061 (as well as in IEC 61508), PFH is descriptively denoted as the “average frequency of a dangerous failure of the safety function”. The abbreviation PFH stems from the International Standard’s former denotation as the “probability of a dangerous failure per hour”.

These International Standards assist users in ascertaining the PFH in different ways: IEC 62061 by provision of equations for calculation of the PFH, ISO 13849-1 by a table and some associated formulas. Both approaches have their drawbacks. The equations in IEC 62061 fail to address single-channel tested systems in desirable depth and in some cases yield very conservative results for two-channel tested systems. The table-based solution in ISO 13849-1 lacks flexibility owing to the fixed specification of the mission time and the common cause factor (β) and entails additional overhead for asymmetrical two-channel systems. Usually, the methods in the two standards will yield PFH values deviating to some extent from each other.

The objective of the PFH equations presented and derived in this document is for the benefits of flexible solutions involving equations to be combined with the more precise modelling technique upon which the table solution is based.

The PFH equations yield good to very good reproduction of the table values stated in ISO 13849-1:2023, Annex K, and in particular cases assume the form of equations already contained in IEC 62061. They can therefore be regarded as a further development of the instruments of both International Standards.

Markov models, which are also among the instruments considered suitable in IEC 61508-6 and IEC 61508-7, are selected exclusively as the method for analysis of the architectures studied within this document.

Unlike the numerical methods (stochastic Petri nets, Monte Carlo simulation), Markov models enable equations to be derived. They are also superior to reliability block diagrams (RBDs) in their handling of mutually influencing failure processes and the reinsertion of repaired systems.

The drawback of the Markov method of being able to handle only exponentially distributed processes (constant transition rates) does not provide significant detriment to the precision of the results.

Simple special cases are treated as non-standard cases of the higher-level more complex cases, enabling overall methodical coherence to be attained.

The body part of this document addresses the use of the formulas for the estimation of the PFH value. The definitions, variables and the basic assumptions are presented as well as the formulas.
Annex A demonstrates the application of this approach to the examples A and B in ISO 13849-1:2023, Annex I.
Annex B of this document discloses the derivation of the presented formulas based on Markov models for the different architectures.
...

add preview

Collegati

Allegati (Riservati) Abbonati Normazione

Allegati

	Descrizione	Lingua	Dimensioni	Downloads
	ISO TR 13849-3:2026 Preview Abbonati Normazione	IT	758 kB	0