If you’re building a product with a control system, there’s a question that deserves your attention long before certification testing arrives wielding a clipboard and bad news:
Does your product require an SRP/CS safety circuit analysis, and if so, how rigorous does that analysis need to be?
Ignore the question, and you’re essentially driving toward certification with your eyes closed. Sometimes you arrive safely. More often, you discover expensive redesigns, project delays, and a certification process that starts as algebra and quickly transforms into string theory.
The good news: There is a concrete answer to this infamously mysterious topic.
The applicable component or product standard determines whether an SRP/CS safety circuit analysis is required and what performance level your system must achieve. The less-good news: Figuring out which standard applies can be maddening even to the most experienced design team.
Let’s break it down.
What Is SRP/CS and Why Does It Matter?
SRP/CS stands for Safety-Related Parts of a Control System.
These are the pieces of your control system responsible for preventing hazardous situations when things inevitably decide to misbehave. Think sensors, safety relays, actuators, programmable logic controllers (PLCs), communication networks, and other components standing between normal operation and what engineers diplomatically call “an undesirable event.”
An SRP/CS safety circuit analysis evaluates whether those components can reliably perform their intended safety functions, even when failures occur (especially when failures occur). Safety isn’t measured by how a system behaves on its best day. It’s measured by how it behaves when a component wakes up and chooses chaos.
Several standards govern this process:
ISO 13849-1
The most commonly referenced standard for machinery safety control systems. It introduces the concept of Performance Levels (PL) and provides a framework for designing and validating safety functions.
IEC 62061
Another machinery safety standard that uses Safety Integrity Levels (SIL) derived from IEC 61508.
IEC 61508
The grandparent of modern functional safety standards. Many industry-specific standards trace their requirements back to it, much like every superhero movie somehow traces back to radioactive accidents and science experiments gone awry.
Who Decides If You Need an SRP/CS Safety Circuit Analysis?
This is where many manufacturers accidentally wander into a regulatory hedge maze. There is no universal rule stating that every control system requires an SRP/CS analysis. Instead, the requirement comes from the product standard that applies to your specific product.
For example:
- Industrial machinery sold in Europe is typically subject to machinery safety standards that reference ISO 13849. An SRP/CS analysis is often required.
- Medical devices may fall under the IEC 60601 family of standards and reference functional safety requirements through standards such as IEC 61508.
- Commercial appliances, HVAC equipment, and food service systems each have their own standards that may impose safety control requirements.
In other words, the standard follows the product, not the other way around.
Before calculating performance levels, selecting safety relays, or arguing passionately about diagnostic coverage in conference rooms, you first need to identify the correct standard. That sounds simple, and maybe at some point, it used to be, until we started inventing new product categories that combine robotics, cloud connectivity, artificial intelligence, all tucked inside a coffee dispenser. Unfortunately there’s no prize for guessing correctly. Do your homework now and keep your product on the market come inspection day.
Performance Levels: The Safety World’s Report Card
Under ISO 13849, Performance Levels range from PL a through PL e.
Higher levels correspond to lower probabilities of dangerous failures.
| Level | Probability of Dangerous Failure / Hour | Typical Application Context |
| PL a | 1/10,000 to 1/100,000 | Low-risk applications, minor injury possible |
| PL b | 1/100,000 to 1/1,000,000 | Low to moderate risk |
| PL c | 1/1,000,000 to 1/10,000,000 | Moderate risk, reversible injury |
| PL d | 1/10,000,000 to 1/100,000,000 | Serious injury possible |
| PL e | < 1/100,000,000 | High risk, irreversible injury or death |
A common misconception is that manufacturers simply choose the Performance Level they like best. That would be neat (in the short term). It’s also not how any of this works.
The required PL is determined through a risk assessment using three primary factors:
- Severity (S): How serious could the injury be?
- Frequency (F): How often are people exposed to the hazard?
- Possibility of Avoidance (P): Can someone realistically avoid the hazard if something goes wrong?
Those inputs determine the required Performance Level. From there, your job is to prove your system actually achieves it.
That means evaluating:
- System architecture and Category (B through 4)
- MTTFd (Mean Time To Dangerous Failure)
- Diagnostic Coverage (DC)
- Fault tolerance and redundancy measures
It’s detailed technical work that requires rigorous engineering prowess and meticulous product knowledge. Done correctly, it supports certification greatly. Done incorrectly, it becomes a very disorienting waste of time.
Why a Half-Done Analysis Can Be Worse Than No Analysis
A surprising number of projects run into trouble because someone completed “an analysis” that wasn’t actually complete. This presents a dangerous trap of false confidence.
An incomplete analysis can convince a team that everything is fine right up until certification testing uncovers missing reliability data, unsupported assumptions, or architectural weaknesses. At that point, you’re redesigning a product that may already have tooling, production schedules, purchasing commitments, and executives asking increasingly creative questions.
The earlier issues are identified, the cheaper they are to fix. That’s true in engineering. It’s also true for house foundations and suspicious noises coming from your car.
An SRP/CS Analysis Isn’t a One-and-Done Exercise
One of the biggest misconceptions surrounding safety circuit analysis is that it’s a quick issue to address at the end of the project. That couldn’t be further from reality. An SRP/CS analysis should evolve alongside the product.
If you:
- Change a relay
- Update PLC firmware
- Replace a sensor
- Modify system architecture
- Add a new safety function
- Introduce product variants
…you may need to revisit the analysis.
A design that achieves PL d today doesn’t automatically achieve PL d after three rounds of cost reductions, two firmware updates, and a well-intentioned component substitution made during a supply chain shortage. The analysis must reflect the product that actually exists rather than the product that existed six design reviews ago.
Not Sure Where Your Product Stands?
If you’re unsure whether your product requires an SRP/CS safety circuit analysis, which standard applies, or what Performance Level you need to achieve, you’re not alone. Many manufacturers don’t discover these requirements until certification testing is already underway. But by then, every solution costs more than it would have six months earlier.
That’s where experienced product safety professionals can help.
Since 1988, Product Safety Consulting has helped companies achieve compliance and reach global markets faster. With four decades of experience, we’re able to reduce risk, cost, and delays. Our approach includes expert testing strategy, design reviews, and comprehensive support from concept to post-production across countless product categories.
Frequently Asked Questions
Does every product with a control system require an SRP/CS safety circuit analysis?
No. The requirement depends entirely on the applicable product standard. Many products contain control systems without requiring a formal SRP/CS analysis. The determining factor is whether the governing standard identifies safety-related control functions and establishes performance requirements.
What’s the difference between ISO 13849 and IEC 62061?
Both address functional safety in machine control systems. ISO 13849 uses the Performance Level (PL) framework and is commonly applied to mechanical and electromechanical safety functions. IEC 62061 uses the Safety Integrity Level (SIL) methodology derived from IEC 61508 and is often selected for more complex programmable systems.
Can I perform the SRP/CS analysis internally?
Yes, provided your team has the necessary expertise. The analysis requires familiarity with functional safety standards, reliability calculations, diagnostic coverage evaluation, and system architecture assessment. Many organizations choose outside support because mistakes often cost more than expert guidance.
What happens if my product fails to meet the required Performance Level during certification?
Certification cannot proceed until the issue is addressed. Depending on the gap, solutions may involve component changes, architectural redesigns, additional diagnostics, or revised analysis documentation. All of these typically add time and cost to the project.
Do US and European markets require different SRP/CS approaches?
Potentially. European requirements often rely heavily on harmonized standards such as ISO 13849, while US requirements may involve OSHA, ANSI, and industry-specific standards. Manufacturers selling globally typically evaluate compliance requirements for each target market and align their safety strategy accordingly.