As the ESPE will be integrated in the machine safety-related control system, the choice of its safety level will depend on the result of risk
analysis and, consequently, on parameter, PL, SIL or Category resulting from this analysis.

Product Standards (Type C) usually recommend the most suitable ESPE type for each safety-related function involved. If type C Standards
are not available, adopt the recommendations of ISO 13849-1 and IEC 62061.

Also consider that the overall safety integrity of the serial connection: input – control unit – actuators, shall necessarily be equal to or lower
than that of the weaker device.

Rules for correct interconnection of protection devices to machine control system

The interconnections between safety outputs of ESPE (OSSD) and the machine primary control elements, the positioning and selection of reset
push buttons shall not reduce or eliminate the extent of safety integrity assigned to the safety-related machine control system.

Figure 1 shows the most common example, i.e. where the machine control and monitoring system (e.g. the PLC) has no safety-related function.
In this case, the safety-related control system monitoring the protective devices connected to it must operate autonomously and must be inserted between the machine control system and the machine primary control elements.


If the machine is equipped with an integrated safety-related control and management system (safety-related PLC), see figure 2,
machine operational functions and safety-related functions should be governed through the centralized safety-related system.