• Home
  • >
  • Safety Integrity Level Analysis

Frequently Asked Questions
SIL, Safety Systems and Independent Protection Layers

What is safety integrity level - SIL?

The term SIL, Safety Integrity Level, is a measure of the amount of risk reduction provided by a Safety Instrumented Function (SIF) for a specific hazardous event.

For example, if a hazard exists for over-filling a vessel, a SIF can be designed to act independnetly of the regular control system to prevent the overfill happening.

Standards IEC 61511, IEC 61508 and IEC 62061 require that each SIF in a system is designed to meet minimum "probability of failure" targets in four different bands from SIL 1 to SIL 4, with SIL 3 being the typical highest target in process industry applications.

In practice, most applications of SIF in a SIS require only SIL 1 or SIL 2 capability.

What is an IPL?

There are many types of Independent Protection Layer - IPL that can be applied to help reduce the frequency of hazardous events.

IPL's include actions by operatorsmechanical safety devices designed for specific events like pressure relief, and safety instrumented functions (SIF) designed to actively sense a hazard and automatically take an action to prevent escalation.

What is a safety instrumented function - SIF?

A special type of IPL is known as a safety instrumented function or SIF. A SIF comprises at least one element for directly sensing a potentially dangerous process condition, a logic solver to decide on the action(s) to be taken, and a final element which will take a direct action on the process to prevent the hazardous condition or stop it escalating further.

A SIF is actually no different in concept to any other IPL, albeit it has additional considerations for design integrity. It must meet the same criteria as other IPL; being effective in preventing the consequence (including being fast enough), independent of any other IPL and the initiating event, and audited (tested) on a regular basis.

What is a safety instrumented system - SIS?

When SIF for different hazardous conditions are collected together into one logic solver, the collective is called a Safety Instrumented System - SIS. The SIS may comprise only a few SIF, or it may have tens or even hundreds. There is actually no limit on numbers of SIF in a SIS, although commercially available logic solvers will always have some capacity limitations.

For reasons of economics and ultimate flexibility, the majority of SIS implemented today use specialist programmable logic controllers as the logic solver. This programmability brings software design into the safety domain. Many additional design requirements apply to software used in safety duties, so this needs careful consideration and project control.

What is SIL 1?

SIL 1 denotes the lowest level integrity target for a safety function, so by definition it is the easiest to achieve, and the most common in most process industry applications.

Meeting a SIL 1 target is usually possible with non-redundant devices, although this needs to be verifiied by calculation.

What is SIL 2?

SIL 2 denotes the mid-level integrity target for a safety function, so it may involve some redundancy and fault tolerance in selected devices.

Meeting a SIL 2 target needs to be verifiied by calculation. SIL 2 designs must be carefully validation tested and undergo a formal independent functional safety assessment.

What is SIL 3?

SIL 3 is a high-level integrity target for a safety function, so it will involve redundancy and fault tolerance in most elements

Meeting a SIL 3 target needs to be verifiied by calculation and must be independently reviewed in high consequence scenarios.

SIL 3 designs must be carefully validation tested and undergo a formal independent functional safety assessment.

What is SIL 4?

SIL 4 is a very high-level integrity target that is typically only found in nuclear high-consequence applications.

Meeting a SIL 4 target is likely to involve employing diverse designs and significant independent verification and validation testing.

Safety Integrity Level target, SIL rating, SIL determination, SIL verification, SIL assessment, SIL study, eFunctionalSafety

Get support with your SIL Analysis


You will need to complete a Safety Integrity Level - SIL Analysis (or SIL study) if you have process hazards that need risk reduction using any means of safety instrumented system or safety instrumented function.


  • SIL targets are selected by the hazard owner using one of a number of risk analysis methods.
  • Suppliers need to provide reliability and safety data if their product are used in any safety function.
  • Consultants or contractors need the safety data to conduct SIL verification calculations.


Applications occur in oil & gas upstream and downstream, power generation, chemical and pharmaceutical production, pulp and paper and others.

Example applications where SIL Analysis is needed:


  • Emergency shutdown systems (ESD) using programmable logic solvers / safety PLC's
  • Overfill protection on tank storage applications 
  • Burner Management Systems (BMS) in industrial process or power generation facilities
  • Gas turbine applications, both onshore and offshore
  • Pressure protection for piping and vessels

STEPS for SIL ANALYSIS

1

Select SIL Target

Using agreed tolerable risk criteria and a SIL determination procedure, eFunctionalSafety can lead your SIL study team sessions with one of our highly experienced and senior facilitators. We can support selection by Rish Graph or Risk Matrix, Safety Layer Matrix or Layer of Protection Analysis - LoPA

2

Write the Safety Requirements Specification

A solid safety requirements specification is the backbone of any safety system. We have proven templates and checklists which have been tested on multiple industry projects. Our service can be as little as checking your requirements are complete, or providing support to author the full requirements specification.

3

SIL Verification

eFunctionalSafety has access to the know-how, software tools and equipment failure rate data that can model the hardware performance of even the most complex Safety Instrumented Function (SIF) designs. We also check for equipment systematic capability, hardware fault tolerance and calculate the PFDavg or PFH according to application requirements.

Recommended Resources

Get some help

Hire a professional independent SIL Chair - CFSE Qualified

If you need to conduct a fair yet objective SIL assessment, independent expertise is often crucial. It would help if you had someone who has sufficient experience, authority and technical capability to lead and guide you to a conclusion.

PROPOSED checklist for the right CANDIDATE TO LEAD A SIL STUDY
  • Experience of having conducted a SIL Study previously
  • Demonstrable technical knowledge of IEC 61508, IEC 61511 (or IEC 62061 for machinery safety)
  • Independent of project stakeholders
  • Suitable qualifications, training and/or independent certification (e.g. CFSE or FS Expert)
Purchase a template

Get a head start with our templates

Like several of the safety life-cycle steps, templates and procedures are necessary to get a good outcome. We provide several procedures and templates for purchase individually, or as a full set.

Take some learning

Learn online now, with one of our self-paced courses

We started developing self-paced online eLearning courses in 2013. Now, we have a full-featured Learning Management System which provides the platform for both TEAMS and individuals to learn at their own pace, 24/7.

Jon Keswick

Certified Functional Safety Expert - CFSE


If you need to conduct a fair yet objective SIL study chair, independent expertise is often crucial. It would help if you had someone with sufficient experience, authority and technical capability to lead and guide you to a conclusion.

Download CV

Get the SIL resumé

CASE STUDY
SIL Verification

We provided SIL verification support for an entire package of turbomachinery safety functions for a well-known Small Gas Turbine (SGT) supplier.

We reviewed the SIL target assessment, supported the authoring of the system and functional safety requirements specification, and provided the probability of failure calculations for every function within the gas turbine (GT) range.


Our comprehensive report enabled the GT supplier to demonstrate that the required SIL targets could be met by the hardware design.

Related Functional Safety BLOG Articles

Are the terms "Mean Time Between Failures" (MTBF) and "Safety Integrity Level"

Achieving complete compliance with "risk-based" functional safety standards like IEC 61511 is

Read on to see the software buyer's guide table...a comparison of 4

>