Functional Safety
Functional safety reduces risk through active systems — sensor, logic, actuator — with a demonstrable, maintained level of integrity. IEC 61508 is the base standard; each sector derives its own variant. Overview of the 61508 family, the integrity scales (SIL, PL, ASIL) and the standards per domain.
The principle
A safety function detects a hazardous condition and brings the installation to a safe state within a defined time. It is assigned an integrity level, the SIL, which quantifies the required risk reduction. Designing the function is not enough: you must prove it achieves that level — and maintain it over the whole life of the plant.
Read the full article: functional safety and IEC 61508IEC 61508 — the base standard
"Functional safety of electrical/electronic/programmable electronic safety-related systems". A generic standard published by the IEC, in seven parts. It is the foundation from which every sector standard derives.
- Part 1General requirements and safety lifecycle
- Part 2E/E/PE systems — hardware
- Part 3Software requirements
- Part 4Definitions and abbreviations
- Parts 5-7SIL determination methods, application guides, techniques
SIL in low-demand mode
When the function is rarely demanded, the SIL is measured by the average probability of failure on demand (PFD) and the associated risk reduction factor. In high-demand or continuous mode, the probability of dangerous failure per hour (PFH) is used.
| SIL | Average PFD | Risk reduction |
|---|---|---|
| SIL 1 | 10⁻² … 10⁻¹ | 10 – 100 |
| SIL 2 | 10⁻³ … 10⁻² | 100 – 1 000 |
| SIL 3 | 10⁻⁴ … 10⁻³ | 1 000 – 10 000 |
| SIL 4 | 10⁻⁵ … 10⁻⁴ | 10 000 – 100 000 |
The 61508 family — standards per sector
Each sector tailors IEC 61508 to its constraints. Process and railway keep the SIL scale; machinery adds the performance-level (PL) approach; automotive has its own scale (ASIL).
| Standard | Sector | Scale | Sheet |
|---|---|---|---|
| IEC 61508 | All industries — base standard | SIL 1–4 | View → |
| IEC 61511 | Process (refining, chemicals, pharma, energy) | SIL 1–4 | View → |
| IEC 62061 | Machinery | SIL 1–3 | View → |
| ISO 13849 | Machinery (performance-level approach) | PL a–e | View → |
| ISO 26262 | Automotive | ASIL A–D | View → |
| IEC 61513 | Nuclear — I&C | SIL / cat. | soon |
| EN 50126 / 50128 / 50129 | Railway (RAMS, software, signalling) | SIL 1–4 | soon |
| VDI/VDE 2180 | Process — German application guideline | PLT / SIL | soon |
VDI/VDE 2180
A series of German guidelines (VDI/VDE) dedicated to the functional safety of process plants using process control technology (PLT). It is the practical companion to IEC 61511 / 61508 in the German-speaking world: sheet by sheet (Blatt), it details the specification, design, verification and operation of PLT protective functions. Widely used by operators and TÜV bodies in Germany.
Three integrity scales
SIL 1–4
IEC 61508 / 61511 / 62061
Safety Integrity Level. Measured by PFD (low demand) or PFH (high demand), plus architectural constraints and systematic capability.
PL a–e
ISO 13849
Performance Level for machinery. Combines architecture category, MTTFd, diagnostic coverage and common cause. PL e ≈ SIL 3.
ASIL A–D
ISO 26262
Automotive Safety Integrity Level. Determined by severity, exposure and controllability of the hazard. D is the most demanding; QM = no safety requirement.
Related specialties
Safety PLC
Safety controllers that execute the functions (1oo2D, 2oo3, HIMA, Triconex, Pilz, Siemens F).
Open →PLC
Standard IEC 61131-3 automation — the base on which the safety layer is added.
Open →ATEX / Explosive atm.
Often combined with SIL: a safety function in an Ex zone must be both Ex- and SIL-rated.
Open →Cybersecurity OT
A connected SIS is a target (Triton, 2017). Functional safety and cyber can no longer be treated separately.
Open →