SIF SIS Design

If the SIF is designed, it must then be verified(SIL verification) whether the combination of all components in that SIF (Sensor-Logic Solver-Final Element) achieves the intended result. Here, the limitations of the hardware (failure rates) and architectural constraints are also taken into account. The determination of the failure rates is laid down in standard IEC 61508 (Functional safety of control systems). Architectural Constraints implies the application of redundancy to compensate for this(Hardware Fault Tolerance) (HFT).

Hardware Fault Tolerance refers to the number of faults the system can have without losing its function.

There are two values within the HFT:

  • HFT Dangerous is the number of errors where the system is still safe.
  • HFT Safe is the number of errors at which the system is still available.

The standard IEC 61511 (SIS for Process Industry) defines the HFT Dangerous value (0, 1 or 2) and determines the number of faults that make the system safe. The higher the SIL level, the higher the HFT Dangerous value required.

The required HFT Safe is not fixed in the standard, but depends on how high one wants the availability of a plant to be.

The HFT Dangerous tolerance that gives more safety is 1oo2 (pronounced "One out of One"),1oo3, 1oo4 etc. Think of this as two or more transmitters causing a trip or two or more FAIL Close valves in series.

The HFT Safe tolerance that gives more reliability/availability is 2oo2, 3oo3, 4oo4 etc., see this as two or more transmitters only causing a trip or two or more FAIL Close valves in parallel circuit.

The HFT Dangerous tolerance and the HFT Safe tolerance that gives both more safety and more reliability/availability is 2oo3, 2oo4, 3oo4, etc.


SIS (Safety Instrumented System) is an independent electronic safety layer on top of the control system (DCS) of the plant. This can be done with relays, but nowadays an SIS is usually implemented as a Programmable Electronic System (PES) such as a Programmable Logic Controller (PLC). An SIS almost always contains several SIFs and those SIFs can have different SIL levels. However, the standard does specify how the system must be designed for the various SIL levels. A SIL 2 Safety Instrumented Function (SIF) may therefore not be implemented in a SIL 1 safety system.

The PES (PLC) systems make building SIS a lot easier and more flexible than before, but introduce a new risk as these systems are more susceptible to outside intrusion by cyber-attacks.

There is a separate standard for Cyber Security (IEC 62433) to prevent external intrusion, among other things. IEC 61511 refers to paragraphs from IEC 62433 and vice versa.

SIF SIS Design

"Focus on occupational safety in the prevention of process safety incidents is misleading at best and catastrophic at worst".

- – Enrico Lammers