functional safety

The objective of Functional Safety is to eliminate or minimize unacceptable risks to People, Equipment and the Environment. To achieve this objective, different types of measures can be combined and different layers of protection implemented, such as the Safety Instrumented System (SIS).

The Standard IEC 61508 is used by manufacturers to certify their products (sensors, PLCs and final elements) and it is also the standard that serves as a basis for developing other specific standards for each sector, such as IEC 61511 for the process industry, IEC 62061 for machinery, EN 50126/128/129 for the railway sector and others.

On this website we put the focus on the process industry and the IEC 61508/61511 standards.

functional safety



  • Process Hazard Analysis (PHA)
  • Protection Layers.
  • Definition of SIFs.
  • Determination of SIL.
  • Safety Requirement Specification (SRS)

The main part of this phase is the SRS.

Read more


  • Technology Selection.
  • Design of SIFs.
  • Proof Test definition.
  • SIL Verification, Construction, FAT/SAT
  • Validation & FSA

The main part is the Validation of the SIS before going into service.


  • Maintenance Plan & Training
  • Use of bypass, proof tests, inspections
  • Repairing, spare parts, failure register
  • SIS modifications
  • Functional Safety Assessment (FSA)

It is the longest phase of the SIS life cycle and crucial to maintain the integrity of the SIFs over time.

SIS Systematic Failures are a crucial part of the SIS Life Cycle and are probably the cause of most accidents.

Safety Instrumented Function (SIF)

The Safety Instrumented Function is composed of three subsystems: SENSOR, LOGIC SOLVER and ACTUATOR. Its objective is the safety of People, Equipment and the Environment. During the Process Hazard Analysis (PHA) the SIF is defined and the required SIL is determined, as well as other values such as the RRF (Risk Reduction Factor), the MTTFS (average time in years between two spurious process trips) and other parameters used in the calculation of the Probability of Failure (PFDavg / PFH) (Read more).

Sensor Subsystem

It covers the connection to the process (remote seal, etc.), the instrument (transmitter or switch), the wiring to the PLC cabinet and the input interface (electrical isolators, I.S. barriers, etc.).

It is best to use 4-20 mA transmitters that allow software routines to be implemented in the PLC to diagnose the dangerous failures of the instrument.

The most used architectures of this subsystem are 1oo1, 1oo2, 2oo2 and 2oo3.

Logic Solver Subsystem

It is recommended to use a manufacturer-certified safety PLC up to the highest SIL of all SIFs. The Safety PLC normally has a very high self-diagnostic capability (>95%), which significantly reduces the frequency of so-called “Proof Tests”. The application program is the crucial part of the Logic Solver that must be thoroughly tested.

The most common architectures are 1oo1D, 1oo2D, 2oo4D and 2oo3D. The logic of the SENSOR and ACTUATOR subsystems resides in the PLC application software. Read more


Actuator Subsystem

It covers the output interface (interposing relay, solenoid driver, signal isolator, IS barrier, etc.), the wiring to the field, and the final element [1. Final element interface (solenoid valve) + actuator (spring return, etc.) + valve (ball, butterfly, etc.) or 2. Alarm Horn, Lamp, Relay/Contactor, Motor Starter, Motor Operated Valve, etc.].

It is normally the weak link of the Safety Function as they are mechanical elements, some such as the valve in direct contact with the process. The most used architectures of this subsystem are 1oo1, 1oo2 and 2oo2.



Consulting Services for all Life Cycle of the Safety Instrumented System (SIS).

  • Process Hazard Analysis, Assignment of Protection Layers and SIL Allocation, preparation of SRS, studies in ATEX zones, Engineering of Instrumentation.
  • SIL Verification with exSILentia or with our own software SILcet.
  • Analysis of different design alternatives of the Safety Instrumented Function, comparing cost versus compliance with the Standard.
  • Assistance in the validation of compliance with IEC 61511 (FAT, SAT, existing installation). Design of Commissioning and O&M Procedures.
  • FSA (Functional Safety Assessment): Audit according to IEC 61511.
  • Engineering to upgrade the SIS of the process or equipment to meet the safety standards such as IEC-61508/61511.


We provide training courses about Functional Safety (open, In-company, online).

SIS Analysis Phase. Training focused on the methodologies used in the Process Hazard Analysis (PHA), in the assignment of Protection Layers and SIL allocation, and in the Preparation of SRS (Safety Requirement Specification).

Functional Safety Course (online). It includes the 3 Phases of SIS Life Cycle: Risk Analysis, Design & Implementation, Operation & Maintenance (Read more).

Design of SIFs and SIL verification (online). Focused on the design of Safety Instrumented Functions (SIF) using the SILcet tool developed by us and following the Standards IEC61508/61511 & ISA TR84. It’s focused on practical examples to learn how to design SIFs, comparing different solutions according to the architectures and the elements used (Read more).

Certification Exam. We issue two types of certifications. Read more.


  • Excel tool for SIL verification of Safety Instrumented Functions (Read more).
  • Performs calculations in accordance with IEC-61508/61511 (routes 1H / 2H) taking into account the three SIL requirements of the Standard (systematic capacity, probability of failure and architectural constraints).
  • It allows all kinds of architectures, simple and complex, and incorporates many macros in VBA to compare SIF, generate various types of reports and other functions.