functional safety

The objective of Functional Safety is to eliminate or minimize unacceptable risks to People, Equipment and the Environment. To achieve this objective, different types of measures can be combined and different layers of protection implemented, such as the Safety Instrumented System (SIS).

The Standard IEC 61508 is used by manufacturers to certify their products (sensors, PLCs and final elements) and it is also the standard that serves as a basis for developing other specific standards for each sector, such as IEC 61511 for the process industry, IEC 62061 for machinery, EN 50126/128/129 for the railway sector and others.

On this website we put the focus on the process industry and the IEC 61508/61511 standards.

functional safety

SIS Life Cycle: Analysis, Implementation, O & M


  • Process Hazard Analysis (PHA)
  • Protection Layers.
  • Definition of SIFs.
  • Determination of SIL.
  • Safety Requirement Specification (SRS)


  • Technology Selection.
  • Design of SIFs.
  • Proof Test definition.
  • SIL Verification, Construction, FAT/SAT
  • Validation & FSA


  • Maintenance Plan & Training
  • Use of bypass, proof tests, inspections
  • Repairing, spare parts, failure register
  • SIS modifications
  • Functional Safety Assessment (FSA)

During the O&M phase is crucial to maintain the integrity of the SIFs over time.

Read more

SIS Systematic Failures are a crucial part of the SIS Life Cycle and are probably the cause of most accidents.

Safety Instrumented Function (SIF)

The Safety Instrumented Function is composed of three subsystems: SENSOR, LOGIC SOLVER and ACTUATOR. Its objective is the safety of People, Equipment and the Environment. During the Process Hazard Analysis (PHA) the SIF is defined and the required SIL is determined, as well as other values such as the RRF (Risk Reduction Factor), the MTTFS (average time in years between two spurious process trips) and other parameters used in the calculation of the Probability of Failure (PFDavg / PFH) (Read more).

Sensor Subsystem

It covers the connection to the process (remote seal, etc.), the instrument (transmitter or switch), the wiring to the PLC cabinet and the input interface (electrical isolators, I.S. barriers, etc.).

It is best to use 4-20 mA transmitters that allow software routines to be implemented in the PLC to diagnose the dangerous failures of the instrument.

The most used architectures of this subsystem are 1oo1, 1oo2, 2oo2 and 2oo3.

Logic Solver Subsystem

It is recommended to use a manufacturer-certified safety PLC up to the highest SIL of all SIFs. The Safety PLC normally has a very high self-diagnostic capability (>95%), which significantly reduces the frequency of so-called “Proof Tests”. The application program is the crucial part of the Logic Solver that must be thoroughly tested.

The most common architectures are 1oo1D, 1oo2D, 2oo4D and 2oo3D. The logic of the SENSOR and ACTUATOR subsystems resides in the PLC application software. Read more

Actuator Subsystem

It covers the output interface (relay, isolator, IS barrier, etc.), the wiring to the field, and the final element [1. Final element interface (solenoid valve) + actuator (spring return, etc.) + valve (ball, butterfly, etc.) or 2. Alarm Horn, Lamp, Relay/Contactor, Motor Starter, Motor Operated Valve, etc.].

It is normally the weak link of the Safety Function as they are mechanical elements, some such as the valve in direct contact with the process. The most used architectures of this subsystem are 1oo1, 1oo2 and 2oo2.



Consulting Services for all Life Cycle of the Safety Instrumented System (SIS).

Process Hazard Analysis, Assignment of Protection Layers and SIL Allocation, preparation of SRS, studies in ATEX zones, Engineering of Instrumentation.

SIL Verification with exSILentia or with our own software SILcet.

-Analysis of different design alternatives of the Safety Instrumented Function, comparing cost versus compliance with the Standard.

Assistance in the validation of compliance with IEC 61511 (FAT, SAT, existing installation). Design of Commissioning and O&M Procedures.

FSA (Functional Safety Assessment): Audit according to IEC 61511.

Engineering to upgrade the SIS of the process or equipment to meet the safety standards such as IEC-61508/61511.

-Assistance for the implementation of IEC 61511 (procedures and other documents).

-FSM Certification for service providers.


We provide training courses about Functional Safety (open, In-company, online).

SIS Analysis Phase. Training focused on the methodologies used in the Process Hazard Analysis (PHA), in the assignment of Protection Layers and SIL allocation, and in the Preparation of SRS (Safety Requirement Specification).

Functional Safety Course (online). It includes the 3 Phases of SIS Life Cycle: Risk Analysis, Design & Implementation, Operation & Maintenance (Read more).

Design of SIFs and SIL verification (online). Focused on the design of Safety Instrumented Functions (SIF) using the SILcet tool developed by us and following the Standards IEC61508/61511 & ISA TR84. It’s focused on practical examples to learn how to design SIFs, comparing different solutions according to the architectures and the elements used (Read more).

Cyber HAZOP Analysis (online). Practical course on cybersecurity risk analysis methodologies (read more).

Certification Exam. We issue two types of certifications. Read more.


Excel tool for SIL verification of Safety Instrumented Functions (Read more).

-Performs calculations in accordance with IEC-61508/61511 (routes 1H/2H/61511) taking into account the three SIL requirements of the Standard (systematic capacity, probability of failure and architectural constraints).

-New “SRS_Tool” to create the Safety Requirement Specification and customized SILcet Reports.