A safety integrity level (SIL) is not a property of a system, subsystem or component. The correct interpretation of this phrase is that the system, subsystem or component is capable of supporting safety functions with a safety integrity level up to n. This in itself is not sufficient to achieve a safety function of the required safety integrity level.

The safety integrity level capability of a subsystem determines the highest safety integrity level that can be claimed for any safety function that uses the subsystem. For this reason, the term safety integrity level claim limit is sometimes used instead. A SILn capability or claim limit (where n is 1,2,3 or 4) is determined for each subsystem by achieving a or b below.

The design requirements for SILn to prevent and control systematic faults in accordance with IEC 61508-2 and IEC 61508-3; or
The proven in use requirements for SILn in accordance with 7.4.7.6 to 7.4.7.10 of IEC 61508-2.
Other information about the system, subsystem or component is also necessary to facilitate a demonstration that the required safety integrity level of the safety function in the E/E/PE safety-related system will be achieved.

 

This text contains extracts from the IEC Functional Safety Zone. All such extracts are copyright of International Electrotechnical Commission © 2005, IEC, Geneva, Switzerland. All rights reserved. IEC has no responsibility for the placement and context in which the extracts are reproduced. This notice takes precedence over any general copyright statement.