Safety Integrity Level (SIL) and Performance Level (PL)

This short article provides an overview of the standards and methodologies applied to achieve a safe operating state of plants and machines, based on the concepts of Safety Integrity Level – SIL and Performance Level – PL.

Some risks for the operators’ safety may be caused by the use of devices in production plants, such as the use of automated systems in ATEX classified areas or the presence of robotic system in the working environment. Such risks need to be carefully assessed and often it is necessary to measure and quantify the risk reduction factor.


Safety Integrity Level – SIL: 


The IEC Standard 61508 – Functional safety defines the Safety Integrity Level SIL as the reliability of a component, equipment and system used in safety applications.

The safety systems usually consist of:

  • Sensors and transducers
  • Control systems (with possible safety software)
  • Final elements (actuators/safety function actuators)

Within the standard, the risk reduction factors are specified through the definition of three parameters:

  • PFDavg: Average probability of failure on demand
  • PFH: Probability of failure per hour
  • RRF: Risk reduction factor

These parameters are related with the SIL level as showed in the following table:


SIL 1 10-2 ≤ PFD < 10-1 10-5 ≤ PFH < 10-6 10 ≤ RRF < 100
SIL 2 10-3 ≤ PFD < 10-2 10-6 ≤ PFH < 10-7 100 ≤ RRF < 1.000
SIL 3 10-4 ≤ PFD < 10-3 10-7 ≤ PFH < 10-8 1.000 ≤ RRF < 10.000
SIL 4 10-5 ≤ PFD < 10-4 10-8 ≤ PFH < 10-9 10.000 ≤ RRF < 100.000


It can be seen that a higher SIL level implies a higher risk reduction, that’s why the SIL level required by the hazard and operability study (HAZOP) depends on the risk factor that needs to be reduced.


Performance Level – PL: 

The Performance Level – PL stands for the discrete level used to specify the capability of safety related parts of control systems – SRP/CS.

Therefore, 5 different performance levels of the protection system are defined, linked to the probability of dangerous failure of the system itself. Dangerous failure means a failure that may lead the SRP/CS into a dangerous or incapacitated state.

The 5 levels of PL are indified by the use of letters: a, b, c, d, e; where letter a indicates the lower PL (therefore related to lower risks), while letter e represents the higher PL (therefore related to higher risks). 


