What is the relationship between SFF and PFD?

12 December 2022 · Dr. Michel Houtermans · 2 min read
functional safety
SFF and PFD

SFF and PFD are two of the most misunderstood parameters in functional safety. Many engineers use them interchangeably — but they represent fundamentally different concepts and are used at different stages of the safety lifecycle.

SFF vs PFD — What’s the Difference?

At first glance, SFF (Safe Failure Fraction) and PFD (Probability of Failure on Demand) seem closely related. After all, both involve failure rates.

But that is where the similarity ends.

  • SFF is a property of a device
  • PFD is a property of a complete safety function

Key Insight: SFF helps you design the system. PFD proves that the system works.

Understanding SFF (Safe Failure Fraction)

The Safe Failure Fraction (SFF) describes how a device behaves when it fails.

It is the ratio of safe failures and detected dangerous failures compared to all failures.

In simple terms:

  • A higher SFF means the device is more fail-safe
  • Or it has better diagnostics

SFF is used to determine the required hardware architecture of a subsystem according to IEC 61508.

What SFF Does

  • Helps define hardware fault tolerance (HFT)
  • Supports architectural constraints
  • Reflects diagnostics and fail-safe behavior

What SFF Does NOT Do

  • It does not tell you if your safety function meets SIL
  • It does not represent risk reduction
  • It does not include the full loop behavior

Understanding PFD (Probability of Failure on Demand)

The Probability of Failure on Demand (PFD) describes the likelihood that a safety function will fail when required.

This is the parameter that directly relates to SIL.

  • Low PFD = High safety availability
  • High PFD = Unsafe system

PFD is calculated for the entire safety loop, including:

  • Sensors
  • Logic solver
  • Final elements
  • Test intervals and maintenance

What PFD Does

  • Confirms SIL compliance
  • Quantifies risk reduction
  • Validates the full system design

Side-by-Side Comparison

SFF PFD
Applies to a device Applies to the full safety loop
Ratio Probability
Used for architecture selection Used for SIL verification
Reflects diagnostics and fail-safe design Reflects actual risk reduction

Real-World Example

Imagine a high-level shutdown system on a storage tank:

  • The level transmitter has an SFF of 90%
  • This helps determine whether you need redundancy

But that alone tells you nothing about safety performance.

Only when you calculate the PFD of the entire loop — including logic solver, final element, and proof testing — can you determine whether the system meets SIL 2 or SIL 3.

A high SFF device does not guarantee a low PFD safety function.

Common Mistakes

  • Assuming high SFF means SIL compliance
  • Designing systems based only on device data
  • Ignoring proof test intervals in PFD calculations
  • Confusing component reliability with system safety

Conclusion

SFF and PFD are both essential — but they serve completely different purposes.

  • SFF helps you design the right architecture
  • PFD proves that your safety function actually achieves the required risk reduction

You need both to achieve SIL — but you must understand how and when to use each.

Want to Master SIL Calculations?

Learn how to correctly design and verify safety functions using real-world examples and IEC 61508 / 61511 principles.

Explore the course →

← Back to all articles
We use cookies
Cookie preferences
Below you may find information about the purposes for which we and our partners use cookies and process data. You can exercise your preferences for processing, and/or see details on our partners' websites.
Analytical cookies Disable all
Functional cookies
Other cookies
We use cookies to personalize content and ads, to provide social media features and to analyze our traffic. Learn more about our cookie policy.
Accept all Decline all Change preferences
Cookies