How to Describe a Safety Function Correctly — IEC 61511

The safety function description is the single most important element in achieving functional safety and SIL compliance. If this foundation is weak, everything built on top of it will be flawed.

Why the Safety Function Description Matters

Every safety lifecycle activity—design, verification, validation, operation—depends on how clearly and correctly the safety function is defined.

A poor description leads to:

• Incorrect system design
• Misinterpretation by engineers and integrators
• Inadequate testing and validation
• Ultimately, non-compliant and unsafe systems

The key question is: are your safety functions described in a way that can be correctly implemented and verified?

The SLATS Concept

A robust safety function description follows the SLATS concept:

Sense

What parameter are you measuring? This defines how the hazard is detected (e.g., pressure, temperature, level, gas concentration).

Logic

What condition triggers the safety action? This defines the decision-making criteria (e.g., threshold, rate of change, combination of inputs).

Actuate

What action is taken to bring the system to a safe state? This defines the protective response (e.g., shut down, isolate, vent, start system).

Time

How quickly must the action occur? Timing is critical and directly linked to risk reduction.

SIL

How reliable must the function be? This defines the required Safety Integrity Level and performance targets.

Example of a Good Safety Function Description

Measure the level of smoke, and if the level reaches 1000 ppm, start the ventilation system within 10 seconds. Perform this function according to SIL 3 requirements.

This example clearly defines:

• Sense: Smoke level
• Logic: Threshold at 1000 ppm
• Actuate: Start ventilation system
• Time: Within 10 seconds
• SIL: SIL 3

Common Mistakes

• Describing the solution instead of the intention
• Missing timing requirements
• Vague or undefined thresholds
• No clear link to hazard and risk analysis
• Not specifying SIL or performance requirements

Pro Tip: Describe the Intention, Not the Solution

A critical mistake in many projects is specifying how the safety function should be implemented instead of what it must achieve.

For example:

• Wrong: “Use a pressure transmitter PT-101 and shut valve XV-202.”
• Right: “Measure pressure and isolate the system if pressure exceeds X within Y seconds.”

By focusing on intention:

• You maintain a clear link to the hazard
• You allow optimal design solutions
• You avoid locking the system into suboptimal implementations

Practical Suggestions to Improve Safety Function Descriptions

• Always derive safety functions directly from hazard and risk analysis
• Use the SLATS structure consistently
• Define measurable thresholds and conditions
• Specify clear timing requirements
• Link each safety function to a SIL target
• Review descriptions with multidisciplinary teams
• Validate that the function can be tested and verified

Conclusion

The safety function description is not just documentation—it is the blueprint of your safety system.

When done correctly, it ensures alignment between hazard analysis, design, implementation, and verification. When done poorly, it guarantees problems later in the lifecycle.