Navigating the Functional Safety Dilemma: Bridging the Gap Between Supplier Commitments and SIL Compliance

30 August 2023 · Dr. Michel Houtermans · 4 min read
functional safety
Navigating the Functional Safety Dilemma: Bridging the Gap Between Supplier Commitments and SIL Compliance

A common scenario in functional safety: an end user contracts a supplier for SIL-compliant safety functions at a fixed price. Both parties agree on the scope. But when a third-party certifier evaluates the result, compliance gaps emerge — and neither side budgeted for the rework. This article explains why this happens and how to prevent it.

The dilemma: commitment vs. competence

The end user's perspective is straightforward — they want assurance of SIL compliance within a fixed budget. They expect safety functions that meet the prescribed SIL levels, thereby reducing risk to acceptable levels.

The supplier commits to delivering SIL compliance within the agreed price. Their proficiency in hardware and software delivery may be strong, but the full scope of SIL compliance often exceeds their expertise.

The key question is: did both parties fully understand what SIL compliance requires — before they agreed on a price?

Why SIL compliance is more complex than it appears

SIL compliance is not a single deliverable — it is a lifecycle commitment. It requires deep understanding of failure rates, diagnostic coverage, fault tolerance, architectural constraints, software safety techniques, verification, validation, and documentation. It spans hardware, software, and management.

When either the end user or the supplier lacks this understanding, gaps emerge. These gaps may be rooted in misunderstanding the standard, underestimating the effort, or assuming that a PFD calculation equals compliance.

Key insight: SIL compliance is not a box to check. It is a structured process that touches every phase of the safety lifecycle — from hazard analysis through to operation and maintenance.

The role of third-party certifiers

The turning point arrives when a third-party certifier evaluates the work. Certifiers are equipped with the expertise to assess SIL adherence — and they often uncover gaps that neither the end user nor the supplier anticipated.

These gaps may involve incomplete documentation, insufficient verification evidence, unqualified tools, missing common-cause failure analysis, or software that was not developed to the required SIL techniques. At this stage, the fixed-price contract becomes a problem: who pays for the rework?

Six strategies to prevent the dilemma

1. Invest in education — on both sides

Both end users and suppliers must understand what SIL compliance actually requires before entering into a contract. This includes failure rates, diagnostic coverage, architectural constraints, software techniques, and the full scope of lifecycle evidence. A one-day overview is not enough — formal training and certification build the competence needed to scope the work correctly.

2. Communicate openly

End users must clearly articulate their expectations — not just "SIL 2 compliance" but what evidence, documentation, and verification they expect. Suppliers must honestly communicate their limitations and experience. Misaligned expectations are the root cause of most compliance disputes.

3. Conduct a holistic risk assessment upfront

Before signing a contract, assess the risks to the project itself — not just the process risks. Where are the competence gaps? Where is the scope likely to grow? What assumptions are being made about tools, data, and standards interpretation? A preemptive assessment identifies these before they become compliance issues.

4. Engage functional safety experts early

Independent functional safety consultants can review the scope, assess the supplier's readiness, and identify gaps before work begins. This is far cheaper than discovering gaps during certification.

5. Build flexibility into contracts

Fixed-price contracts for SIL compliance work when the scope is well understood. When it is not, rigidity creates conflict. Integrate flexibility and contingency for unexpected complexities — or structure the contract in phases with review gates.

6. Commit to continuous learning

Functional safety is an evolving field. Standards are updated. Techniques improve. New tools emerge. Both end users and suppliers must commit to keeping their knowledge current — not just at the start of a project, but throughout.

The functional safety dilemma is not a technical problem — it is a competence and communication problem. When both sides understand what SIL compliance requires, the contract reflects reality instead of assumptions.

Conclusion

The gap between commitment and compliance is where functional safety projects fail. Bridging that gap requires education, honest communication, early expert involvement, and contracts that reflect the true scope of the work. When end users and suppliers approach SIL compliance as a shared responsibility — not a transaction — the result is safer systems, fewer surprises, and projects that stay on track.

Related articles

Go deeper — IEC 61508 Certification Course

Our IEC 61508 course covers the full safety lifecycle, SIL compliance requirements, verification, and safety case preparation — for engineers and managers who need to get compliance right from the start.

Explore the course → Ask us a question

← Back to all articles
We use cookies
Cookie preferences
Below you may find information about the purposes for which we and our partners use cookies and process data. You can exercise your preferences for processing, and/or see details on our partners' websites.
Analytical cookies Disable all
Functional cookies
Other cookies
We use cookies to personalize content and ads, to provide social media features and to analyze our traffic. Learn more about our cookie policy.
Accept all Decline all Change preferences
Cookies