SIL Verification ≠ PFD Calculation
In functional safety, the term "SIL Verification" is widely used — but often incorrectly. In many cases, what is called SIL Verification is actually only a PFD calculation. While PFD calculations are essential, they are not the same as verification of functional safety work. This article explains the difference — and why it matters.
What a PFD calculation actually verifies
A PFD calculation verifies the design performance of a safety function. It answers questions such as:
- Does the safety function provide sufficient risk reduction?
- Is the selected architecture appropriate for the target SIL?
- Are proof test intervals consistent with the required risk reduction?
PFD stands for Probability of Failure Dangerous — the likelihood that a safety function fails dangerously when it is required to act. Depending on the mode of operation, this is expressed as:
- PFDavg — average probability of dangerous failure on demand
- PFH — probability of dangerous failure per hour
Important: PFD and PFH values describe design integrity. They do not confirm that the work was done correctly.
Verification is about the work — not just the result
Functional safety standards require that work is verified. A PFD calculation is work. And that work must be verified.
Verification typically includes checking:
- Assumptions used in the calculation
- Input data sources and justification
- Failure rates and diagnostic coverage
- Architectural constraints
- Applied methods and tools
- Independence of the verifier
Producing a number — even a correct one — is not sufficient. Verification ensures that the calculation is appropriate, justified, and defensible. This principle applies across the entire functional safety lifecycle.
The right question is not "What is the PFD?" — it is "Can you prove that the PFD calculation is correct, complete, and justified?"
"SIL Verification" is not a defined term
Another common misconception is that SIL Verification is a formally defined activity. It is not.
In standards such as IEC 61511 (with IEC 61508 as the generic standard):
- SIL is defined
- Verification is defined
But the combined term "SIL Verification" is not.
Using informal terminology is not necessarily wrong, but it often leads to:
- Different meanings to different people and companies
- Narrow interpretation of scope
- Overemphasis on calculations
- Underestimating lifecycle verification activities
Tools do not equal functional safety competence
Many professionals described as SIL Verification experts are, in reality, highly skilled in PFD calculation tools — but limited in broader functional safety lifecycle knowledge.
Being a tool expert is valuable. But it is not the same as being a functional safety verifier. Verification requires:
- Lifecycle understanding
- Standards interpretation
- Independence
- Professional judgement
Important: Confusing tool competence with verification competence introduces risk — both to the project and to the people the safety function is supposed to protect.
Why this distinction matters
Functional safety is about confidence:
- Confidence in the design
- Confidence in the work performed
- Confidence in independent verification
Reducing functional safety to a single PFD value undermines that confidence. Verification exists to ensure that safety decisions are robust, justified, and defensible.
Final thought
PFD calculations are essential. Verification is essential. They are not the same thing.
Understanding the difference is a fundamental step toward mature functional safety practice.
Go deeper — IEC 61511 Certification Course
Our IEC 61511 course covers SIL verification, PFD calculations, architectural constraints, and the full safety lifecycle — for engineers who want precision, not shortcuts.
Explore the course → Ask us a question