Method Functional Safety

SIS Design and Engineering

Design and Engineering of the SIS involves both hardware and application software design, using only compliant components with the correct hardware fault tolerance.

Clause 14 of IEC 61511 – describing the approach to SIS Design and Engineering – makes up 11 of the 77 pages of Part 1 of the standard. There is much detail to absorb, but in summary the Clause describes:

  • Specific requirements for the design, such as:
    • The need to meet the requirements of the SRSSafety Requirements Specification through the design.
    • What should be included in the design (e.g., a manual means of activating the SIS final elements).
    • How power supplies should be managed when the SIFSafety Instrumented Function does not enter the safe state on loss of power.
    • What types of serial communication can be used in SIF implementation.
  • Requirements on response to detection of a fault.
  • Which devices are considered suitable for use in a SIF compliant with IEC 61511.
  • Determining Hardware Fault Tolerance (redundancy by another name).
  • Maintenance and engineering interfaces (HMI – Human Machine Interfaces).
  • How to determine the overall reliability of the SIF.

SIS Design – Application Program

IEC 61511 provides relatively little guidance on how the SIS Application Program should be developed – but this limited guidance is appropriate for programming with “Limited Variability Languages” (LVL). Examples of such languages would be ladder logic, function block diagram and structured text. These languages are very constrained (or “limited” - hence LVL). The logic solver will be programmed by way of the product suppliers programming tool / engineering workbench. This programming environment will usually be further constrained by preventing any “unsafe” programming actions within the programming tool.

More complex, powerful programming languages (such as “C”) are known as “Fully Variable Languages” (FVL). These  could be used to develop the logic solver’s application program – but these powerful languages need a different level of control in order for them to be employed in safety applications. Since they are so flexible, it would be entirely possible to implement an “unsafe” approach. It follows that the rule set for programming in an environment such as this would need to be very robust and comprehensive. Such rules for programming are found in IEC 61508 Part 3 (“Software Requirements”). This document provides more than 100 pages of guidance and is supported by other informative parts of IEC 61508. Use of FVL languages is normally restricted to product suppliers developing the operating systems for logic solvers. It would be unusual for the Application Program to be developed in this way. It is allowed by IEC 61511 to develop Application Program using an FVL language – but this must be done to the ruleset in IEC 61508 Part 3 (>100 pages) rather than to the ruleset within IEC 61511 Clause 12 (5 pages).

What =Method can do for you

  • Deliver “SIS Design FEED Studies”.
  • Provide independent verification of SIS Design and SIS Application Programming.
  • Train and mentor SIS Design Engineers. (Note that =Method does not provide (detailed) SIS Design and SIS Application Programming services – but we are happy to work with clients to identify suitable systems integration partners who can provide these services).
  • Carry out Stage 2 Functional Safety Assessments.
  • Alarm Management.

Most recent projects for SIS Design

An update to an earlier SIL verification and PFD calculation exercise.

Industry: Oil and Gas Onshore
Topic: SIL Verification and PFD Calculation

For an oil storage facility, carrying out an exercise to confirm that the SIL requirement was correct (under review changed from SIL 1 to SIL 2), identify a replacement for non-compliant contractor and confirm the compliance of a non-certified galvanic isolator by way of a prior use analysis.

Industry: Oil and Gas Onshore
Topic: SIL Verification and PFD Calculation

An Alarm review at a Scottish distillery. The scope covered all SCADA/HMI systems on the site, a total of 700 alarms were reviewed.

Industry: Brewing and Distilling
Topic: Alarm Management

A "SIL Verification" exercise to confirm the compliance of x6 Safety Instrumented Functions for a Boiler package vendor. Reviewing the design against the SRS, confirming compliance of the SIF components, checking that the correct hardware fault tolerance had been selected and that the PFD calculations were correct.

Industry: Process - General
Topic: SIL Verification and PFD Calculation

Confirming compliance with 61508/61511 for a number of devices intended for use on an offshore gas platform.

Industry: Oil and Gas Offshore
Topic: SIL Verification and PFD Calculation

View all of our recent projects here

Functional Safety Consultancy

=Method's specialist, expert consultants support industries across the entire Functional Safety Lifecycle. If you need help please contact us.

Functional Safety Training

=Method delivers training in public venues, In-house and online. See more about how we deliver training here.

Functional Safety Lifecycle

Functional Safety Management
Functional Safety Audit
What is Functional Safety?What is functional safety?
I am new to this, how do i start?What is functional safety?

E: T: 44 (0)1462 713313. W:

LinkedinMethod Functional Safety member of InstMC
subscribe to course updates
Keep up-to-date
Receive our views on the latest industry developments and/or our latest training course dates.

Functional Safety + Process Safety + Cyber Security + Compliance Assessment + Competency Register + Software Solutions = Method Safety and Security

Address: Method Functional Safety Ltd. Method House, Davis Crescent, Hitchin, SG5 3RB
Phone: +44 (0)1462 713313 Email: Website:

Terms and Conditions | Privacy Policy. Registered In England 08453480. VAT No. GB 159 9080 70. Site © Copyright Method Functional Safety Ltd 2024