Safety Integrity Level
Also known as: SIL
Safety Integrity Level (SIL) is a four-level rating defined in IEC 61508 that measures how reliably a safety function performs when called on. Higher SIL means greater risk reduction and stricter design, hardware, and verification requirements.
Last updated: April 2026
Key Facts
- Term
- Safety Integrity Level
- Abbreviation
- SIL
- Defined by
- IEC 61508 (first published 1998, revised 2010)
- Number of levels
- Four (SIL 1, SIL 2, SIL 3, SIL 4)
- Highest level
- SIL 4 (greatest risk reduction)
- Lowest level
- SIL 1 (least risk reduction)
- Industries
- Process, machinery, automotive, rail, medical devices
- Sector adaptations
- IEC 61511 (process), ISO 26262 (automotive, uses ASIL), IEC 62061 (machinery), EN 50128 (rail)
- Recognised certification schemes
- TUV Rheinland, TUV SUD, CFSE, exida
- Typical course duration
- 3 to 5 days
- Assessment
- Written exam under a recognised scheme
What is Safety Integrity Level (SIL)?
SIL is a discrete rating (SIL 1, 2, 3, or 4) assigned to a safety function based on the probability that it will perform when called on. SIL 4 represents the highest reliability and risk reduction; SIL 1 the lowest.
The level for a given safety function is determined through Hazard and Risk Analysis (HARA) or Layer of Protection Analysis (LOPA), which weighs the severity of a potential hazard against the likelihood of occurrence and the available risk reduction. Once assigned, the SIL constrains the design, hardware fault tolerance, software development rigour, and verification activities required for that safety function. SIL was first defined in IEC 61508 and is now applied across multiple sector-specific safety standards.
SIL Levels and Probability of Failure
The four SIL levels each have defined probability targets for dangerous failure under low-demand and high-demand operating modes.
| SIL | Risk Reduction Factor | PFD (Low Demand) | PFH (High Demand) | Typical Application |
|---|---|---|---|---|
| SIL 1 | 10 to 100 | ≥10⁻² to <10⁻¹ | ≥10⁻⁶ to <10⁻⁵ | Lower-risk safety functions |
| SIL 2 | 100 to 1,000 | ≥10⁻³ to <10⁻² | ≥10⁻⁷ to <10⁻⁶ | Medium-risk industrial functions |
| SIL 3 | 1,000 to 10,000 | ≥10⁻⁴ to <10⁻³ | ≥10⁻⁸ to <10⁻⁷ | Critical process safety functions |
| SIL 4 | 10,000 to 100,000 | ≥10⁻⁵ to <10⁻⁴ | ≥10⁻⁹ to <10⁻⁸ | Highest-risk applications |
PFD is Probability of Failure on Demand, used for safety functions called on infrequently. PFH is Probability of Failure per Hour, used for continuously operating safety functions. SIL 4 is rare in industrial process applications because the design and verification cost makes it economically impractical for most plants.
How SIL Relates to Other Safety Standards
- IEC 61511: Uses SIL directly. Applies to safety instrumented systems in process industries.
- ISO 26262: Uses ASIL (A, B, C, D) instead of SIL. Applies to electrical and electronic systems in road vehicles.
- IEC 62061: Uses SIL directly. Applies to safety-related electrical control systems on machinery.
- EN 50128: Uses Software Safety Integrity Level (SSIL). Applies to railway software.
- IEC 62304: Uses Software Safety Class (A, B, C). Applies to medical device software.
ASIL D in ISO 26262 is broadly comparable to SIL 3 in rigour, though the two are computed differently and ISO 26262 does not provide a formal mapping.
How Functional Safety Training Providers Deliver SIL Courses
Training providers deliver SIL courses as three to five day cohorts under a recognised certification scheme, combining instructor-led sessions with a written certification exam.
A typical provider delivers IEC 61508 foundation training, SIL determination workshops, and TUV-recognised certification preparation across multiple regions and languages. Delegates include hardware engineers, software engineers, system integrators, and safety assessors. Delivery requires cohort-based scheduling, identity verification at exam, audit-ready completion records, and verifiable certificates aligned to the recognised scheme. Providers also run private corporate cohorts for client engineering teams under their own branded portal.
Common Questions
What SIL training do most engineers need?
It depends on the role and sector. Process engineers and assessors typically take IEC 61508 foundation plus IEC 61511. Automotive engineers take ISO 26262 (which uses ASIL). Machinery engineers take IEC 62061 or ISO 13849. Most certified practitioners pursue a recognised scheme such as TUV Rheinland, TUV SUD, or CFSE.
What is the difference between SIL and ASIL?
SIL is defined in IEC 61508 and uses probabilistic targets (PFD, PFH) across four levels. ASIL is defined in ISO 26262 for automotive use and uses qualitative hazard analysis based on Severity, Exposure, and Controllability across four levels (A, B, C, D). The two are conceptually related but computed differently and not formally interchangeable.
How long does a TUV-recognised SIL course typically take?
Three to five days of instructor-led training plus a written exam. Many providers offer blended formats with self-paced pre-work, live workshops, and post-course CPD content across the certification cycle (typically three to five years).
What does an LMS need to deliver SIL training to certification standards?
Cohort scheduling, identity verification at exam, proctoring support, verifiable certificates, audit-ready reporting, and multi-regional delivery. Multi-tenant capability matters when the provider runs both public open-enrolment courses and private corporate cohorts under one academy.
Train Your Delegates with Blend-ed
Blend-ed is the AI-native LMS for functional safety training companies. TUV SUD-approved IEC 61508 provider Risknowlogy runs its full operation on Blend-ed.
- Read: Best LMS for Functional Safety Training Companies in 2026
- Compare: Best LMS for External Training Providers in 2026
