What is PFDavg in SIL verification?

PFDavg (average Probability of Failure on Demand) is the average probability that a Safety Instrumented Function will fail to perform its intended safety action when a process demand occurs. It is calculated over the proof test interval and is the primary metric for SIL verification in low-demand mode per IEC 61511.

How is PFDavg calculated for a 1oo2 architecture?

For a 1oo2 (one-out-of-two) voting architecture, PFDavg accounts for both independent failures and common cause failures: PFDavg = (lambda_DU x TI)^2 / 3 + beta x lambda_DU x TI/2, where lambda_DU is the dangerous undetected failure rate, TI is the proof test interval, and beta is the common cause failure factor (typically 2-10%).

What are architectural constraints in IEC 61511?

Architectural constraints define the minimum Hardware Fault Tolerance (HFT) required for each SIL level. For SIL 1, HFT of 0 (1oo1) is acceptable. For SIL 2 with Type B devices, HFT of 1 (e.g., 1oo2) is required. For SIL 3, HFT of 2 (e.g., 2oo3) is typically required for Type B devices. These constraints ensure that no single component failure can prevent the safety function.

What is the difference between SIL and PFDavg?

SIL (Safety Integrity Level) is a discrete classification (1-4) that defines the required reliability of a safety function. PFDavg is the calculated probability of failure that determines the achieved SIL. SIL 1 corresponds to PFDavg of 0.01-0.1, SIL 2 to 0.001-0.01, SIL 3 to 0.0001-0.001, and SIL 4 to 0.00001-0.0001.

SIL Verification Calculator | PFDavg & Safety Integrity Level (IEC 61508/61511)

SIF Configuration

Target SIL Level

Demand Mode

Mission Time

years

Should not exceed useful life of equipment (typically 10-20 years)

Sensor Subsystem

Voting Architecture

Failure Rate - Dangerous Undetected (λ_DU)

/hr

Failure Rate - Dangerous Detected (λ_DD)

/hr

Failure Rate - Safe (λ_S)

/hr

Common Cause Factor (β)

Proof Test Interval

months

Mean Time to Repair (MTTR)

hours

Logic Solver Subsystem

Voting Architecture

Failure Rate - Dangerous Undetected (λ_DU)

/hr

Failure Rate - Dangerous Detected (λ_DD)

/hr

Failure Rate - Safe (λ_S)

/hr

Common Cause Factor (β)

Proof Test Interval

months

Mean Time to Repair (MTTR)

hours

Final Element Subsystem

Voting Architecture

Failure Rate - Dangerous Undetected (λ_DU)

/hr

Failure Rate - Dangerous Detected (λ_DD)

/hr

Failure Rate - Safe (λ_S)

/hr

Common Cause Factor (β)

Proof Test Interval

months

Mean Time to Repair (MTTR)

hours

Understanding SIL Verification

What is SIL Verification?
SIL verification confirms that a Safety Instrumented Function (SIF) design achieves the required Safety Integrity Level by calculating PFDavg based on component failure rates, redundancy architecture, proof test intervals, and common cause failures.

SIL Levels (Low Demand):
SIL 1: PFDavg 0.01 - 0.1 (RRF 10-100)
SIL 2: PFDavg 0.001 - 0.01 (RRF 100-1,000)
SIL 3: PFDavg 0.0001 - 0.001 (RRF 1,000-10,000)
SIL 4: PFDavg 0.00001 - 0.0001 (RRF 10,000-100,000)

Key Standards:
IEC 61508 (generic functional safety), IEC 61511 (process industry SIS), ISA 84.00.01 (US adoption of IEC 61511), ISA TR84.00.02 (SIL verification technical report).

📚 Learn the Theory

Understand PFDavg calculation methods, architectural constraints, common cause failures, and IEC 61508/61511 requirements

Read Engineering Guide →

Formula

PFDavg_SIF = PFDavg_S + PFDavg_L + PFDavg_FE

1oo1: PFDavg = λ_DU × TI / 2

1oo2: PFDavg = (λ_DU×TI)²/3 + β×λ_DU×TI/2

2oo3: PFDavg = (λ_DU×TI)² + β×λ_DU×TI/2

RRF = 1 / PFDavg

Standards & References

IEC 61508
Functional Safety of E/E/PE Safety-Related Systems
IEC 61511
Safety Instrumented Systems for the Process Industry
ISA 84.00.01
Application of Safety Instrumented Systems (US adoption)
ISA TR84.00.02
Safety Integrity Level (SIL) Evaluation Techniques

Engineering Notes

Low demand: Process demand rate < 1/yr or < 2× proof test frequency
Common cause: Sensor β = 5%, logic β = 2%, final element β = 10% are typical defaults
Proof test coverage: Assumes 100% test coverage. Partial proof testing reduces effective TI
SIL 4: Rarely used in process industries; typically reserved for nuclear or aviation
Architectural constraints: Must be satisfied in addition to PFDavg target
Final elements: Often dominate PFDavg; consider redundancy or shorter test intervals

Quick Reference — Typical λ_DU Values

Pressure transmitter: 3-5 × 10&sup7; /hr
Temperature transmitter: 5-8 × 10&sup7; /hr
Safety PLC (certified): 5 × 10&sup8; - 1 × 10&sup6; /hr
Solenoid valve: 5 × 10&sup7; - 2 × 10&sup6; /hr
Block valve + actuator: 2-5 × 10&sup6; /hr

SIL Verification Calculator

SIF Configuration

Sensor Subsystem

Logic Solver Subsystem

Final Element Subsystem

Understanding SIL Verification

📚 Learn the Theory

Results

Formula

Standards & References

Engineering Notes

Quick Reference — Typical λDU Values

Related Calculators

LOPA Calculator

HAZOP Analysis

Relief Valve Sizing

Consequence Modeling

Quick Reference — Typical λ_DU Values