When we recently looked at software and hardware safety standards, much of the discussion was focused on process-oriented standards like DO-254 and DO-178. But we also mentioned some other standards without going into detail. And some of those operate on the concept of “safety integrity level,” or SIL.

The origin of this concept is IEC 61508, which establishes four SILs, numbered 1-4, with 4 indicating the “safest” level. The determination of SIL appears to be relatively complex and somewhat ambiguous since the specific failure modes must be identified for each individual system, and are not codified in IEC 61508. They involve both process considerations as well as the Probability of Failure on Demand, or PFD,  (or its inverse, the Risk Reduction Factor, or RRF).

It’s actually pretty easy to understand the PFD ranges for each SIL: it’s the maximum number of zeros after the decimal for the PFD (or the minimum number of zeros in the RRF). So SIL 1 applies to a PFD of 0.1 to 0.01 (or an RRF of 10 to 100); SIL 4 applies to a PFD of 0.0001-0.00001 (or an RRF of 10,000-100,000).

ISO 26262 has a similar concept for automobiles, referring to Automotive SILs, or ASILs.

Only systems can achieve a SIL level; components may tout a SIL level, but simply using such components (or a process known to have achieved a certain SIL level on a different product) is not sufficient to demonstrate that SIL level. So, for instance, when TI just announced their Hercules microcontrollers, they didn’t say that “these  microcontrollers conform to SIL x.” They listed a series of features that are specifically designed to help a designer achieve a desired SIL or ASIL.

Because these standards don’t call out specific functional requirements, only probabilities of failure and process requirements, the feature list itself can’t be expressly correlated with specifics of the standard. Again, they’re simply things that are known to allow the implementation of safer systems.

More details and the specific features can be found in TI’s release…