from the instrument department...
SIL 2 or SIL 3 transmitter
Sensor technologies. topic
Posted by reza heydari on 7 May, 2006 - 2:13 pm
Please tell me what's difference between SIL3 transmitter and SIL2 transmitter,it is better that i ask how a usual transmitter can modifies to, for example SIL2 or SIL3?

Posted by DaveMH on 8 May, 2006 - 9:43 am
The difference between a transmitter certified for use in SIL3 applications and a SIL2 certified unit is that the SIL3 unit will have satisfied more onerous requirements with respect to its design, in particular reliability and failure modes.

If you are talking about IEC61508/61511 SILs...

Note that the use of SIL certified devices, be they PLCs or transmitters etc., does not itself guarantee that you have satisfied the requirements for the safety function. It is the safety function itself (e.g. trip of plant item r items) which carrys the requirement for a specific integrity level. Therefore the whole of the system for that specific function (from sensor(s) to final element(s)) must be designed with the performance requirements and management requirments that come with the integrity level specified.

Use of certified devices does make the process of putting together your safety claims/arguments easier and more traceable.

If you are unfamiliar with the design practices using the safety standards I suggest you get a specialist in who has a verifiable track record.

Hope this helps

Posted by Anonymous on 21 May, 2006 - 3:09 pm
A safety certified transmitter is different from regular transmitter as it has additional certification pertaining to IEC 61508.

It does not differ in operational functionality but has documented failure modes with identification of lambda, SFF and finally has a defined reliabilty.

You may achieve SIL3 risk miigation even by SIL2 transmitters used in 1oo2 or 2oo3 configuration as you meet the required Pfd(avg).

Even uncertified hardware can be used in SIL2/3 application if you can get safe and dangerous failure rates through OREDA or other reliability handbooks, achieve desired Pfd(avg) or compensate through enhanced loop inspection/maintenance frequency (though not desirable)as guided by IEC 61511.

Posted by boshra on 31 March, 2009 - 5:59 am
Thanks a lot

Posted by Neil Munro on 8 May, 2006 - 3:12 pm

There is not a quick an easy answer, but I will try...

The SIL (Safety Integrity Level) is a measure of the probability of failure on demand. In other words will the thing work when I want it to ! The higher the SIL number the less chance it has of failing when you need it, so a SIL3 device has a lesser chance of failure on demand, than a SIL2 device.

SIL levels are more applicable to safety systems and normally are stated for systems rather than single devices. SIL levels are increased by adding more devices to do the same thing (redundancy) e.g. if you have two tranmitters measuring the same variable and you monitor them both then you have effectively increased the SIL level of that particular part of the system.

Some manufacturers are now claiming that their devices are certified to a particular SIL level by adding redundant sensors/electronics etc. in the same device, but they haven't if there is still a single point of failure!

For more information, try Google with IEC 61508.

Hope that helps!

Posted by vahid on 17 August, 2009 - 5:19 pm
Neil Mounro,

Thank you for your reply.
Refer to your reply I understand that we have to take into account two parameters:

1)Failure of the device/instrument and its effect on our process

2) the hazard/dangerous events that affect the human safety.

I did not understand the meaning of your sentence "Some manufacturers are now claiming that their devices are certified to a particular SIL level by adding redundant sensors/electronics etc. in the same device, but they haven't if there is still a single point of failure!"

Would you please explain more?

Thanks for your concern.

Posted by Shailesh C Patel on 9 May, 2006 - 10:33 pm
Dear reza,

Full form of SIL is Safety Integrity Level. As per standard practice you can say that "a" transmitter is suitable for SIL 2 or SIL 3 loop. If any one component level is SIL 1 then loop will be always SIL 1, even Transmitter is suitable for SIL 3. Main difference between SIL 2 and SIL 3 is Probability of failure on demand per year (PFD). PFD for SIL 2 is >=0.001 to <0.01 and PFD for SIL 3 >=0.0001 to <0.001. it is achieved by redundant hardware (power supply and other electronics component), diagnostic hardware and software.

Shailesh C Patel
FDC - Control Systems And Instrumentation

Posted by nirav shah on 25 January, 2007 - 11:05 pm
Dear Sir,

I was surfing for the SIL levels & as per the information SIL are for PFD. As SIL 3 is more capable & more safe then SIL2. Howeever i would like to know, with whom it has to be certify? & who are the manufacturers for PLC with SIL compatability.


nirav shah

Posted by Roy on 17 December, 2008 - 9:34 am
EXIDA is the agency certifying for SIL Ratings.

Posted by W.L. Mostia on 22 December, 2008 - 10:15 pm
"EXIDA is the agency certifying for SIL Ratings."

Exida ( is not really a certifying agency and I don't believe that they would qualify as NRTL. It is a commercial company in the functional safety business. They do provide failure mode and effect and diagnostic analysis (FMEDA) reports for equipment used in safety service, which provide failure rates, SIL compliance, and other information in regards to compliance with safety system standards, as well as other commercial services related to the functional safety business. These FMDA reports have been used commonly by manufacturer for existing equipment, which they wish to sell in the SIS marketplace, to provide SIS information to their customers.

The most common certifying agencies for SIS equipment are the German TUV agencies (there are several). FM, BASEEFA (British), as well as some other agencies do this but are minor players in this area. Almost all new SIS equipment will have a TUV approval.

William (Bill) L. Mostia, Jr. PE
Sr. Consultant
SIS-Tech Solutions

Posted by Anonymous on 21 June, 2009 - 6:22 am
There are vendors who provide SIL certification by FMEDA based on EXIDA report. Most of the other manufacturers strongly recommend to go with TUV certified instruments. WHich one to choose as a user? Is there any catch going for FMEDA certified instruments?

Pl advise

Posted by wboyes on 22 June, 2009 - 9:29 am
There doesn't appear to be. Exida appears to be a thorough, professional, knowledgeable agency for both functional safety and functional security certificaton. So of course, is TUV Rheinland and so is TUV Nord. All three agencies do this work regularly.

Walt Boyes
Editor in Chief
Control and
Mailto:wboyes [at]
Read my blog SoundOFF!! At

Posted by Samir on 23 June, 2009 - 5:51 am

Exida is not a notified party.

1) Still can we use FMEDA certified instruments based on exida for SIL2?

2)Can I accept SIL3 certified transmitter in SIL2 loops?

SIL3 certificate by FMEDA talks about Software certification does not mention anything on software. Hence this question.

Thanks in anticipation

Posted by A.ZUBAIDY on 17 August, 2009 - 8:20 am
Hi all

I have system certifcate as SIL2 (Yokogawa DCS). I want to install the sensor is SIL 3 certificate. Is it Ok? Or i'm going to lose my system certificate?

Posted by Girish on 23 June, 2009 - 5:57 am
For SIL2 applications which one to shoose? FMEDA / Exida certificate or TUV? Why?


Posted by DaveMH on 23 June, 2009 - 5:13 pm
I may have got the wrong end of these last few posts. Apologies if thats the case.

There's a few points I'd like to make.

1) The responsibility for making sure that equipment is appropriate for use lies with the plant designer and/or operator.

2) What equipment is appropriate depends upon the application. There can be no generic solution. E.g. better a non-certified device performing the correct function in the actual environment than a certified one thats not quite right.

3) There is no absolute requirement to use certified devices. In some cases there may not be a certified device. See 2 above. So devices with an FMEDA only may be OK. It depends on the application and integrity requirements.

4) An FMEDA report is not a certificate and does in itself not address all of the requirements for evaluation with respect to the IEC61508 standard e.g. software design for modern instruments. An FMEDA can form part of the documentation of the assessment against 61508/61511. An FMEDA cannot deal with assessment of software quality a different tool is require hence (probably) the mention of software.

5) I would say that Exida and TUV reports and certificates are largely equivalent although there maybe differences in the quality of the underlying work. There are also other organisations which may be acceptable e.g. Sira in the UK.

6) Whether a transmitter certified for use in SIL3 applications is able to be used in a SIL 2 safety function depends on the application. Probably from a reliability point of view but thats not the only consideration.

In all these things engineering judgement and experience is needed. It sounds like you might need some help to make these decisions. Go find it and don't be embarrassed to ask. Nobody knows everything and peoples safety is the concern here.

Hope this helps

Posted by Mahmoud Yasseen on 9 November, 2011 - 5:51 am
> "EXIDA is the agency certifying for SIL Ratings."

> Exida ( is not really a certifying agency and I don't
> believe that they would qualify as NRTL.

---- snip ----

In reply to the above ... i was requiring to know the differences between the TUV Rheinland, and TUV NORD, as i had this information, that they should be TYPICALLY the same, but the Rheinald are further more restricted to Superior proceedures before certifying...

is that true? and if so, whats the main differences?

Appreciating your assitance, as this has been hanging on for ages, with no specific reply.

Best Regards,
Mahmoud Yasseen

Posted by Osama Saied on 9 June, 2006 - 1:06 am
SIL stands for Safety Integrity Level which is a safety level stander approved by TUV, there are four levels: 0 (the lowest safety requirements) to 4 (The highest level with the lowest probability of failure). so SIL selection depends on the criticality of the control loop.

Posted by W.L. Mostia on 18 June, 2006 - 12:00 pm
There are a number of inaccuracies in the above statement.

First, TUV approval does not determine SIL level. SIL level is system based (sensor, logic solver, final elements), not component based. TUV or any other approval agency certify components as suitable for use in a particular SIL application, i.e. suitable for use in a SIL 2 system, but the SIL of the safety instrumented function (SIF) depends on all of the components and the installation in the safety trip path as well as their proof test frequencies. Second, there is no SIL 0 in the standards (S84, 61511, or 61508). Some companies utilize SIL 0 or SIL "a", as a means of identifying safety systems which are determined not to be required by a risk analysis (note that this type of analysis is typically a minimum required analysis), which are existing and retained or new and required for other reasons (These are sometimes called orphaned safety systems). These types of systems are typically required by company standards to meet certain requirements in the safety standards but not the complete standard, e.g. S84/61511. Third, SIL is not intended to apply to control loops (i.e. basic process control systems (BPCS) loops) but to demand and continuous safety systems. Fourth, "criticality" is a vague term because a protective system can be "critical" for a number of reasons - safety, environmental, asset protection, operational, etc. SIL is determined by a risk analysis by the residual risk once all other layers of protection for a specific hazard have been considered. Several of the methods of determining SIL are discussed in S84/61511 part 3. Also, note that there are really two SILs, target SIL which is determined by the risk analysis and achieved SIL which is the SIL of the designed safety instrumented function as determined by quantitative calculation and architectural constraints. In the end, the achieved SIL must meet the target SIL.

William (Bill) L. Mostia, Jr.
Principal Engineer
WLM Engineering Co.

Your use of this site is subject to the terms and conditions set forth under Legal Notices and the Privacy Policy. Please read those terms and conditions carefully. Subject to the rights expressly reserved to others under Legal Notices, the content of this site and the compilation thereof is © 1999-2014 Nerds in Control, LLC. All rights reserved.

Users of this site are benefiting from open source technologies, including PHP, MySQL and Apache. Be happy.

So far as I can remember, there is not one word in the Gospels in
praise of intelligence.
-- Bertrand Russell
Advertise here
164-page eBook free download - EtherCAT Applications Guide
Servo, steppers, analog, digital & web HMI - Fully Integrated!
Servo, stepping motor control, analog & web HMI in one system! is the largest Automation community on the web. Learn how to advertise here now...
Time to incorporate data handling, web HMI and motion in one system!
our advertisers
Help keep our servers running...
Patronize our advertisers!
Visit our Post Archive