How to Use the Calculator
SIF Configuration Type
Select the SIF Configuration Type from the list.
Dangerous Detected Failure Frequency (λdd)
Enter the frequency of dangerous failures detected by diagnostics (failures per unit time, e.g., per year).
Dangerous Undetected Failure Frequency (λdu)
Enter the frequency of dangerous failures undetected by diagnostics but discovered during proof testing (use units consistent with those for λdd).
Testing Interval (Ti)
Enter the time between Proof Tests when undetected failures accumulate, using units consistent with Failure Frequencies (e.g., hours or years).
Results You’ll Get
Dangerous Failure Frequency (λd):
The combined Frequency of Dangerous Failures (λdd + λdu) per unit time.
Average Probability of Failure on Demand (PFDAvg):
The average probability that the Safety Instrumented Functions (SIF) will fail upon demand over the specified Testing Interval (Ti).
Average Risk Reduction Factor (RRFAvg):
A measure of how much, on average, the SIF reduces the risk of failure.
Safety Integrity Level (SIL):
The categorical safety level assigned to your SIF based on the calculated PFDAvg, indicating its reliability.
PFD and SIL Calculator
What is Probability of Failure on Demand?
The Probability of Failure on Demand (PFD) is the likelihood that a safety-related system or component will fail to perform its intended safety function when called upon (i.e., “on demand”). This means the safety function does not activate as needed to prevent or mitigate a hazard. We refer to these systems as Safety Instrumented Functions (SIF). Because failure can occur at any time during the Mission Time used in the PFD calculation, the Average Probability of Failure on Demand (PFDAvg) is used to represent the average likelihood of failure over the entire Test Interval, rather than at a single point in time. A lower PFD value indicates higher reliability and better safety performance of the system.
The PFD value serves as a basis for evaluating the effectiveness of the SIF with respect to risk reduction. PFD is often referred to as the Risk Reduction Factor (RRF), which represents the inverse of PFD (1/PFD). Both relate to the Safety Integrity Level (SIL) which reflects the system’s safety performance.
Why Use This Calculator?
Quick insights: Get a fast estimation of your sensor subsystem’s failure probability and safety integrity without complex calculations.
Preliminary planning tool: Use it early in your project to explore how different failure rates and testing intervals affect system reliability.
Aid discussions and feasibility: Support initial engineering discussions by providing ballpark figures on Risk Reduction Factor (RRF) and SIL level ranges.
Scenario exploration: Easily change input values to “what-if” scenarios and visualize how parameter changes impact PFDAvg, RRFAvg, and SIL, helping you better understand the relationships between inputs and outputs.
PFD Calculation Formula
The Average Probability of Failure on Demand (PFDAvg) calculation used in the above calculator is based on simplified formulas that incorporate industry-standard parameters, such as failure rates, diagnostic coverage, and test intervals, to provide reliable and credible safety performance metrics.
The formula depends on the sensor subsystem type, which represents the voting architecture of devices in the subsystem. For example, 1oo1 means one device out of one must detect a failure to cause a safety action. 1oo2 involves two devices where only one needs to detect to trigger the action, improving fault tolerance. Similarly, 2oo2 requires both devices to agree, reducing false trips but with less tolerance to faults. 2oo3 requires any two out of three devices to concur, etc. These voting configurations affect how PFDAvg is calculated.
Где:
However, this formula is a simplified version and omits several key parameters that significantly influence the final PFD outcome. These missing parameters include the Test Coverage Factor (TCF), beta factors (for common cause failures), Diagnostic Coverage Factor (DCF), and diagnostic action on detection. For more details on these parameters, see our related article on Failure Modes and Effect Analysis (FMEA).
Designed to help you grasp the basic concepts of PFD and SIL, this calculator is not suited for detailed SIF design. For actual SIF design and accurate PFD calculation that incorporates all relevant parameters, we recommend using our dedicated safety integrity software IMS SIS (Safety Instrumented Systems).
How Do We Get the Risk Reduction Factor (RRF) and Safety Integrity Level (SIL) from Probability of Failure on Demand (PFD)?
The PFDAvg is a fundamental measure of SIF’s reliability and provides the basis for evaluating safety performance. By calculating the PFD using Failure Rates and Testing Intervals, we can determine the Average Risk Reduction Factor (RRFAvg), defined as the inverse of PFD, which expresses, on average, how many times the SIF reduces risk compared to having no protection.
Risk reduction factor (RRFAvg) = 1 ÷ Probability of Failure on Demand (PFDAvg)
A higher RRF corresponds to a system with higher reliability.
Comparing the calculated PFDAvg or RRFAvg to predefined thresholds then allows the assignment of a Safety Integrity Level (SIL) to the SIF, effectively classifying the required safety performance.
SIL is a safety classification based on PFD ranges and is defined by international standards such as IEC 61508 and IEC 61511, as well as by the American standard ANSI/ISA 84.00.01. It indicates the reliability and risk reduction expected from a SIF. The higher the SIL, the greater the safety performance and the lower the chance of failure.
The table below shows the average Probability of Failure on Demand (PFDAvg) and Risk Reduction Factor (RRFAvg) for each Safety Integrity Level (SIL) associated with a Safety Instrumented Function (SIF).
Go beyond PFD Calculations
Manage SIL verification and PFDAvg calculations effortlessly using IMS SIS, a comprehensive solution tailored to functional safety professionals. It combines HAZOP, LOPA, SIF design, SIL verification and trusted failure data in one IEC 61508/61511-compliant platform.
Discover IMS SIS
How accurate is this calculator?
This calculator is based on a simplified formula for PFD calculations and is intended for back-of-the-envelope estimates, so it provides approximate results rather than precise values. For final design and accurate verification, tools like IMS SIS that incorporate all relevant parameters and standards compliance should be used.
How can I use this calculator for scenario exploration?
By adjusting the failure rates, voting architecture, and test intervals, you can model different “what-if” situations. This helps understand how changes in testing frequency or system design impact overall safety integrity and risk reduction.
How does the sensor subsystem type affect the PFD calculation?
The subsystem type defines the voting logic (such as 1oo1, 1oo2, 2oo2, 2oo3, 2oo4) which influences how fault tolerance and failure probabilities are modelled. Different architectures change the calculation formula and thus the resulting PFD value.
Why is the Average Probability of Failure on Demand (PFDAvg) used instead of a point-in-time probability?
PFDAvg accounts for the average likelihood of failure over the entire test interval rather than a specific instant, providing a more reliable measure of safety system performance over time.
What standards define the Safety Integrity Level (SIL) classifications shown here?
The SIL levels are defined according to international standards IEC 61508 and IEC 61511, as well as American standard ANSI/ISA 84.00.01. They classify safety system reliability based on PFD and Risk Reduction Factor ranges.
