How do Performance Level (PL) and Safety Integrity Level (SIL) differ?

Safety Integrity Level (SIL) and Performance Level (PL) are metrics used to assess the safety performance of safety-related systems, primarily in industrial and machinery applications. IEC 61508 is a foundational standard for functional safety, while IEC 61511 focuses on safety instrumented systems (SIS) in the process industry. SIL is primarily associated with IEC 61508 and IEC 61511, while PL is associated with machinery safety standards like ISO 13849-1. 

Why are there two parameters ?

Basically, there are different industries involved in the standardisation of functional safety: classic series machine building and plant building, which is used in fields such as the chemical and process industries. Topics such as risk assessment, hazard analysis and evaluation methods are very important for both approaches.

Performance Level (PL)

In machine building, this refers to manageable units on which life safety systems are frequently used. ISO 13849-1 was developed with this context in mind. The standard takes into account the machinery directive and considers safety functions from both a qualitative and quantitative perspective. To classify various technical safety performance capabilities, it defines five Performance Levels (PL a, b, c, d, e), representing the average probability of dangerous failure per hour (PFH). ISO 13849-1 specifies an iterative process for designing and validating the safety-related parts of a control system (SRP/CS).

Safety Integrity Level (SIL)

The chemical industry was the driving force behind basic safety standard IEC 61508. As a result, the focus was on basing safety statements on how likely the reliable response to the function requirements is to occur, should a safe response be required. In terms of architecture, chemical and process-technical facilities tend to be large and complex. The life safety systems here are designed to rarely have to take action. The term SIL (SIL 1, 2, 3, 4) is derived from IEC 61508. IEC 62061 also defines the SIL claim limit, and describes the iterative process for determining and validating the SIL of safety-related electrical, electronic and programmable control systems (SRECS).

When does ISO 13849-1 apply and when does IEC 62061 apply?

At first glance, both standards seem to apply to the same application areas. However, they must be applied appropriately depending on the technology, risk assessment and architecture. Note that IEC 62061 does not contain any requirements for the performance of non-electrical, safety-related control elements (hydraulics, pneumatics and mechanics). Refer to ISO 13849-1 for these. The manufacturers of safety-relevant components provide corresponding safety-related characteristics for determining the SIL and PL.

How can PL overlap with SIL and vice versa?

The two parameters overlap in one place. This is the MTTFd when calculating the Performance Level and the PFHd for the Safety Integrity Level. MTTFd represents the mean time to dangerous failure, while PFHd represents the probability of a dangerous failure per hour. If this value is compared to the safety parameters, the various PL levels can be compared with the SIL levels, allowing one parameter to be converted into the other. 

The engineer determines the machine’s required PL during their risk assessment with the help of the risk graph provided in ISO 13849-1, and verifies that the SRP/CS meet the required PL by performing the necessary calculations. The PL can subsequently be converted into a SIL value using the table above.

With that in mind, note that although IEC 61508 defines four safety integrity levels, general machine building applications require at most SIL 3. SIL 4 is only required in very specific, highly critical applications that pose a high risk of damage or a high potential risk of personal injury. These include the fly-by-wire or steer-by-wire systems in aircraft and vehicles, for example.

The bottom line

Both PL and SIL have their merits in terms of safety and are important building blocks on the way to creating safe machines and facilities, and therefore functional safety. The fact that there are two parameters for assessing the technical safety performance of systems is primarily down to historical reasons. As a result, the standards are comparable and can even be 'converted' to each other. Basically, engineers can use either the ISO 13849-1 or IEC 62061 approach for purely electrical, electronic and programmable electronic (E/E/PE) systems, and therefore have the choice of using PL or SIL. SIL is particularly well-suited to large, complex facilities or factories with multiple machines, while PL is more suitable for individual machines.