In the world of functional safety, there is a persistent and costly illusion, the belief that a Safety Instrumented Function (SIF) remains effective simply because it was designed to be. Many operating companies proudly point to their Safety Instrumented System (SIS), complete with varying levels of validation report and a Probability of Failure on Demand (PFDavg) calculation that confidently claims it meets the required Safety Integrity Level (SIL).

But here’s the uncomfortable truth:

A SIF is only a SIF for as long as the operator maintains the systems, processes, and competence required to keep it functional.

The moment the integrator hands over the system, the responsibility for systematic capability shifts entirely to the operating company. And this is where things so often start to unravel.

So, when is a SIF not a SIF?

The Myth of “Install and Forget”

Integrators and OEMs may do their part in the Functional Safety Lifecycle. They design the SIS, carry out a SIL verification, follow IEC 61511, and deliver a system that “on paper” meets the required risk reduction.

However, the standards clearly emphasise a point often overlooked:

“The SIS is [to be] operated and maintained in a way that sustains the required safety integrity”

You can’t “buy” a SIL system. It must be continuously earned through competent operation, maintenance and confirmed through auditing.

What Often Happens After Hand‑Over?

1. No functional safety management system
Without defined procedures, documentation, and governance, management of safety functions becomes ad hoc.

2. Competence gaps
Functional safety requires trained personnel across engineering, operations, and maintenance.

3. Poor maintenance and proof‑testing discipline
The PFDavg calculation assumes proof‑tests occur at fixed intervals and with coverage of specified failure mechanisms.

4. Change management failures
Small changes can destroy systematic integrity without formal MOC processes.

5. Missing or inaccurate failure data
Even in more mature companies, not collecting real-world failure data is an issue. The data used in the SIL calc is often from a device certificate or other generic data; however, as pointed out in IEC61511, “Devices may exhibit different failure rates dependent on the operating environment and mode of operation. Failure rate data available from manufacturers may not be valid in all applications”. There is a requirement to validate the data used in the calculations.

Systematic Capability: The Missing Link

Systematic capability refers to an organisation’s ability to consistently and reliably deliver outcomes by using structured, repeatable, and well-integrated processes, tools, and behaviours.

IEC 61511 is not explicit about the systematic capability of the operating company, focusing instead on the devices. However, it is implied throughout the standard, and I think Systematic Capability should be redefined to include the capability of the operating company to ensure this is something that is explicitly assessed.

The systematic capability would reflect organisational ability to ensure that SIFs perform as intended throughout their lifecycle and include:

• competence management,
• procedures and governance,
• configuration control,
• documentation discipline,
• proof‑testing processes,
• and ongoing performance monitoring.

When these elements are missing, the SIF’s systematic integrity collapses — regardless of how good the integrator was.

Why This Matters

Many major incidents in the last 20 years share the same theme: the system was fine at the design stage, but not maintained or operated in a way that preserved its integrity.

In Summary

A SIF with no operational systematic capability is not a SIF

How We Help Companies Get It Right

1. Building a customised FSM framework that fits in with the company's existing procedures around safety assessment and safety management
2. Establish a competency programme, not everyone needs to spend a week trying to become a qualified Functional Safety Engineer (FSEng), so we provide a 1-day overview course
4. Develop proof testing documentation that covers the coverage defined in the specification and calcs.
5. We cover Verification, Validation, Functional Safety Assessments and Audits to ensure the SIL assigned to functions is correct and remains that way
6. Ensure leadership understands SIL assumptions.

Ready to take your process safety strategy to the next level?

For more information about Functional Safety, have a look at our landing page about FUNCTIONAL SAFETY.

We have a course that covers the key aspects of functional safety, including the IEC 61508 and IEC 61511 standards, which govern the design, operation, and maintenance of safety instrumented systems (SIS). Find out more about the Functional Safety Basics course here.