SIL Rated Valves: A Complete Guide to Functional Safety

When a process plant relies on a valve to prevent a catastrophic event, the question is not whether the valve will operate correctly most of the time. It is whether the valve will operate correctly on the specific occasion it is called upon in an emergency. That is a fundamentally different engineering problem from routine process control, and it requires a different framework for specifying, testing, and maintaining the components involved.

Safety Integrity Level, or SIL, is that framework. It provides a quantitative, internationally recognised method for defining how reliable a safety function needs to be, and for demonstrating that the components used to implement it are capable of meeting that requirement.

This guide explains what SIL means, how it applies to valves and valve actuation systems, what the certification process involves, how SIL-capable components are selected and maintained, and what the relevant regulatory obligations are in the UK.

What Is a Safety Integrity Level?

Safety Integrity Level is a concept defined in IEC 61508, the foundational international standard for functional safety of electrical, electronic, and programmable electronic safety-related systems. The process industry implementation is IEC 61511, the standard most directly relevant to valve and instrumentation engineers working in oil and gas, chemical processing, and similar sectors.

SIL is not a pass/fail label. It is a discrete level, from SIL 1 to SIL 4, that describes the degree of risk reduction a safety function must provide. The higher the SIL level, the more reliable the safety function must be, and the more stringent the engineering, testing, and maintenance requirements become.

A critical and frequently misunderstood point: a SIL rating applies to a Safety Instrumented Function (SIF), not to an individual component. A valve by itself does not have a SIL rating. What a valve can have is a SIL capability rating, meaning it has been independently assessed and found to carry sufficiently low failure rates that it can be used as part of a system designed to meet a given SIL level.

How the Safety Instrumented Function Works

A Safety Instrumented Function is the complete chain of components that detects a hazardous condition and takes an action to prevent it from developing into an incident. Every SIF has three elements:

The sensor detects the condition that triggers the safety function, for example a high-pressure transmitter or a temperature switch reaching its set point.

The logic solver processes the sensor signal and determines that a safety action is required. This is typically a Safety Instrumented System (SIS) controller, separate from the basic process control system.

The final element is the component that takes the physical action. For the majority of process safety functions, the final element is a valve: it closes to stop flow, opens to divert flow, or moves to depressurise a vessel.

The overall SIL of the SIF is determined by the combined reliability of all three elements. An individual component's contribution is characterised by its Probability of Failure on Demand (PFD), the probability that it will fail to respond correctly when called upon. The lower the PFD, the more reliable the component.

The SIL Levels: What the Numbers Mean

SIL is expressed in terms of the average Probability of Failure on Demand (PFDavg) of the safety function, and the corresponding Risk Reduction Factor (RRF), which is the inverse of PFDavg.

SIL level PFDavg Risk reduction factor Typical context
SIL 1 0.1 to 0.01 10 to 100 Low-hazard process protection
SIL 2 0.01 to 0.001 100 to 1,000 Most process industry safety functions
SIL 3 0.001 to 0.0001 1,000 to 10,000 High-hazard: oil and gas, chemical, nuclear
SIL 4 0.0001 to 0.00001 10,000 to 100,000 Extreme hazard; rare in process industry

SIL 3 is the highest level commonly encountered in the process and energy industries. SIL 4 is almost exclusively found in nuclear and aerospace applications.

The required SIL level for a given safety function is determined by formal hazard analysis, typically using HAZOP (Hazard and Operability Study) followed by Layers of Protection Analysis (LOPA). LOPA is the semi-quantitative method most commonly used to establish how much risk reduction is needed from the safety instrumented system, after accounting for all other independent protection layers in the design.

What "SIL Capable" Means for a Valve Component

When a valve or pneumatic component is described as SIL 2 capable or SIL 3 capable, an independent certification body, typically TÜV, Exida, or an equivalent accredited organisation, has carried out a rigorous assessment and confirmed that the component's failure rate data meets the requirements for use in a system designed to that SIL level.

The certification process involves Failure Modes, Effects, and Diagnostic Analysis (FMEDA), which identifies all potential failure modes of the component and classifies them as safe or dangerous, and detectable or undetected. The key parameters that emerge include:

PFDavg (average Probability of Failure on Demand) for a given proof test interval.

λ_DU (Dangerous Undetected failure rate): the rate at which the component fails in a way that prevents it performing its safety function, without that failure being visible during normal operation.

SFF (Safe Failure Fraction): the proportion of all failures that are either safe or detectable.

These figures are what system engineers use to calculate whether the complete SIF meets the required SIL level. A certificate that simply states a SIL level without providing this underlying data is not usable for engineering calculations and should not be accepted as sufficient evidence of SIL capability.

Valves in Safety Systems: The Final Element

The valve as final element in a SIF is often the most mechanically complex and the most challenging to validate. Process valves fail in several distinct ways, and the failure mode matters considerably:

Failure to close when demanded is the most common safety-critical failure in shut-off applications. Causes include stiction from contamination or corrosion, actuator failure, and mechanical seizure. This is a Dangerous Undetected (DU) failure if it cannot be diagnosed during normal operation.

Spurious operation (closing when not demanded) is a safe failure from a process safety perspective, but causes unwanted process trips and can lead to pressure to reduce testing frequency or override the system.

Partial stroke failure occurs when the valve moves but does not fully reach its commanded position. This may not be detectable without position feedback.

SIL-Capable Pneumatic Components for Valve Actuation

Solenoid pilot valves, directional control valves, volume boosters, quick exhaust valves, and lock-up valves, must all contribute reliably to the safety function. Their failure modes affect the overall PFD of the final element.

Measure Monitor Control supply the Sitecna range of pneumatic components for valve actuation, all tested and certified by TÜV Rheinland to IEC 61508 functional safety level 3. The certified range includes:

Directional control spool valves (1/4” to 3/4”) for controlling actuator stroke direction in single and dual-coil configurations for safe and hazardous area operation.

Pressure sensing 3/2 valves for switching functions in response to pneumatic pressure signals, providing passive failsafe behaviour without electrical power.

Volume boosters (1/4” to 1”) for amplifying pneumatic signal flow where fast actuator stroke times are required.

Quick exhaust valves (1/8” to 1”, 316L stainless steel) for maximising actuator speed on the closing stroke, rated 2 to 12 bar, temperature range -20 to +80°C, with ATEX, GOST EAC, and SIL 3 certification.

Filter regulators and regulators (1/4” to 1”) for air preparation in the actuation circuit, with elastomer options for ambient temperatures from -55°C to +90°C.

All Sitecna components are ATEX and GOST EAC certified as standard, meaning SIL 3 capability and hazardous area certification are available from the same product. Each component is supplied with the relevant TÜV certificate, technical report, and safety manual containing the FMEDA data needed to complete system-level SIL calculations.

Proof Testing: Maintaining SIL Capability in Service

Most dangerous failures of final elements, particularly failure to close on demand, are undetected during normal operation because the safety function is not exercised under normal process conditions. Proof testing verifies that the valve and its actuation system will respond correctly when called upon. The proof test interval directly affects the PFDavg: a longer interval gives a higher (worse) PFDavg, which may push the system below its required SIL level.

Full Stroke Testing (FST) exercises the valve through its complete travel, confirming it can fully open or close as required. On a live process, FST typically requires a process shutdown or careful management of downstream conditions.

Partial Stroke Testing (PST) moves the valve a limited amount of its stroke, typically 10 to 15%, sufficient to confirm the valve is not seized without requiring a full process trip. PST can be carried out during normal operation and is used to reduce the effective proof test interval, improving the PFDavg without the operational impact of full stroke testing. Actuated valve packages with smart positioners provide automated PST with data logging for the safety management record.

Proof test procedures and intervals must be defined in the safety manual supplied with the certified components, and must be followed as part of the written scheme of examination required under UK safety legislation.

UK Regulatory Context

The Control of Major Accident Hazards (COMAH) Regulations 2015 apply to sites above specified threshold quantities of hazardous substances, requiring that major accident hazards are prevented and mitigated through appropriate technical and organisational measures. Safety instrumented systems are a primary technical measure for COMAH purposes, and their design must be demonstrably fit for purpose.

The Pressure Systems Safety Regulations 2000 (PSSR) require that pressurised systems are maintained safely under a written scheme of examination. The proof testing requirements for SIL-rated components, including pressure relief valves and isolation valves, fit within this framework.

The Health and Safety at Work Act 1974 and Management of Health and Safety at Work Regulations 1999 impose a general duty to reduce risks to as low as reasonably practicable (ALARP). Demonstrating that safety instrumented systems meet their required SIL levels, supported by documented FMEDA data and proof test records, is the accepted method of demonstrating ALARP for significant process hazards.

The Health and Safety Executive (HSE) publishes guidance on functional safety in the process industry, including the use of IEC 61511 as the basis for demonstrating compliance.

Selecting SIL-Capable Components: Key Considerations

  • Independent certification - The SIL capability certificate should be issued by an accredited third-party body. Manufacturer self-assessments are not sufficient for most regulated applications.
  • FMEDA data availability - The component’s safety manual must contain numerical failure rate data (PFDavg, λ_DU, SFF) needed for the system engineer to perform the SIL verification calculation.
  • Proof test interval - The PFDavg figures in the safety manual are calculated for specific proof test intervals. Confirm which interval applies to your maintenance regime and use the corresponding figure.
  • Application scope - Certificates may carry limitations on operating pressure, temperature, media, or configuration. Confirm your application falls within the stated scope.
  • ATEX compliance - In hazardous area installations, SIL-capable components must also carry appropriate ATEX or IECEx certification for the zone classification. The Sitecna range combines both, avoiding the need to cross-reference separate certification scopes.


Contact Us

For SIL-capable pneumatic valve actuation components, including the Sitecna range certified to IEC 61508 SIL 3 and ATEX, supplied with full FMEDA documentation, contact our sales team.



Not sure which valve or measurement solution is best?
Use our experience to guide you...

For a deeper understanding of which valve or instrument would be best for you please call or email us now so that we can save you time and ensure you can make a truly objective decision for your company.

Contact Us

Get in Touch

+44 (0) 1443 772500 / 02922 780798

Red Dragon Limited T/A
Measure Monitor Control
Unit 15 Abergorki Industrial
Estate
Ynyswen Road
Treorchy
South Wales
CF42 6DL
United Kingdom
EORI: GB791056521000

Got a Question?

Need assistance with a product or an enquiry? Fill in the form below and we will get in touch with you as soon as possible:

The contact form requires that you configure reCAPTCHA in the site configuration.

The contact form requires that you select an email template.


Measure Monitor Control is an independent specialist distributor of valve and instrument solutions. We are dedicated to providing high quality innovative solutions working with a global supply chain to provide the ideal specification for the client, on time and on budget.


Get in Touch

+44 (0) 1443 772500 / 02922 780798

Red Dragon Limited T/A
Measure Monitor Control
Unit 15 Abergorki Industrial
Estate
Ynyswen Road
Treorchy
South Wales
CF42 6DL
United Kingdom
EORI: GB791056521000

GDPR | Legal | Privacy

Copyright © 2026 - Measure Monitor Control - All Rights Reserved.