IEC 61508 · IEC 61511 · Low demand · SIL 1–3

SIL verification done correctly. Three barriers. Full traceability. Professional report.

Enter your SIS data. Get a complete IEC 61508 SIL verification and an FSA-ready report. Automatically.

Try it free — run a complete IEC 61508 verification on a sample SIL 2 system.

Built for engineers who own the judgement call. SILVerify handles the calculation and the documentation. The engineering responsibility stays with you.

Try it free Download example report (DOCX) →
✓ Free to try — no card required ✓ Built by an Exida CFSE + TÜV certified engineer ✓ Validated against IEC 61508-6:2010 B.3.2.4
3
Barriers assessed
1
Session not two days
4
Voting architectures
£69
vs £500 traditional
00 — The problem

If this sounds familiar,
you are in the right place. The spreadsheet workflow is not a calculation problem. It is a documentation problem.

You hand over a verification report knowing no one else has checked the spreadsheet logic behind the numbers.
The spreadsheet made sense when you built it. Whether it still makes sense to an assessor six months later is a different question.
A client asks you to justify a calculation from eighteen months ago. You open the file and spend two hours reconstructing what you did.
No frozen snapshot. No revision log. Just a spreadsheet that may or may not reflect the inputs that produced the number in the report.
The calculation is done. Then comes the report — copy, paste, reformat, cross-reference, check the numbers match, do the Word template again from scratch.
At £900–£1,200 per day, spending half a day on documentation that could be automated is not a billing problem. It is a workflow problem.

The problem is not your calculations. The problem is the workflow. Spreadsheets were never designed to produce auditable, client-ready verification documentation. They are calculation tools pressed into service as documentation tools — and the gap between what they do and what a professional verification requires is where the risk lives. And the traditional alternative — an enterprise SIL software licence — means a procurement process, a purchase order, and paying for a tool three times a year whether you use it or not.

My default has always been a spreadsheet. It works, but the gap between a finished calculation and a finished report is where the time goes — and where the risk lives if someone else has to pick it up later. I used SILVerify on a live project and the report it produced was better structured than what I’d have written myself. Everything is traceable from input to conclusion. For anyone doing this work independently, it’s hard to justify the spreadsheet route once you’ve seen the alternative.
James Hewitt
Exida CFSP · Nuclear Defence
See it for yourself — try it free →
01 — Verification model

The complete three-barrier model. Every IEC 61508 hardware claim must satisfy all three. One falls short and the claim fails.

SILVerify assesses all three barriers and determines achieved SIL as the minimum of the three results. The limiting barrier is flagged automatically.

Barrier 01 PFDavg

Random hardware reliability

PFDavg calculated from failure rates, diagnostic coverage, proof test coverage, proof test interval, and mission life. Uses the full IEC 61508-6 equation — including the residual failure term that most spreadsheet tools omit, and which dominates on long mission times with incomplete proof test coverage.

PFD_ch = λDU/2 × [PTC×T_I + (1−PTC)×L_T]
Barrier 02 Route 1H

Architectural constraint

Safe Failure Fraction and Hardware Fault Tolerance assessed against the IEC 61508-2 Route 1H tables for Type A and Type B components. HFT is derived directly from the declared voting architecture — including the 2oo2 case where HFT = 0 and where SIL 2 via Route 1H is not achievable.

Route 1H — Tables 2 & 3
HFT derived from voting architecture
Barrier 03 SC assessment

Systematic capability

Systematic Capability declared from IEC 61508 certification or prior use evidence. SC synthesis per IEC 61508 Clause 7.4.7 applied where channels have sufficient independence — raising effective SC of a redundant subsystem by one level, to a maximum of SC3.

SC synthesis: effective SC
= channel SC + 1 (max SC3)
Why independent consultants are ditching spreadsheets
No manual report writeup
Every calculation generates an FSA-ready report automatically. No second pass, no copy-paste from a spreadsheet into a Word template.
No ambiguity over revisions
Reports are frozen snapshots of a specific calculation run. When a client asks which version of the calculation the report reflects, the answer is unambiguous.
No unreadable spreadsheet formulas
Spreadsheet formula errors are invisible until someone checks them. SILVerify shows every intermediate value — every step independently verifiable without opening a formula bar.
No expensive annual licence
Traditional SIL software means a procurement process, a purchase order, and a four-figure annual commitment regardless of how many projects you actually run. SILVerify is structured around how independent engineers actually work.
No starting from scratch every time
Your project data, device library, and report history carry forward from one project to the next. The second verification takes a fraction of the time of the first.
No shortcuts on the calculation
SILVerify applies the complete IEC 61508-6 equation. Most spreadsheet templates use a simplified version — one that underestimates risk on systems with long mission times or incomplete proof test coverage.
Built for independent consultants and engineering firms

Enterprise-grade verification.
Without the enterprise licence.

Traditional SIL verification software is sold as an annual seat licence — a significant procurement decision that takes weeks to approve and commits you to a fixed cost regardless of how many projects you actually run. For large consultancies with continuous project flow that model makes sense. For independent consultants and smaller engineering firms it does not.

SILVerify is structured around how independent engineers actually work. Your verification history and project archive are always there when you need them. Active month? Pay for what you use. Quiet month? Just the platform fee.

No procurement process. No purchase order. Pay only for what you need, when you need it.

What each model actually requires
Traditional licence
  • Purchase order required before you start
  • Annual commitment regardless of project volume
  • Fixed cost in quiet months
  • Weeks to procurement approval
SILVerify
  • Start today — no procurement needed
  • Pay when you deliver work
  • No committed cost in quiet months
  • Cancel anytime, history preserved
02 — Calculation output

Every intermediate value shown. Full traceability from input data to final SIL determination.

The results screen shows per-channel PFDavg, subsystem totals, relative contribution, the three-barrier summary, and achieved SIL — with the limiting subsystem flagged automatically.

SIF-004 · High-Reactor-Pressure Trip · Target SIL 2 · Rev 03 SIL 2 PASS
Subsystem Architecture PFDavg (channel) Subsystem PFDavg Contribution
Sensors (PT-001A/B) 1oo2 3.68 × 10-4 1.77 × 10-4
3%
Logic Solver (LS-001) 1oo1 6.17 × 10-4 6.17 × 10-4
12%
Final Elements (XV-001) 1oo1 4.38 × 10-3 4.38 × 10-3
85% ⚠
Total SIF PFDavg 5.17 × 10-3 SIL 2  ✓

⚠ Final Elements at 85% of total PFDavg highlighted as limiting subsystem. Design changes should target final element architecture before any other subsystem.

PFDavg calculated using the IEC 61508-6 low demand model including the residual failure term. All intermediate values are shown in the calculation results screen and carried through to the report.

03 — Architectures

All four voting architectures. Including 2oo2 — where the implications for Route 1H are handled correctly and documented in every report.

HFT is derived automatically from the declared architecture. The 2oo2 case — where HFT = 0 regardless of channel count — is assessed correctly and the architectural constraint consequence is stated explicitly in the report.

1oo1
HFT = 0

Single channel

Baseline single-channel architecture. One failure causes safety function loss. Standard for logic solvers and single-channel final elements where the reliability target is met without redundancy.

1oo2
HFT = 1

Most common sensor architecture

Two channels, either activates the function. One failure tolerated — HFT = 1. Improves both PFDavg and the architectural constraint position. Common cause failure (beta factor) required. Most widely used architecture for sensors in SIL 2 applications.

2oo2
HFT = 0

Availability improvement — not safety improvement

Both channels must function. Neither can fail — HFT = 0, identical to 1oo1. Reduces spurious trip rate but does not improve the safety architectural position. Selecting 2oo2 to improve a SIL claim via Route 1H is a common and costly design error.

⚠ Common source of error in manual calculations — documented in every SILVerify report
2oo3
HFT = 1

High availability and safety

Three channels, 2-of-3 voting. One failure tolerated — HFT = 1. Higher PFDavg than 1oo2 for identical channel failure rates. Selected where both availability and safety are critical and the cost of a third channel is justified. Beta factor required.

04 — Report output

A complete deliverable. Not a calculation printout — an FSA-ready verification report.

Every calculation generates a professional Word document read from a frozen input snapshot. The report represents the exact calculation run — not live data. All previous reports are stored permanently and never overwritten.

SIF-004_SIL-Verification-Report_Rev03.docx
  • 01Cover — project, engineer, revision, date. Your name on the document.
  • 02Executive summary — every SIF, target vs achieved SIL at a glance. The page a client turns to first.
  • 03SIF descriptions — tag, hazard, demand rate, target SIL. The context that makes the numbers defensible.
  • 04Architecture — subsystem layout and channel count. What was assessed and how it was configured.
  • 05Failure data — every channel input with source traceability. No black box. Everything auditable.
  • 06UPM / CCF — structured beta derivation and justification. The section assessors look hardest at.
  • 07Calculations — full workings with every intermediate value shown. No formula bar. No hidden cells. Every step in plain language.
  • 08Results — three-barrier summary and subsystem contribution table. The limiting subsystem flagged automatically.
  • 09Assumptions — documented assumptions and limitations. The documented boundary that protects you.
  • 10Scope statement — what was verified and what was not. The clause that answers the question before it is asked.
  • 11Architectural constraint — Route 1H assessment per subsystem. Documented, not assumed.
  • 12Systematic capability — SC declaration and synthesis basis. The barrier most tools do not assess at all.
  • 13Conclusion — three-barrier summary, unambiguous PASS / FAIL. The last page. The one that matters.
Calculation snapshot — frozen at Rev 03
Barrier 1 — PFDavg5.17×10-3 · SIL 2
Barrier 2 — Arch constraintSIL 2 via Route 1H
Barrier 3 — Systematic capSC2 (all subsystems)
Achieved SILSIL 2 · PASS
Generated2026-04-07 · 14:23 UTC
EngineerR. Kelly CFSE
The report reads from a frozen input snapshot created at calculation time. It never re-queries live data — the document always represents the exact calculation run it was generated from, even if inputs have since been revised. Every revision is stored in the Report History with its sequence number, date, and full parameter set.
Download example report (DOCX) → Real report · Reactor high-pressure trip · SIL 2 · PASS
05 — Scope

Designed to do one thing correctly. Random hardware reliability for low demand SIS. Documented in every report.

SILVerify accelerates the work of a qualified functional safety engineer. It does not replace engineering judgement. Scope boundaries are explicit in every report it generates.

Within scope
IEC 61508 and IEC 61511 — both standards supported
Low demand mode — standard assumption for SIS
SIL 1, 2, and 3 — all three levels fully supported
Random hardware reliability — full PFDavg including residual term
Architectural constraint — Route 1H for Type A and Type B
Systematic capability — SC declaration and Clause 7.4.7 synthesis
Common cause failure — UPM assessment and manual beta entry
1oo1, 1oo2, 2oo2, 2oo3 voting architectures
Unlimited SIFs and projects per account
FSA-ready DOCX report with frozen snapshots and revision history
Outside scope — stated explicitly in every report
SIL 4 — outside scope of this tool
High demand and continuous mode — not supported
Systematic failure avoidance — separate assessment required
Software safety integrity — IEC 61508 Part 3 not covered
Functional safety management — FSM process is separate
Process hazard analysis — HAZOP / LOPA outside scope
Proof test procedure adequacy — engineer confirmation required
Low demand assumption verification — engineer responsibility
06 — Users

Built for engineers doing the work. By an engineer who does too.

01 · Independent consultant

FS consultants

Delivering SIL verification on client projects across multiple sites and standards. SILVerify turns 2–4 days of calculation and writeup into a single session. The report goes to the client — complete, documented, signed by you.

02 · In-house engineer

Plant FS engineers

Managing a SIS portfolio on an operating facility. SILVerify provides a documented history of every calculation — essential when a modification is proposed, when regulatory inspection is imminent, or when a previous calculation needs to be defended.

03 · Consultancy practice

Engineering teams

Multiple engineers across multiple projects requiring consistent methodology and report format. Team licensing provides a shared tool and shared output format — ending the problem of reconciling three different engineers’ spreadsheet approaches on the same project.

07 — Built by

A practising engineer. Who needed this tool and built it when it didn’t exist.

“I built SILVerify because I was sick of the workflow. The calculation was the easy part. Then came checking it again. Then the Word document. Then reformatting every table because a SIF changed. On a project with ten SIFs that process consumed days. SILVerify exists because that time belongs on the engineering, not the paperwork. The defensibility is the point — but getting your time back is a very close second.”

Richard Kelly — Functional Safety Consultant
Exida CFSE + TÜV Functional Safety Engineer — verified credentials
MEng Control and Instrumentation for Nuclear Engineering
20 years delivering functional safety on nuclear projects
Currently working on live nuclear projects
Founder, Functional Safety Playbook
Exida CFSE
TÜV Certified
Nuclear · 20 yrs
Currently active
08 — Pricing

Pay per verification. Stop paying for a licence you use three times a year.

One report credit — £69 1–2 days of calculation and writeup done automatically £900–£2,400 of your time back per project
Individual
Platform access + pay per report
£49
/month · cancel anytime
Or £490/year — most consultants recover this on their first project
  • Full calculation engine — all three barriers
  • Unlimited projects and SIFs
  • All four voting architectures
  • UPM common cause failure assessment
  • SC synthesis per IEC 61508 Clause 7.4.7
  • Device library — controlled failure rate register with verification tracking
  • Complete verification history — accessible while subscribed
  • IEC 61508 and IEC 61511
  • Sample project included — explore the full tool before buying
  • FSA-ready report — structured for independent assessment
  • £69 per report credit
Try it free
Best value for 4+ reports/year
5-report credit pack
Use anytime — credits never expire — £59.80/report
£299
save £46 vs buying individually
Team
3–5 users · unlimited reports
£599
/month · single invoice
Or £5,990/year — two months free
  • Everything in Individual, including device library
  • 3–5 named users on one account
  • Unlimited report generation included
  • Shared project library across the team
  • Consistent report format across all engineers
  • Admin user management
  • Single monthly or annual invoice
  • Priority support
Get team access — email Richard directly
★ Bonus — Included with annual subscription £49/month value
Functional Safety Playbook Community
3 months free Premium access to the Functional Safety Playbook — a community of 200+ functional safety engineers. Ask questions on live calculations, get peer review on edge cases, and access the full case study and template library.
  • Weekly live Q&A sessions with Richard Kelly
  • Functional safety case study library
  • FSMS templates and engineering guides
  • Decision Review sessions — real project challenges worked through live
  • 200+ functional safety engineers across process, nuclear, and defence
£49/month
FREE
3 months included
Calculation accuracy guarantee
If SILVerify produces a result that does not match your manual calculation within normal rounding tolerance, contact us with your inputs. We will investigate, explain the discrepancy, and refund the report credit if the error is on our side. A verification tool you cannot trust is not a tool — it is a liability. We stand behind the calculation engine.
Verification history is stored and accessible while your subscription is active. If you cancel, your history is locked but not deleted — resubscribe at any time to restore full access. A 30-day export window is available after cancellation.
ⓘ  SILVerify is in early access. The current platform price of £49/month reflects that. As the feature set grows — expanded device library, additional architectures, team features — pricing will be reviewed. Engineers who subscribe now lock in the current rate permanently.

Why this pricing model works for independent consultants

Enterprise SIL software is priced per seat — typically £3,000 or more per year, regardless of how many verifications you actually run. For an independent consultant doing six projects a year that is £500 per project before you have done any work. SILVerify costs £69 per report.

SILVerify is priced around the way independent engineers actually work. The platform keeps your history, your projects, and your device library in place. You pay for reports when you deliver them. That is the entire model — no procurement process, no annual commitment, no cost in quiet months beyond the platform fee.

SILVerify
£41/mo
Billed annually at £490/year
  • Full IEC 61508 / 61511 calculation engine
  • FSA-ready report every time
  • Pay per report — not per seat
  • Cancel anytime, history preserved
vs
Traditional SIL licence
£250+/mo
From £3,000/year — whether you use it or not
  • Annual seat licence — fixed cost regardless of usage
  • Procurement process and purchase order required
  • Pays for itself only on high project volume
  • Committed cost even in quiet months
09 — Questions

Common questions.

Does SILVerify replace the need for a qualified functional safety engineer?
No. SILVerify handles the calculation and the documentation. The engineering judgement — what the inputs should be, whether the scope is correct, what the result means for your installation — remains yours. The engineer of record is you.
How do I know the calculations are correct?
SILVerify applies the full IEC 61508-6 equations including the residual failure term that many simplified tools omit. The calculation engine has been validated against the IEC 61508-6:2010 Section B.3.2.4 published reference example — all three subsystem results match the standard to within rounding. Every intermediate value is shown in the results screen and carried through to the report, so every step is independently checkable without referring back to the engineer.
Can I submit the report directly to clients or regulators?
Yes — it is designed as a professional deliverable structured for independent functional safety assessment. It includes a cover page, scope statement, assumptions register, full calculation workings, and a clear PASS/FAIL conclusion. Your name is on it. The engineering review before submission is yours.
What happens to my verification history if I cancel?
Your verification history is stored and remains on the platform. On cancellation it becomes locked — you can see that reports exist but cannot download them until you resubscribe. Resubscribing restores full access immediately. You also have a 30-day export window after cancellation to download any reports you need before the account closes. Nothing is deleted.
Does it handle both IEC 61508 and IEC 61511?
Yes. You select the applicable standard when creating a project. The underlying PFDavg calculation is consistent between standards. IEC 61511 adds specific requirements around systematic capability per Clause 11.9 which the report flags and documents explicitly.
Can I try the tool before paying for a report?
Yes. A sample project is included so you can explore the full calculation engine — all four architectures, all three barriers, the full results breakdown. You can see exactly how the tool works and what the output looks like. To run a verification on your own project data and generate a report, choose a plan and purchase a report credit. No time limit — explore at your own pace.
I have a question about a specific calculation or edge case. Who can I ask?
Email [email protected] directly. He is the engineer who built the tool and currently uses it on live nuclear projects. Response same day during working hours.

Try it on a real SIL 2 example.

Full IEC 61508 verification, device library, and report preview. No card. No time limit. See exactly what your clients would receive.

Try it free