Functional Safety Engineering

End-to-end functional safety engineering for aerospace, industrial, and defence applications. SIL3 covers the full safety lifecycle — from initial hazard identification through FMEDA, safety requirements, and verified safety case — to IEC 61508, DO-178C, DO-254, ARP-4754A, and ARP-4761.

Standards We Work To

SIL3 holds in-house expertise across functional safety, aerospace, and machinery safety standards. The same integrated toolchain and process applies regardless of standard — only the artefact names change.

IEC 61508 — SIL 1–3

Functional Safety of E/E/PE Safety-Related Systems. SIL determination, hardware and software safety lifecycle, FMEDA, hardware fault metrics (SFF, DC, HFT), systematic capability.

ARP-4754A

Development of Civil Aircraft and Systems. System-level development assurance levels (DAL A–E), functional hazard assessment, preliminary and system safety assessments.

ARP-4761

Safety Assessment Process for Civil Airborne Systems. FHA, PSSA, SSA, FTA, FMEA — all maintained in ARPTool with full traceability to system requirements.

DO-178C

Software Considerations in Airborne Systems. DAL A–D software lifecycle, HLR/LLR authoring, MCDC and branch coverage, unit test traceability, configuration management.

DO-254

Airborne Electronic Hardware Design Assurance. Hardware requirements, conceptual and detailed design, FMEDA integration, validation, and acceptance test artefacts.

IEC 62061 & EN 13849

Machinery safety standards. SIL assignment under IEC 62061 and Performance Level (PL) determination under EN 13849 for industrial machine control systems.

Full Safety Lifecycle

SIL3 manages the safety programme as an integrated lifecycle — not a documentation exercise bolted onto an existing design. Safety evidence is built from the first hazard identification and remains traceable to every hardware and firmware deliverable.

01 — Concept & Hazard Identification

Functional Hazard Assessment (FHA)

System functions identified and assessed for potential failure conditions. Each hazard classified by severity and probability. Development assurance levels (DAL) or SIL targets assigned. Maintained in ARPTool with full audit trail.

02 — Preliminary Design

Preliminary System Safety Assessment (PSSA)

Safety requirements derived from the FHA and allocated to hardware and software items. Fault tree analysis (FTA) used to verify the proposed architecture meets the safety targets. Safety requirements captured in ARPTool, traceable to originating hazards.

03 — Design & Implementation

Hardware & Software Safety Lifecycle

Safety requirements flow into hardware design (schematic, FMEDA, derating) and firmware design (HLR, LLR, code, unit test). Every design element traces to a safety requirement. FMEDA performed at schematic level using component-level FIT data.

04 — Verification

Safety Function Verification & Fault Injection Testing

Each safety function is tested against its safety requirement. Fault injection testing (FIT) physically validates diagnostic coverage claims. Test results recorded in ARPTool and traceable to the FMEDA line items they verify.

05 — Safety Case

System Safety Assessment (SSA) & Release

The SSA collects evidence that the implemented system satisfies all FHA-derived safety objectives. Hardware fault metrics (SFF, DC, HFT) calculated and documented. Complete safety case produced from ARPTool artefacts, ready for regulatory submission.

Hardware Safety — FMEDA & IEC 61508 Part 2

SIL3 performs FMEDA directly from the Altium schematic. Component parameters carry failure rate (FIT), diagnostic coverage, and safety function classification — so hardware fault metric calculations are always synchronised with the actual circuit design.

FMEDA at Schematic Level

Failure Mode Effects and Diagnostic Analysis performed directly from the Altium schematic. Component FIT rates sourced from IEC 61709 reference conditions. Safe Failure Fraction (SFF) and Diagnostic Coverage (DC) calculated per subsystem.

Component Stress Derating

Every component verified against manufacturer ratings for voltage, current, temperature, and power dissipation. Derating margins applied per IEC 61709. Derating evidence documented as part of the hardware safety case.

Hardware Fault Metrics

Safe Failure Fraction (SFF), Diagnostic Coverage (DC), and Hardware Fault Tolerance (HFT) calculated against IEC 61508 Part 2 targets. Probabilistic Metric for Hardware Failure (PMHF) calculated for random hardware failures. Results documented in the safety case.

Fault Injection Testing

Physical fault injection at hardware level to verify diagnostic coverage claims. Each FMEDA line item claiming a diagnostic function is verified by injecting the corresponding fault and confirming the system reaches the intended safe state.

Software Safety — DO-178C & IEC 61508 Part 3

The SIL3 firmware development process is structured around safety standards from the first requirement. Requirements are authored in ARPTool, code is reviewed against the SIL3 C Coding Standard, and every test case is traceable back to the LLR it verifies.

Requirements Traceability

HLR and LLR authored in ARPTool with bidirectional trace from customer requirement to code module to unit test result. No orphaned tests; no untested requirements.

MCDC & Branch Coverage

Modified Condition/Decision Coverage (MCDC) achieved for DAL A and SIL 3 software. Branch and statement coverage measured and reported per module. Coverage data linked to unit test evidence in ARPTool.

Coding Standard

SIL3 C Coding Standard enforces single-entry/single-exit, no dynamic memory allocation, bounded loops, and full variable initialisation. MISRA-C aligned. Peer review mandatory before release.

Configuration Management

Every firmware module carries a permanent LCCM number. Released binaries are traceable to exact source revision, compiler version, and test evidence. Build records maintained in ARPTool and version control.

Safety Analysis in ARPTool

All safety artefacts are managed in ARPTool — SIL3’s purpose-built MBSE platform. The hazard register, SIL/DAL assignments, FMEDA, FHA, PSSA, SSA, and all test evidence live in a single traceable model rather than scattered across documents.

Hazard Register

FHA failure conditions, severity, exposure, probability, and DAL/SIL classification in one live database.

Safety Requirements

Derived safety requirements allocated to hardware and software items, traceable to the hazard that generated them.

FMEDA Linkage

FMEDA line items linked to the safety requirements and hardware requirements they support. DC claims traceable to fault injection test evidence.

Automated Safety Reports

FHA, PSSA, and SSA documents generated directly from ARPTool. Always current with the latest design data.

LEARN MORE ABOUT ARPTOOL

Start Your Safety Programme

Tell us about your application, the applicable standards, and where you are in the development lifecycle. SIL3 can engage at any stage — from initial hazard analysis to final safety case review.