When using pressure sensors in safety-relevant applications, sooner or later one must ask the question whether the SIL evaluation of the proposed pressure sensor is sufficient for the application. Often, the user tends to favour pressure sensors with higher SIL classifications because these supposedly offer higher safety than sensors with a lower classification.
Unfortunately, in the choice of components for a safety circuit, one cannot only limit oneself to the SIL level. For example, there is no guarantee that a safety circuit of an actuator, sensor and control unit reaches SIL 2, even if all components have been separately classified according to SIL 2. Paralyzed to the SIL level of a safety circuit is not , in fact, the SIL rating of the individual components, but rather the PFD value (Probability of Failure on Demand) of the whole safety circuit.
The failure probability is not derived from the SIL level of individual components, rather (in the simplest case) it is the sum of the failure probabilities of the sensor, actuator and control unit. The total failure probability of the complete loop determines the SIL of the safety circuit (see table). However, a single component also achieves a SIL classification (e.g as SIL 2) if you have already utilised the maximum permissible failure probability of 0.01 – so it is impossible to ever build a SIL 2 safety circuit with this component as SIL 2 requires the total failure probability of sensor, actuater and control unit to be lower than 0.01.
Basically, it is advisable to design the machine or plant in a way that the safety circuit only has to meet the minimum possible SIL, since higher SIL classifications require higher requirements on the components to be used, which in turn results in higher component prices. In addition, higher SIL classifications require more extensive documentation of the assessment and error analysis of the safety circuit to the point of frequent, periodic testing of the safety function throughout the year.