The role of a safety system is to provide a safety-related function in order to monitor and maintain the safety of any equipment under its control. The safety analysis of such systems is of prime importance to avoid catastrophic consequences or even the loss of human life. In general, the various hazards that any equipment may encounter are considered without any safety functions. Later on, each hazard is studied using methods such as the risk matrix to quantify the associated risk. These methods determine which safety integrity level (SIL) needs to be implemented in order to reduce this risk to a tolerable one. Once this safety target is evaluated, an architecture is chosen during the design phase of the safety system. The standard IEC61508 states the requirements for safety systems to verify if the implemented functions reach these targets. For instance, Part 2 suggests a non-prescriptive method to merge different safety subsystems in order to achieve one with a higher SIL than those supplied by these subsystems. During the design of a SIS, the SIL selection is a very critical phase because often this system is the last line of protection against hazardous events. Even if this method is just informative, using it as a guide to follow may be an easy shortcut to label products with a dedicated safety degree. This merging method seems not to be based on an analytical method and for this reason the present paper investigates its robustness by starting from a multiphase Markovian approach. It consists in dividing the study window time of a system in phases in which a Markovian modelling is available. This method is then applied to two tudy cases given in the standard to illustrate the use of this merging method. (C) 2008 Elsevier Ltd. All rights reserved.