Safety Integrity Level
   HOME

TheInfoList



OR:

Safety integrity level (SIL) is defined as the relative level of risk-reduction provided by a
safety function Safety is the state of being "safe", the condition of being protected from harm or other danger. Safety can also refer to risk management, the control of recognized hazards in order to achieve an acceptable level of risk. Meanings There are ...
, or to specify a target level of
risk In simple terms, risk is the possibility of something bad happening. Risk involves uncertainty about the effects/implications of an activity with respect to something that humans value (such as health, well-being, wealth, property or the environme ...
reduction. In simple terms, SIL is a measurement of performance required for a safety instrumented function (SIF). The requirements for a given SIL are not consistent among all of the functional safety standards. In the functional safety standards based on the
IEC 61508 IEC 61508 is an international standard published by the International Electrotechnical Commission consisting of methods on how to apply, design, deploy and maintain automatic protection systems called safety-related systems. It is titled ''Functio ...
standard, four SILs are defined, with SIL 4 the most dependable and SIL 1 the least. The applicable SIL is determined based on a number of quantitative factors in combination with qualitative factors such as development process and safety life cycle management.


Assignment

Assignment of SIL is an exercise in risk analysis where the risk associated with a specific hazard, that is intended to be protected against by a SIF, is calculated without the beneficial risk reduction effect of the SIF. That unmitigated risk is then compared against a tolerable risk target. The difference between the unmitigated risk and the tolerable risk, if the unmitigated risk is higher than tolerable, it must be addressed through risk reduction of the SIF. This amount of required risk reduction is correlated with the SIL target. In essence, each order of magnitude of risk reduction that is required correlates with an increase in one of the required SIL numbers. There are several methods used to assign a SIL. These are normally used in combination, and may include: *Risk matrices *Risk graphs *Layers of protection analysis (
LOPA Lohjan Pallo (abbreviated LoPa) is a football club from Lohja, Finland. The club was formed in 1966 and their home ground is at the Harjun urheilukenttä. The men's first team currently plays in the Kakkonen (Second Division). The chairman is R ...
) Of the methods presented above, LOPA is by far the most commonly used by large industrial facilities. The assignment may be tested using both pragmatic and controllability approaches, applying guidance on SIL assignment published by the UK HSE. SIL assignment processes that use the HSE guidance to ratify assignments developed from Risk Matrices have been certified to meet IEC EN 61508.


Problems

There are several problems inherent in the use of safety integrity levels. These can be summarized as follows: * Poor harmonization of definition across the different standards bodies which utilize SIL * Process-oriented metrics for derivation of SIL * Estimation of SIL based on reliability estimates * System complexity, particularly in software systems, making SIL estimation difficult to impossible These lead to such erroneous statements as, "This system is a SIL N system because the process adopted during its development was the standard process for the development of a SIL N system", or use of the SIL concept out of context such as, "This is a SIL 3 heat exchanger" or "This software is SIL 2". According to IEC 61508, the SIL concept must be related to the dangerous failure rate of a system, not just its failure rate or the failure rate of a component part, such as the software. Definition of the dangerous failure modes by safety analysis is intrinsic to the proper determination of the failure rate. SIL is for electrical controls only and SIL numbers do not relate to the numbering associated with the Categories in
EN 954-1 En or EN may refer to: Businesses * Bouygues (stock symbol EN) * Esquimalt and Nanaimo Railway (reporting mark EN, but now known as Southern Railway of Vancouver Island) * Euronews, a news television and internet channel Language and writing * ...
.


Certification

The International Electrotechnical Commission's (IEC) standard
IEC 61508 IEC 61508 is an international standard published by the International Electrotechnical Commission consisting of methods on how to apply, design, deploy and maintain automatic protection systems called safety-related systems. It is titled ''Functio ...
defines SIL using requirements grouped into two broad categories: hardware safety integrity and systematic safety integrity. A device or system must meet the requirements for ''both'' categories to achieve a given SIL. The SIL requirements for hardware safety integrity are based on a probabilistic analysis of the device. In order to achieve a given SIL, the device must meet targets for the maximum probability of dangerous failure and a minimum safe failure fraction. The concept of 'dangerous failure' must be rigorously defined for the system in question, normally in the form of requirement constraints whose integrity is verified throughout system development. The actual targets required vary depending on the likelihood of a demand, the complexity of the device(s), and types of redundancy used. PFD (probability of dangerous failure on demand) and RRF (risk reduction factor) of low demand operation for different SILs as defined in IEC EN 61508 are as follows: For continuous operation, these change to the following. (PFH is Probability of dangerous Failure per Hour) Hazards of a control system must be identified then analysed through risk analysis. Mitigation of these risks continues until their overall contribution to the hazard are considered acceptable. The tolerable level of these risks is specified as a safety requirement in the form of a target 'probability of a dangerous failure' in a given period of time, stated as a discrete SIL. Certification schemes are used to establish whether a device meets a particular SIL. The requirements of these schemes can be met either by establishing a rigorous development process, or by establishing that the device has sufficient operating history to argue that it has been proven in use. Electric and electronic devices can be certified for use in
functional safety Functional safety is the part of the overall safety of a system or piece of equipment that depends on automatic protection operating correctly in response to its inputs or failure in a predictable manner (fail-safe). The automatic protection system ...
applications according to
IEC 61508 IEC 61508 is an international standard published by the International Electrotechnical Commission consisting of methods on how to apply, design, deploy and maintain automatic protection systems called safety-related systems. It is titled ''Functio ...
, providing application developers show the evidence required to demonstrate that the application including the device is also compliant.
IEC 61511 IEC standard 61511 is a technical standard which sets out practices in the engineering of systems that ensure the safety of an industrial process through the use of instrumentation. Such systems are referred to as ''Safety Instrumented Systems''. ...
is an application-specific adaptation of IEC 61508 for the Process Industry sector. This standard is used in the petrochemical and hazardous chemical industries, among others.


Safety standards

The following standards use SIL as a measure of reliability and/or risk reduction. *ANSI/ISA S84 (Functional safety of safety instrumented systems for the process industry sector) *
IEC 61508 IEC 61508 is an international standard published by the International Electrotechnical Commission consisting of methods on how to apply, design, deploy and maintain automatic protection systems called safety-related systems. It is titled ''Functio ...
(Functional safety of electrical/electronic/programmable electronic safety related systems) *
IEC 61511 IEC standard 61511 is a technical standard which sets out practices in the engineering of systems that ensure the safety of an industrial process through the use of instrumentation. Such systems are referred to as ''Safety Instrumented Systems''. ...
(Safety instrumented systems for the process industry sector) *IEC 61513 (nuclear industry) *
IEC 62061 IEC/EN 62061, ”Safety of machinery: Functional safety of electrical, electronic and programmable electronic control systems”, is the machinery specific implementation of IEC/EN 61508. It provides requirements that are applicable to the system ...
(safety of machinery) *EN 50128 (railway applications – software for railway control and protection) *EN 50129 (railway applications – safety related electronic systems for signalling) *EN 50657 (railway applications – software on board of rolling stock) *EN 50402 (fixed gas-detection systems) *
ISO 26262 ISO 26262, titled "Road vehicles – Functional safety", is an international standard for functional safety of electrical and/or electronic systems that are installed in serial production road vehicles (excluding mopeds), defined by the Interna ...
(automotive industry) *
MISRA Misra or Mishra may refer to: * Motor Industry Software Reliability Association * MISRA C, a software development standard for the C programming language * Misra (poetry), a term meaning a line of a couplet, or verse, in Turkic, Arabic, Persian an ...
, various (guidelines for safety analysis, modelling, and programming in automotive applications) *Defence Standard 00-56 Issue 2 – accident consequence The use of a SIL in specific safety standards may apply different number sequences or definitions to those in IEC EN 61508.


See also

*
As low as reasonably practicable ALARP ("as low as reasonably practicable"), or ALARA ("as low as reasonably achievable"), is a principle in the regulation and management of safety-critical and safety-involved systems. The principle is that the residual risk shall be reduced as ...
(ALARP) *
Spurious trip level Spurious trip level (STL) is defined as a discrete level for specifying the spurious trip requirements of safety functions to be allocated to safety systems. An STL of 1 means that this safety function has the highest level of spurious trips. The hi ...
(STL) * High integrity pressure protection system (HIPPS) There is a whole family of B2-level standards based more or less on IEC 61508 that also uses SIL, e.g.,
IEC 62061 IEC/EN 62061, ”Safety of machinery: Functional safety of electrical, electronic and programmable electronic control systems”, is the machinery specific implementation of IEC/EN 61508. It provides requirements that are applicable to the system ...
and
ISO 26262 ISO 26262, titled "Road vehicles – Functional safety", is an international standard for functional safety of electrical and/or electronic systems that are installed in serial production road vehicles (excluding mopeds), defined by the Interna ...
.


References

Mitchell, KJ, Longendelpher, TM, Kuhn, MC, "Safety Instrumented Systems Engineering Handbook", Kenexis, Columbus, OH, USA, 2010.


Textbooks

D. Smith, K. Simpson, "Safety Critical Systems Handbook – A Straightforward Guide to Functional Safety, IEC 61508 (2010 Edition) and Related Standards" (3rd Edition, , 270 Pages). M. Punch, "Functional Safety for the Mining Industry – An Integrated Approach Using AS(IEC)61508, AS(IEC)62061 and AS4024.1." (1st Edition, , in A4 paperback, 150 pages)
www.marcuspunch.com
M.J.M. Houtermans, "SIL and Functional Safety in a Nutshell (Risknowlogy Best Practices Series, 1st Edition, eBook in PDF, ePub, and iBook format, 40 pages).
SIL and Functional Safery in a Nutshell
H. Hartmann, H. Thomas, E. Scharpf, "Practical SIL Target Selection - Risk Analysis per the IEC 61511 Safety Lifecycle"

M. Medoff, R. Faller, "Functional Safety - An IEC 61508 SIL 3 Compliant Development Process, (Third Edition)"


External links

{{External links, date=May 2016
61508.org
The 61508 Association
IEC Safety Zone
The IEC Functional safety zone
Functional Safety, A Basic Guide
Functional Safety and IEC 61508: A basic guide
SIL Made Simple
– White Paper presented at Valve World 2010
Safety Integrity Level ManualArchived
Pepperl+Fuchs SIL Manual Safety Risk