Safety Integrity Level
Safety Integrity Level (SIL) is the discrete level for specifying the safety integrity requirements of the safety functions to be allocated to the E/E/PE safety related systems where SIL 4 has the highest level of safety integrity and SIL 1 the lowest. E/E/PES is a term introduced by IEC61508 standard, which stands for Electrical/Electronic/Programmable Electronic Systems.
- Why SIL?
Process plants are operated with many sophisticated process control systems.
These systems are inevitable for safe and reliable operation of the plant and address the
safety functions such as process sectioning, fire detection, gas detection, process protection and blow down.
The safety functions are often designed combining various E/E/PES technologies and other external risk
reducing devices. In addition, computer and software intensive systems are increasingly being used as part
of the system. A malfunction of these systems can lead to loss of life, damage to assets and impact to the
How then can we maintain such critical safety functions or Instrumented Protective Functions (IPF), the reliability of which depend on many inter-related technologies such as mechanical, electrical, electronics (hardware), hydraulics, software?
- PT WIDE & PIN uses a number of techniques assisted by software tools and models to manage safety critical equipment. These techniques and the approach are organized according to the life cycle model recommended for the safety critical equipment by IEC 61508. This Life Cycle model covers the project phases from concept to de-commissioning and can be grouped into three distinct phases ie. Design, Maintenance planning and Operation & Monitoring
- Managing Safety Critical Equipment Services
- The services offered in the three distinct phases are highlighted in the following section.
The approach to SIL assessment is based on a risk analysis where some absolute risk criteria have been established.
Each safety function at the plant/system/equipment/tag is allocated reliability targets based on these criteria.
The SIL definitions of IEC 61508 for a safety function operating in low demand mode of operation are:
- SIL 1: 10-2 < PFD < 10-1
- SIL 2: 10-3 < PFD < 10-2
- SIL 3: 10-4 < PFD < 10-3
- SIL 4: 10-5 < PFD < 10-4
Here PFD is 'Probability of Failure on Demand' (This is a measure of safety unavailability and accounts for the unavailability due to hardware failures). Our approach is in line with the cross industry standards IEC 61508 and industry specific standards like IEC 61511 for process systems.
- Maintenance Planning
The most dangerous type of failures for safety systems are hidden failures.
We use standard methods from probability theory to assess the probability of failure on demand for
the safety systems and failure modes under consideration to develop maintenance/test plan which ensures
that the desired safety requirements (Required Availability) are satisfied.
In some cases we also perform economic optimization (Cost-benefit Availability) within the boundary
that the safety requirements provide.
A number of different tools are used by us to determine the maintenance strategy needed to achieve the desired SIL levels such as: Fault Tree (CARA), Reliability Block Diagram (RAMA, PDS), Flow Diagram (RAMA, MIRIAM, MAROS), Reliability Assessment (ACE), Simulation (Extend). We also has a number of (generic) databases such as OREDA, PDS, EIREDA, T-book, ZEDB, Non-electronic Parts Reliability Data, Process Equipment Reliability Data etc. DNV also has experts who can assist to analyze and develop data.
- Operation & Monitoring
It is essential that plants monitor the performance of safety critical systems in the operational phase.
One of the main objectives is to ensure that these systems perform as assumed in the risk/SIL assessment.
We have developed a scheme for documenting SIL requirements and maintenance & inspection plan to help plants monitor the performance of their safety critical equipment over time. Techniques have been developed by using parameters such as number of tests, failures etc. to monitor the SIL level and to identify the mitigating activities & adjusted test intervals.
- Other Related Services
In addition to above, we provide a number of other services related to IEC61508 life cycle model such as:
- Assistance in certification process
- Document compliance for component manufacturers/engineering companies
- Develop/Improve client's operation management so that the components are SIL compliant
- Audits to ensure the components are manufactured in accordance with established SIL level
Both local (PSD) and global (ESD) safety functions can be addressed. This includes:
- Process Sectioning
- Fire detection
- Gas detection
- Electric isolation
- Start and Stop of fire pumps
- Active fire fighting
- Active smoke control
- Process protection
- Blow down etc.