Frequently Asked Questions
SIL, Safety Systems and Independent Protection Layers
The term SIL, Safety Integrity Level, is a measure of the amount of risk reduction provided by a Safety Instrumented Function (SIF) for a specific hazardous event.
For example, if a hazard exists for over-filling a vessel, a SIF can be designed to act independnetly of the regular control system to prevent the overfill happening.
Standards IEC 61511, IEC 61508 and IEC 62061 require that each SIF in a system is designed to meet minimum "probability of failure" targets in four different bands from SIL 1 to SIL 4, with SIL 3 being the typical highest target in process industry applications.
In practice, most applications of SIF in a SIS require only SIL 1 or SIL 2 capability.
There are many types of Independent Protection Layer - IPL that can be applied to help reduce the frequency of hazardous events.
IPL's include actions by operators, mechanical safety devices designed for specific events like pressure relief, and safety instrumented functions (SIF) designed to actively sense a hazard and automatically take an action to prevent escalation.
A special type of IPL is known as a safety instrumented function or SIF. A SIF comprises at least one element for directly sensing a potentially dangerous process condition, a logic solver to decide on the action(s) to be taken, and a final element which will take a direct action on the process to prevent the hazardous condition or stop it escalating further.
A SIF is actually no different in concept to any other IPL, albeit it has additional considerations for design integrity. It must meet the same criteria as other IPL; being effective in preventing the consequence (including being fast enough), independent of any other IPL and the initiating event, and audited (tested) on a regular basis.
When SIF for different hazardous conditions are collected together into one logic solver, the collective is called a Safety Instrumented System - SIS. The SIS may comprise only a few SIF, or it may have tens or even hundreds. There is actually no limit on numbers of SIF in a SIS, although commercially available logic solvers will always have some capacity limitations.
For reasons of economics and ultimate flexibility, the majority of SIS implemented today use specialist programmable logic controllers as the logic solver. This programmability brings software design into the safety domain. Many additional design requirements apply to software used in safety duties, so this needs careful consideration and project control.
SIL 1 denotes the lowest level integrity target for a safety function, so by definition it is the easiest to achieve, and the most common in most process industry applications.
Meeting a SIL 1 target is usually possible with non-redundant devices, although this needs to be verifiied by calculation.
SIL 2 denotes the mid-level integrity target for a safety function, so it may involve some redundancy and fault tolerance in selected devices.
Meeting a SIL 2 target needs to be verifiied by calculation. SIL 2 designs must be carefully validation tested and undergo a formal independent functional safety assessment.
SIL 3 is a high-level integrity target for a safety function, so it will involve redundancy and fault tolerance in most elements
Meeting a SIL 3 target needs to be verifiied by calculation and must be independently reviewed in high consequence scenarios.
SIL 3 designs must be carefully validation tested and undergo a formal independent functional safety assessment.
SIL 4 is a very high-level integrity target that is typically only found in nuclear high-consequence applications.
Meeting a SIL 4 target is likely to involve employing diverse designs and significant independent verification and validation testing.
Get support with your SIL Analysis
You will need to complete a Safety Integrity Level - SIL Analysis (or SIL study) if you have process hazards that need risk reduction using any means of safety instrumented system or safety instrumented function.
- SIL targets are selected by the hazard owner using one of a number of risk analysis methods.
- Suppliers need to provide reliability and safety data if their product are used in any safety function.
- Consultants or contractors need the safety data to conduct SIL verification calculations.
Applications occur in oil & gas upstream and downstream, power generation, chemical and pharmaceutical production, pulp and paper and others.
Example applications where SIL Analysis is needed:
STEPS for SIL ANALYSIS
Select SIL Target
Using agreed tolerable risk criteria and a SIL determination procedure, eFunctionalSafety can lead your SIL study team sessions with one of our highly experienced and senior facilitators. We can support selection by Rish Graph or Risk Matrix, Safety Layer Matrix or Layer of Protection Analysis - LoPA
Write the Safety Requirements Specification
A solid safety requirements specification is the backbone of any safety system. We have proven templates and checklists which have been tested on multiple industry projects. Our service can be as little as checking your requirements are complete, or providing support to author the full requirements specification.
eFunctionalSafety has access to the know-how, software tools and equipment failure rate data that can model the hardware performance of even the most complex Safety Instrumented Function (SIF) designs. We also check for equipment systematic capability, hardware fault tolerance and calculate the PFDavg or PFH according to application requirements.
Hire a professional independent SIL Chair - CFSE Qualified
If you need to conduct a fair yet objective SIL assessment, independent expertise is often crucial. It would help if you had someone who has sufficient experience, authority and technical capability to lead and guide you to a conclusion.
PROPOSED checklist for the right CANDIDATE TO LEAD A SIL STUDY
Get a head start with our templates
Like several of the safety life-cycle steps, templates and procedures are necessary to get a good outcome. We provide several procedures and templates for purchase individually, or as a full set.
Learn online now, with one of our self-paced courses
We started developing self-paced online eLearning courses in 2013. Now, we have a full-featured Learning Management System which provides the platform for both TEAMS and individuals to learn at their own pace, 24/7.
Certified Functional Safety Expert - CFSE
If you need to conduct a fair yet objective SIL study chair, independent expertise is often crucial. It would help if you had someone with sufficient experience, authority and technical capability to lead and guide you to a conclusion.
Get the SIL resumé
We provided SIL verification support for an entire package of turbomachinery safety functions for a well-known Small Gas Turbine (SGT) supplier.
We reviewed the SIL target assessment, supported the authoring of the system and functional safety requirements specification, and provided the probability of failure calculations for every function within the gas turbine (GT) range.
Our comprehensive report enabled the GT supplier to demonstrate that the required SIL targets could be met by the hardware design.