Professional Documents
Culture Documents
Dr. Aa Process Control and Safety Group
Dr. Aa Process Control and Safety Group
Dr. Aa Process Control and Safety Group
SIS
Safety instrumented systems (SIS) are used to provide safe control functions for processes, e.g. emergency shutdown (ESD), fire detection and blowdown functions. SIS typically are composed of sensors, logic solvers and final control elements
A Safety Instrumented System is designed to prevent or mitigate hazardous events by taking a process to a safe state when predetermined conditions are violated.
Other common terms for SISs are safety interlock systems, emergency shutdown systems (ESD), and safety shutdown systems (SSD). Each SIS has one or more Safety Instrumented Functions (SIF).
SIL
SIL stands for Safety Integrity Level. A SIL is a measure of safety system performance, in terms of probability of failure on demand (PFD). A SIL is a statistical representation of the reliability of the SIS when a process demand occurs
The higher the SIL is, the more reliable or effective the system is.
To perform its function, a SIF loop has a combination of logic solver(s), sensor(s), and final element(s). Every SIF within a SIS will have a Safety Integrity Level (SIL). These SIL levels may be the same, or may differ, depending on the process. It is a common misconception that an entire system must have the same SIL level for each safety function.
SIL levels
Event Likelihood Catastrophic Frequent Probable Occasional Remote Improbable SIL 4 SIL 3 SIL 3 SIL 3 SIL 3 Consequence Major SIL 3 SIL 3 SIL 3 SIL 2 SIL 2 Severe SIL 3 SIL 3 SIL 2 SIL 2 SIL 1 Minor SIL 2 SIL 2 SIL 1 SIL 1 SIL 1
SIL 2
SIL 1
SIL 1
SIL 1
SIL Misconception
It is a very common misconception that individual products or components have SIL ratings. Rather, products and components are suitable for use within a given SIL environment, but are not individually SIL rated. SIL levels apply to safety functions and safety systems (SIFs and SISs). The logic solvers, sensors, and final elements are only suitable for use in specific SIL environments, and only the end user can ensure that the safety system is implemented correctly. The equipment or system must be used in the manner in which it was intended in order to successfully obtain the desired risk reduction level. Just buying SIL 2 or SIL 3 suitable components does not ensure a SIL 2 or SIL 3 system.
Question !!!
ENGINEER: "Why is this existing interlock SIL 2? RISK ANALYST: "I don't know off the top of my head. What does the documentation say?"
ENGINEER: "It was set in a safety review. And you were there!"
RISK ANALYST: "Beats me! It doesn't look like it should be SIL 2 when I look at it now.
Target SIL
ANSI/ISA S84.01 and IEC 61508 require that companies assign a target SIL for any new or retrofitted SIS. The assignment of the target SIL is a decision requiring the extension of the Process Hazards Analysis (PHA). The assignment is based on the amount of risk reduction that is necessary to mitigate the risk associated with the process to an acceptable level.
All of the SIS design, operation and maintenance choices must then be verified against the target SIL.
The categories are described in general terms and some calibration would be needed to get consistent results.
The matrix was originally developed using quantitative calculations tied to some numeric level of unacceptable risk (Green, 1993).
It is recognized that this method may give a higher required SIL than other methods.
The perceived trade-off is reduced analysis time. On other hand, for events whose causes have a high frequency, this method could give a lower SIL.