SIL ASSESSMENT-RISK

GRAPH and LOPA

Training
Course
contents 


What is a SIL assessment Study?
Relation between HAZOP and SIL
assessment study
 Understanding Safety Integrity
Level (SIL)
 Risk matrix/ALARP principle
 Layers of protection/Safeguard
 Hierarchy of controls (with simple example)
 LOPA study Example
 Brief introduction to Risk Graph Method
DIFFERENCE BETWEEN HAZOP & SIL SESSIONS
Both HAZOP and SIL Sessions deal with Risk scenario for Analysis.
But there exists a Difference in the Concept related to the Safety
Instrumented Function (SIF).
The HAZOP Session looks at the Safety Instrumented Function (SIF) from
Positive side and expects the SIF to Perform its function Successfully to avoid
a Hazardous Incident from occurring.
Where as the SIL Session looks at the Negative side, i.e Failure or Absence of
the SIF under study, explores all the consequences in the absence of the SIF
and establishes the Criticality Rating (SIL) on this basis.
The HAZOP Session deals with all the modes of Operation of a facility,
including the Steady state operation, Bypass mode, Maintenance mode etc.
But SIL Session primarily deals with the Plant’s Steady state operation.
Relation between HAZOP and LOPA
Understanding Safety Integrity Level (SIL)
What does SIL mean?
– Safety Integrity Level
– A measure of probability to fail on demand(PFD) of the SIF.
– It is statistical representation of the integrity of the SIF when a process demand
occurs.
– A demand occurs whenever the process reaches the trip condition and causes
the SIF to act.
– There are 4 SIL levels. SIL Levels are measures of how we achieve function safety.
– Applies to the complete safety function/loop
– Higher SIL means
• Stricter requirements.
• Safety Function fails less and thus plant protection is available more.
Safety integrated
Function-SIF

• PT-100 A/B/C-initiating elements-

sensors
• LOGIC solver
• XV-100 and PV-200 Final elements
 1 in 10 means, the function will fail once in a total of 10 process demands

1 in 1000 means, the function will fail once in a total of 1000 process demands
SIL-3 EXAMPLE
What is the consequence ???
What is the consequence ???
• Can it Kill someone..?
• How much it is going to cost…both
direct/indirect/insured/uninsured
• Is it going to cause any Environmental issues..?
• Is it going to cause any public relation issues or
Regulatory actions
What is the likely hood the event can occur
• Is there any inherent design to the equipment..?
• Is there any BPCS to control it..?
• Is there any alarm to alert the operator for intervention..?
• Is there any safety instrumented system..?
• Is there any emergency response plan
RISK ASSESSMENT MATRIX (RAM)
CONSEQUENCE LIKELIHOOD
A B C D E

Environment
Production

Reputation
Equipment
Severity

damage
People
Rating

More than100 Once in 100 Once in 20 Once in 4 years

loss
years (Never years (Heard of years (Incident (Happened More than once
heard of the Incident in has occurred in several times in in a year
incident) Industry) Our Company) the Company)

Multiple worker Extensive More than a Massive effect over International impact.
Catastrophic

fatalities / damage, month of outage a large area or Adverse attention in

permanent total prolonged loss of for one unit constant breach of International media
5 5A 5B 5C 5D 5E
disabilities or single production or > regulatory limits
public fatality Rs. 10 Crore
Intolerable
Single worker Major damage, More than one Major Effect, Short Major Impact. On
fatality / Permanent disruption to week to one term breaches of National TV /
Demonstrate Zone
Major

disability or serious operations or < month outage regulatory limits National Press
4A
4
injury to public Rs. 10 Crore for one unit ALARP4B 4C 4D 4E

More than one LTI Local damage, 48 hrs. to one Localized effect. Considerable
unit shutdown or week outage for Has significant impact. Major
Serious

< Rs. 1 Crore one unit impact on concern in National

3 3A 3B 3C 3D 3E
Environment but no Press / Local TV
permanent effect

One Loss Time Minor damage or 24 hrs. to 48 Minor effect, has Limited impact.
Incident (LTI) < Rs. 50 Lakhs hrs. outage for impact on Public concern in Incorporate Risk
Minor

2 one unit Environment but no neighborhood. 2A 2B Reduction 2D

2C 2E
permanent effect Reported in local Manage for
newspaper Measures
Slight injuries (First Slight damage or Less than 24 Slight effect; 100% Slight impact, Public
Continuous
Notable

aid case) / Short < Rs. 10 Lakhs hours cleanup possible awareness exists, no Improvement
1 term effect public concern 1A 1B 1C 1D 1E
 Target Risk
Consequence Frequency
People
Category (Occurrences per
year, per event)
P6 n/a 1.00E-07
P5 Multiple f atalities or Permanent illness 1.00E-06
P4 Single f atality or Chronic illness or Over exposure f or more than 8 hrs 1.00E-05
P3 Serious illness or acute illness or high exposure (Entire shif t - 8 hrs) 1.00E-04
P2 Local of f site treatment / Temporary illness / Intermittent Exposure (15 min/hr) 1.00E-03
P1 Minor injury or First aid cases 1.00E-02
E6 n/a 1.00E-07
E5 Widespread, Permanent Ecological damage 1.00E-06
Some Permanent Ecological damage (continous emission not contained w ithin
E4 1.00E-05
the organization)
E3 Major sustained environmental release 1.00E-04
E2 Controlled environmental release(w ithin license limits) 1.00E-03
E1 Minor spillage or Fugitive emission 1.00E-02
F6 n/a 1.00E-06
F5 Plant outage more than 1 w eek,>5 Cr 1.00E-05
Less than 1 w eek outage f or 1 section;or 48 hrs to 1 w eek f or the plant,2 Cr to
F4 1.00E-04
5 Cr
48 hrs to 1w eek outage f or single section; or less than 48 hrs f or plant,< 1Cr to
F3 1.00E-03
2Cr
F2 12 hrs to 48 hrs outage f or single section,< Rs. 50 lakhs to 1 cr 1.00E-02
F1 Less than 12 hour outage f or single section (w ithin 1 plant),< Rs. 50 lakhs 1.00E-01
ALARP PRINCIPLE
“As Low As Reasonably Practicable”
▪ Involves weighing risk against the
trouble, time and money to control
▪ Describes level to which workplace risk
is to be controlled.
▪ Not prescriptive
▪ Challenging because it requires
employers to exercise judgment.

What is Acceptable Risk?

We accept/ tolerate risk when:

1. We don’t know that it exists

2. The Risk is insignificantly low
3. When it’s worth the Risk (?)
Risk Reduction Fundamental Concepts

As Low As Reasonably Practicable or Tollerable Risk

(ALARP ZONE)
 Control
Measures
priority
PFDs for IPLs adapted from CCPS
LOPA ONION-
SAFE GUARDS
RISK GRAPH METHOD
Training Academy
training@ifluids.com

info@ifluids.com
Thank you