Process hazard and risk Process Industry

analysis IEC 61511

Risk graph matrix
SIL-assignment example
Version: 1.0 Last Edited: 2005-10-27

This example is one of the results of the research project SafeProd supported by VINNOVA (Swedish
Agency for Innovation Systems). More information about the project could be found at
www.sp.se/safeprod.

SIL-assignment example using risk graph matrix

A pressure reduction flash vessel is designed as shown above. Pressurized hydrocarbons

flashes into the separation vessel. Pressure reduction is performed by a control loop (PC-1)
actuating the feed control valve. The vessel is protected to over pressures by a relief valve
(PSV-3). A safety instrumented function (PS-2) is considered for reducing the risk further.
The function shall close the high pressure feed in case of high pressure. Proper SIL of the
SIF should be determined using the risk graph matrix. Failure rate figures for the dangerous
failure fraction of installed components are also shown in the figure.

Risk assessment shows that a vessel rupture probably would lead to catastrophic health,
serious environmental and extensive financial consequences, as the liquefied explosive gas
is realised to the ambient. The consequence letters are filled in as shown:

www.sp.se/safeprod
-1-
Process hazard and risk Process Industry
analysis IEC 61511
Risk graph matrix
SIL-assignment example
Version: 1.0 Last Edited: 2005-10-27

Comments on this report are gratefully received by

Johan Hedberg
at SP Swedish National Testing and Research Institute
mailto:johan.hedberg@sp.se

Conseqence
Type C
H F
E D
F E

The dangerous area is normally occupied occasionally, but occupancy in the area is related
to process and control problems (the hazardous situation), while the occupancy parameter is
upgraded from “occasionally” to “frequent”. The hazardous event is developed to fast for
claiming any reduction due to probability of avoidance.

The exposure rate parameter for the health hazard is set to “frequent” and F=2 is chosen.

Exposure rate F
FD Permanent =1 2
FC Frequent 0.1-1 2
FB Occasionally 0.01-0.1 1
FA Rare <0.01 0

Exposure rates are irrelevant for environmental and financial hazards. (F is predefined to 1).

Avoidance conditions are not fulfilled and P=1 is selected for all hazards (health,
environmental and financial).

Avoidance probability P
PB Avoidence conditions not fulfilled 1
PA All avoidence conditions are fulfilled 0

The probability of a dangerous failure in the shown pressure control loop can be calculated
from the individual failure rates of the sensor, solver and valve components:

λ = 0.115+0.035+0.055-(0.115x0.035)-(0.115x0.055)-(0.035x0.055)+(0.115x0.045x0.055)≈

≈ 0.20 times / year

www.sp.se/safeprod
-2-
Process hazard and risk Process Industry
analysis IEC 61511
Risk graph matrix
SIL-assignment example
Version: 1.0 Last Edited: 2005-10-27

Layer of protection analysis LOPA is performed and reduces the demand rate of the safety
function, while the vessel is protected by an independent safety layer. A safety relief valve
with a failure probability of 0.01 is installed. The residual demand rate of the considered SIF
is reduced by the independent layer of protection:

λ = 0.20x0.01≈ 0.002 / year

0.002 times / year equals 1 time / 500 years and W = 3 is selected.

Demand rate W
W9 Often > 1/ y 9
W8 Frequent 1 / 1-3 y 8
W7 Likely 1 / 3-10 y 7
W6 Probable 1 / 10-30 y 6
W5 Occational 1 / 30-100 y 5
W4 Remote 1 / 100-300 y 4
W3 Improbable 1 / 300-1000 y 3
W2 Incredible 1 / 1000-10000 y 2
W1 Inconceivable 1 / 10000-100000 y 1
The likelihood figures are filled in as shown below. The consequence letters and likelihood
figures are then combined in the risk graph matrix for the three different types of hazard:

Conseqence Influence Demand Likelih.

Type C F P W Sum
H F 2 1 6
E D 3
1 1 5
F E

Likelihood sum (F+P+W)

C 1-2 3-4 5-6 7-8 9-10 11-12
F NR IL 1 IL 2 IL 3 IL 4 NO
E NR NR IL 1 IL 2 IL 3 IL 4
D OK NR NR IL 1 IL 2 IL 3
C OK OK NR NR IL 1 IL 2
B OK OK OK NR NR IL 1
A OK OK OK OK NR NR

Combining a consequence letter and likelihood sum gives the integrity level due to the
specific hazard. Finally the overall Safety Integrity Level can be assigned by choosing the
maximum required integrity level found. In this case health consequences require the highest
integrity level (SIL 2) of the specific function.

www.sp.se/safeprod
-3-
Process hazard and risk Process Industry
analysis IEC 61511
Risk graph matrix
SIL-assignment example
Version: 1.0 Last Edited: 2005-10-27

Conseqence Influence Demand Likelih. Integrity

Type C F P W Sum IL SIL
H F 2 1 6 2
E D
1 1
3
5
0 2
F E 1

The safety instrumented pressure protection function PS-2 shall fulfil SIL2 requirements.

www.sp.se/safeprod
-4-