What is SIL?

(Safety Integrity Level)

1
Proprietary Information
1
 Bad Accidents Happen

• What
 Explosion
• When
 March 23, 2005, during maintenance
• Where
 Isomerization unit at BP Amoco Texas City refinery
• Who
 Contract workers
• Results
 15 people killed
 Over 100 injured
From CONTROL magazine, May, 2005

2
 Safety is a BIG Deal!

• Review aspects of Safety

• Apply the world’s most dominate Safety Standard

• Discuss how it metamorphoses into something more

3
 Aspects of Safety

• Primary Safety
 Shock and burns inflicted directly by the
hardware
• Functional Safety
 Covers the safety of the equipment
 Depends on risk-reduction measures
 Relies on the correct functioning of these
measures
• Indirect Safety
 Indirect consequences of a system not
performing as required

4
 Safety Instrumented Systems

• Safety Instrumented Systems (SIS)

 Used where there is a potential threat to:
 Life
 Environment
 Process
 Equipment

• Independent of the normal process control system

• Take action to render the plant safe in the event of
a malfunction

5
 Hierarchy of Safety

OSHA and EPA

Process Safety Management

Emergency Shutdown Systems, Control, Relief Systems

these include all Safety Instrumented Functions (SIF)

Written Internal Engineering Industry Codes

Guidelines Practices & Standards

GOOD ENGINEERING PRACTICES

Functional Reliability = Safety

6
 Standards Bodies

• ISA = Instrumentation Systems and

Automation Society

• IEC = International Electrotechnical

Commission

7
 Rapidly Changing Situation

• Broad acceptance of the IEC standards worldwide

 IEC 61511 – “Functional Safety: Safety Instrumented

Systems for the Process Industry Sector”

 IEC 61508 – “Functional Safety: Safety Related Systems”

8
 Benefits to the Users

• Common frame work

 Used by both End-users and Suppliers
 Design equipment and systems
 Safety related applications
• More scientific approach
• Numeric approach
 To specifying and designing safety systems

9
 Benefits to the Users

• Risk analysis
 Quantify the nature of the risk
 Design a protective system appropriate to the risk
• Less likely to Over or Under-specify.
• Less expensive solutions may provide
adequate protection.

10
 The Essence of IEC-61508

• Identify & analyze risks

• Risk assessment (how tolerable is each risk)
• Determine how to reduce intolerable risks
• Specify the requirements for each risk
 Specify the safety requirements for each risk reduction,
including their Safety Integrity Level

• Design to meet the safety requirements

• Implement the safety functions
• Validate the safety functions

11
 IEC 61508 Safety Lifecycle
Management
Concept of
Functional
Overall Scope
Safety
Definition

Hazard & Risk

Analysis Front-End
Engineering
Overall Safety
Requirements

Safety Requirements
Allocation

Design
Overall Planning Safety-related Safety-related systems: External Risk
systems Other Technology Reduction Facilities
Overall Overall
Overall Operation
Validation Installation &
& Maintenance
Planning Commissioning Realization Realization Realization
Planning
Planning

Overall Installation
& Commissioning
Commissioning

Overall Safety
Validation
Operations &
Maintenance Overall Operations Overall Modification
& Maintenace & Retrofit

Management
Decommissioning
of Changes
12
 Example Risk Assessment

Weigh the risk by quantifying the consequences, exposure time, and probability of
avoiding the hazard

13
Where Do Most of the Failures Occur?

Average Probability of Failure on Demand

Field Sensors
26.05%

Field Output
Logic Controller
(Actuators, Etc)
8.52%
65.43%

Source: Gobel and van Beurden, A Statistical Study of SIF Designs – Distribution over 8,917 SIFs
– as shown in Hydrocarbon Processing, January 2006
SIF = Safety Instrumented Functions

14
 Reduce Intolerable Risk

• Increase the system’s safety integrity

• Safety Integrity
 The average probability that s Safety Instrumented
System will work
 under all the stated conditions
 within a stated period of time
• Safety Integrity Level (SIL)
 The discrete level for specifying the safety
integrity requirements of a Safety Instrumented
Function (SIF)

15
 SIS Architecture

• How the system is to behave upon the detection of a

fault will influence
 The system’s architecture
 The level of diagnostics
• Hardware Fault Tolerance (HFT)
 1oo1 system, has a HFT of 0 (1-1=0)
 1oo2 system, has a HFT of 1 (2-1=1)
 1oo3 system, has a HFT of 2 (3-1=2)
 2oo3 system, has a HFT of 1 (3-2=1)
• A 2oo3 has the same HFT as a 1oo2 system, but a
2oo3 has more availability

16
 Safe Failure Fraction (SFF)

• Values of SFF
 0; SFF < 60%
 1; 60% < SFF < 90%
 2; 90% < SFF < 99%
 3; 99% > SFF

17
 Minimum HFT of Programmable
Electronic Logic Solvers

SIL Minimum hardware fault tolerance

SFF < 60% SFF 60 to 90% SFF > 90%
1 1 0 0

2 2 1 0

3 3 2 1

4 Special requirements apply – (see IEC 61508)

18
 Safety Integrity Levels

Safety Safety Probability Risk Generalized

Integrity Availability to Fail on Reduction Impact
Level (SIL) Required Demand Factor
IEC 61508 & (PDF) = 1/PDF
IEC 61511

1 90 to 99% <.1 to 10 Minor property

.01 to and production
100 loss
2 99 to 99.9% <.01 100 Major property
to to and production
.001 1000 loss, possible
injuries

3 99.9 to 99.99% <.001 1000 Employee and

to to community
.0001 10,000 injuries
4 >99.99% <.0001 10,000 Catastrophic to
to to community
.00001 100,000

19
 SIL Flows Through the Entire System

Control Logic
Input Field
Input Field (CPU) Output Field Output Field
Wiring
Devices and I/O Wiring Devices
Circuitry

SIL 3 SIL 3 SIL 3 SIL 3 SIL 3

20
 SIL Takes on More Meaning

• SIL ratings are a tool to help design safety

systems.
• Using SIL’s availability and PDF numbers as a
way to judge the quality of equipment
• SIL is becoming to mean more to users

21
 Conclusion

• Reviewed aspects of Safety

• Learned how to apply IEC 61508
• Discussed how SIL is now being used to specify non-
safety related systems

22
23