SAMAFSS 7 St Safety Integrity Level] 4S Wet deal - ups - alge! - epg” adsdddduded ddddudasd “Uadddawared - “asamp (2012, 6 13. 4 / 2012. 9. 12 HE) Towards the Application of Safety Integrity Level for Improving Process Safety ‘Hyuck-Myun Kwon’ - Hee-Chul Park’ - Young-Woo Chun’ - Jin-Hyung Park” Occupational Safety & Health Research Institute, KOSHA + "Korea Occupational Safety & Health Agency “Yokogawa Elecric Korea Co, Ltd (Received ume 13, 2012 / Accepted September 12, 2012) Abstract : The concept of SIL is applied in the most of all standards relating to functional system safety. However there are problems for the people to apply SIL to their plants. as these standards don’t include sulfcient infor- ‘mations. In this regards, this paper will suggest the direction of SIL. application and concept based on IEC 61508 and TBC 61511, A Safety Integrity Level(SIL) 18 the discrete level(one out of possible fours), comesponding to a range of the probability of an EEPE (Blectric/Hlectrical/Programmable Electrical) safety-related system satisfactorily per- forming the specific safety functions under all the stated conditions within a stated period of time, SIL can be divided into the target SIL(or required SIL) and the result SIL. The target SIL is determined by the risk analysis at the analysis phase of safety lifecycle and the result SIL is caleulated during SIL verification at the realization phase of safety lifecycle, The tanget SIL is determined by the risk analysis like LOPACLayer Of Protection Analysis), Risk Graph, Risk Matric and the result SIL. is calculated by HFT(Hardware Fault Tolerance), SFF(Safe Failure Fraction) and PFDavg(average Probability of dangerous Failure on Demand), SIL is applied to various areas such as process safety, machinery(read vehicles, railway application, rotnting equipment, etc), muclear sector which functional safety is applied. The functional safety is the part of the overall safety relating to the EUC and the EUC control system that depends on the comect functioning of the BIE/PE safety-related systems and other risk reduction measures. SIL. is applied only to the functional safety of SIS(Safety Instramented System) in safety. EUC is the abbreviation of Equip- ment Under Control and is the equipment, machinery, apparatus or plant used for manufacturing, process, trans- Pettation, medical or other activities. Key Work : SIS, SIL, safety lifecycle(SLO, functional safety, SIF, maintenance LAMe eo] oftfc} SIL& Functional Safety(7]4s¢h)-& 19994 TEC 615080] 2]}|31, 200841 IEC 61011 a Belo) ask a ad 9] APSE OE AA AHO] TUOMAS ARAL Sy aban Tage SILG oh | Target SIL oh SE Safety Integrity Level. ol SUS Al seule] 4: gas SIS Ala}oh7] Sloe Iso] ats KAS ASSIS Ack FEMA A eee. onlay Balsiel Taper SIL ALE Aj Slop AIM OAR: del, , SVC AM SLA] #02} 4 Deh 43 SE Aloe Me Ede de wa 3) 2} - oleh Geta IS] FA ofA] AAO SILER ge ajo) of ye} 2 o| 7 SS URIS] Mol SEAS AE hey ey svapy WES] eaas ora aL ASS ae —_—W— 77) AM FAALat PA]Ale APY WL 28 Zo nh mens ako WS AA aEHE o1A] SILO] 7H} fhe Be 64BAIS Het Safety inteciy Level2l AS wer ach S}AIYE IEC 615083} IEC 615110] SE 4p) Ze) eh ABH #2) Q7] wel) IEC 615082} IBC 61SLINFO EY SLE Hs ols Se Bol) 4}B3h7]t= 4) ect. | SHAE SILS} 42] Bl S47, Target SILS} Agape, Result SIL2] %)yH¥, ISS] 42}, SIs | Siro) He Al ABS AVWo SM SWE ofA] yb] os SILS o}¥ 7] Es}at 4.832] of] RE BRS Allstar} et 2. SiLo] Bo] BSR 2.1. SiL2] Be} TEC 61508 PART 49] -§-0}732] 4HeS a1} wa SILG: Safety Integrity Level aya ABM “WAH ASafety Integrity) x2} WS 474 9} Balsall FeOe Yep glow 47o} + EF SILA} 7H Se +O] AL SIL10] 7h st 2 Ae Oe Pojwjo} gcp gra AGafely Integrity) O] “A7/RAV ESA GW 7hett AAKBEPE) helztel 4] 5(Safety-rela ted system)o] “a2 A|zbeH) 5 ately ADA e& USAR PBSKs SHE" o}ebL IEC 61508 PART42H} 82}=}9} gle}? > SILo|et “a7 WAVZSAP Hee WAb HB o/S0} 41 arated Allo] ahd A]zbo]) BS BA OIA Sa oS USA) BORE S82] UNS 472] Bisael OR UE “Ss WREH olay 47ho] welspalel ES Taper 2} AS 0] HE9| Table 3% 3518}1 Result 2} BAS Oo] {HES} Table 29} Table 3 7H BE Bateto] Ba + ae wee 2.2. SIL2| S#2t Safety Lifecycle (SLC) SILG Fig, 10]) SE@UEI Safety Lifecycle % Ana- lysistt lol 2]. LAS FO AVES Target 2) 2} Realization’}4}oH|4] SIL te + Uth Fig. 1, Satety itecycieSLO)”, 0) 7H oaeale! BA beole} St 4 9ST Risk Analy sis(@]SA4) 2] 7-9-4 BPA Quantitative) 24 YPYOS Hazard Amlysiso}’] 9]@f3}C}SL Whe SIF (Safety Instumented Function, eHa7/3s)oH oi aH BabA LAS ALAlo}o} Target SILS Ayelet. Target SIL-® YS S417] BLayer Of Provec- tion Analysis), Risk Graph, Risk Matrix, ALARP(As Low as reasonably practicable) $2 $8 QE} ei] LOPACayer Of Protection Aalysis, YS) 42 Al7\e)7t Bal 7s NEA) Ah Holet =P Ct Result SILE SSF ]o]3736}-82 HFT, Hard- ware Fault Tolerance), @llal4u|-S4SFF, Safety Failure Fraction), Jat4}§-2.5"4] 9517334 PED- avg, Average Probability of dangerous Failure on Demand) & 2 Alba] Aaeeh Result SILS Target SILC} BEA) AL} Se As}7t 4 8}OF Qa atcha Wh 4 oleh. 3. silo] aay 3.1, Target SILB ARs YAS Target SILS A8SHz VHS S719 VS ‘Hol akck » IEC 61508 edition 2 Part Se] 4]4) 1 ha} ALARP(As Low As Reasonably Practicable) Risk Graph Risk Matrix LOPA(Layer Of Protection Analysis)” PIEC 61511 edition 1 Part 36] a4) <1 Sha) FTAGault Tree Analysis) LOPA(Layer Of Protection Analysis)!” Ad wae S Aa Mallow 74 wel o} 6BS - wl ROIS iat BELL IS WWE] LOPACE SAS LAV TY, La. yer Of Protection Analysis)o|@52 te Btolj t= LOPAS] Wyo} ola Zeetspy UavsHEs Meh 4p] Table 1 IEC 61511 PART 30] UeRt LOPA Hole og Wie} KOSHA CODE P-4s- 20099) LEH Holes Se AloleP. yea 2 IEC 61511 PART 19} #0}4Jo] 9]8}91 “Ai OBE ES Azo} ajo} BARE QAM Heael ops ola Begley. BAe] ws ABS Wl AS YMVRAS BYOR vey Wd 8}7] Fig 29} Zo] Ueha + she Table 1, Example of LOPA” akg mal aa[teelar | [or |r | o fove] we | we |e Gs Fig 29) Qhipy-ea) Zo} LOPAo az UME SES AS ob 4zet Fg] ehalo] yb os 4}7] BYol wep Gaels ach ete Als 47] BBS zhsekaala7lsel) asset SS ESDE sh SoU} Peet SUE S oF als. “A|5|4] B52 ks SWE7t gob ets aeep] et 2 BUSS] ABA eho] Het CE oe Aldele Fig. 2. Orion protection layer” LOPAS ASK S SUES) AAS 7¥s Bae A) PASE + BS vols Target SLE 7h Alajoe aes + he Te ol] tet. 3.2. Result SILO] 7i}AF Result SIL& Alehs whys era avshi) ASF, Safe Failure Fraction) 8}: 9]o]314318-2GHET, Hardware Fault Tolerance)ol] |@t 3 Le|at BAEAT A MUSUISHEPFDavg, Average Pro- bability of dangerous Failure on Demand)o} ©1@1 WS BF Ae FE 7) dats 4 tS ash ‘& Result SILE ABC. Ay Al ela ube] ebay] A(SFF, Safe Fat Table 2, Table 2 & Table 3 in IEC 61508 PART2® ‘ile 2— ai ana sate inayat ‘union co any type tress ener Table 1°] LOPAS| oo]}A] abso] BSE me} eoha Apatelie7} AAQElaL Zp YP SA Set oft 7\ZulolBo) UehY PEDS Qlels}st 27] APLULEAPE] SLE BE AG2] PFDS Bolo] ZEUS AARC ozo-os gabe xfs WES SMSWIES Ue ge] las VOTES AVS PPE AY=|it ©] PPS TEC 615089] 7|¢e]olo] ue} SILE Stebel “act LOPAGS @1a|¢ha(Personnel Safety), $3, “Vat ol] Hak = Al4e}oloF ob), A) 712} Target SIL $ 7 = SIL] 3H Target SLE ABH. 66 Te-am awa say iy el a tution caves ap satel wenn sem -outnal of the KOSOS, Vol. 27, No. §, 2012BAIS Het Safety inteciy Level2l AS wer lure Fraction) + 8}2.990]51%%31-82\( HET, Harchware Fault Tolerance)oi] ©}@b Y}e2 IEC 615086) 23h “pHo) Qhat, IEC 615116] 2}8t Yao) B=] o) TEES BUR Wel TEC 615080] fet WHS 71S2=e Wes} Fe}. IBC 61508 PART 20 87] Table 2} Zo] Table 2} Table 3 += 7A Bolo] IE AY7| Table 204 Qhaial4hu) SSFP, Safe Fai- lure Fraction) °1@ 81719] B41°.2 ABR 4 Sch SEF =(S)\5+ Shr)! (DAs+ Dat Don) As? Safe Failure Rate(QHAs-4}39) Avs! Dangerous detected failure rate (eR) Anw: Dangerous undetected failure rate Gaze)” BS} 90}ST43]SAHPT, Hardware Fault Tole- ance) IEC 61508 PART 2 7.44130} 8}719} Mel 7lasle} wep. P= Hol SSA] NS N+ 77h eal71s-9) APA Opa + Ute AL] A] TWHolet = AS nletep” IECS] Bt S 47] ES Bo] All olahet7] VE EE BEA al Avera we] ye ofae] QoS Pas + k= 3 hseAENO] SEEMS SALHET)EES Alolch 437] Table 29} Table ‘ype Aol det elo] Ho] z} Table 31 Type Bol) oe lo] {el | Type AS} Type BS 12.¢3H= 714} QIebalel hy sf Use SER} oh LEMAE Gis 39 Type AB WEES. SIEEof) uo] SA A7 ets Type BR EFelt}. Ae Nl) Bpael Qakzheat 4) Slesvas HS (PDavg, Average Probability of dangerous Failure on Demand) 2} AAH2- Bagels] AP oh Table 304 LE} ¥}2} Zo} IEC 61508 PART 12} Table 26) whe} SIL A1gatc}?. Table 3. Table 2 in IEC 61508 PARTY Tle tty nt ae PEDavg9| ArS-4) Sl zh AKEsHS Abel we} A}ol7} & 4 7] oistel) PEDavgal} lst} SER/ HETS| Abe BEA) AAA] O = Q1aHS Toole) SILENTIA(G]3 exida *uf)U} Yokogawa] Tool] GROEN BS uy] dics dawe + gst MURS AHS Tool FAS WME BUS ASAE ABEI4) Seth RS Alol £9} Ale] 4}-2 $fsH| CESE(Cettified Fune- tional Safety Expert)®] 25% YAS. SIL calculation report = SIL verification report: @14)5}3: 3] olt}. @HU8 SILENTIA u]S$2] oHaEA14) Safety ABA) Exidaol}4| 7S! SIL Calculation Toolo}#} GRC: General Reliability Caleulator®} °F AB QU7}O} UES ZIA}oH) QL Sa rance & Consultancy $o]] 71}eh¢ SIL Cal Toole |e}. 4, SISO] BO), BH HW AA 4.1, SIso| 219 SISt> Safety Instrumented System(QraArA1 We) ee Sze] elses Bots al ule] aehal erates 7h il sks Saal Ae) Grech IEC 61511 PART Io}: 3}7]2} Zo] SIS Ao}ateh. “CPAAPBAA SIS SAF Et 1 Osa] et BAPY7VHSIR, Safety Insirumented Function): ©] BS}7] AAW ABER AIAG OS AA(Sensor), BASHA7 Logic Solver), 2]-$-A24Final Element) oleae AP] SSF) AML QAI Ps( SIF) TEC 61511 PART lj] 3}719} Zo] Beso} ach “SED 7PSIS 71'5%4Puetional Safety) 2 GAS} gba aywS7/ (Safety Instumented Protection Function) 54: @h4li}2}i}o} 7 s(Safety Instrumented Control Function)®] #2) 4= 9 SIL& 7 7s" AMA|(Sensor), 32434247 |(Logic Solver), 2}24Final Element): 3}7|2+ Zo] IBC 61511 PART lo] @2}s}o] Qe} Sensors): HEA AAS Soy] He A Aol, transmitters, transducers, process switches, posie tion switches) Logic Solver(s) : 3}L} ©] 32) Logic 745-28 BRE AICI, electrical systems, electronic systems, orWAS sey ee. programmable electronic systems, pneumatic systems hydraulic systems) Final Elements)» @ha@h eat eh7] ia WOR Bey] AER SHS BAA, valves, switch ‘gear, motors including their ausiliary elements) SIFS) oS 29 ERY ale SISt: BPCS(Basic Process Control System, 7} $2 BAAV|AM, DESO} SIRE SImpyapo} He) 2 WEA PalstoloF Bho] ME SS12I21 BPCS 9} SIS] FA} <1Y.OR Hes}e Fig 49} Zo] uehH = ach 3 Uebel Fig. 39} zo] oF ‘Safety Instrumented Function ig, 3, Safety instrumented function”, Siar Fig, 4, Safety instrumented function” 42.5891 SR BUCA ASHE SIS] SHE WRAL ESDEmergency Shutdown System), PSD(Process Shut- down System), F&GFire & Gas System), HIPS(igh Integrity Protection System), HIPPS(High Integrity Pressure Protection System)7} YOU} -Pe]u}e}9] AF4= O}4 JASE Flare Stack, Scrubber, VCU(Vapor Combustion Unit) 30) AAB-E]‘= HIPSe|yr SILS] 68 A ABS|32 gat U4}8]2] ESD, PSD, F&G, > = UAE SILS ACh O] SLL SLA] Shu Zh A} Fp Sh Agal4) & 2}7/GS2] AAG SLES S $e eO] Of] 2 eld. 4,3, SISO] BE SSS] G]EAIe] =F (Architecture)t= +23} eh Single: lool 1960\A¢HoH) Software7} oF 2.52%) Hardware s28h Logie: SHS FA VL le} S2@)s} 0] A13}-Yo] See Hardwares2Uh Logic 4). SILA) SSA 7) 51 30K BES] 1 BS BRICK AHO] BLS TMR: Triple Modular Redundancy. 2003522. 1970 Aho PAST Bhs} Sah AlOLS |S A]. SIL37}2] w}4]2] 42 Qt, 1991 de] TUV alee we DMR: Dual Modular Redundancy, 1002054. 1980, Velo WHEN LS ARs 27 albseS 21g-¢ 3%, SILI” WAV 4 QL 1986eeH| TUV ase Ue QUR: Quadruple Modular Redundancy, 2oo4D5z SILI 74) WA) 2 4 VIMR: Versatile Modular Redundancy. lool Dt AVAL AAR loolDS SILI UHEA\ZRE 2d QIZS ASME loolDS eH] olsapjz) AP 99.99000%9] AvailbilityS YLH2IZ] 42 YS. 5. SILO] FA] B BA] 3] 20 SIL3& Ug. 412} <1 SISe} Beeps #7)419.32 Proof Test 8}2] YO SILE 21 aos Boal + Vel Web olga ARSE 71S Proof Test Intervalo|2} $e} 327141 2.2 Proof Tests QChat aS Al7]E Seal atalfsto} ale 4 Ao] Ye} 7 gHAES BUYS Dange- rous Undetected Failure Rate7} 243] @o|2)2]%= Bec. oval Beldet AES] oh BMS & Proof Test Coverage(PC)e} ch WAAR! al 29} Proof Testol] 2%} GAH ey} yep ya 9) Fig. 59} 0] LEH + let: Fig. SoA] ah} Alo] vd Proof Test 14] MS G So} oj} ss el Ao} wt ZY Ao] Proof Test et WE 4Aa-4) eS wl SIL9] So}: “HES 1 oleh Journal of the KOSOS, Vol. 27, No. 5, 2012BAIS Het Safety inteciy Level2l AS wer Fig. 5, root “eit SL} alngasab Oae SLE JARS 197 SS Atel al 20) BUS AA sHse] 14]4) Gat e|ALS Al aaoe ois RENE Sgsist SYShs Sf HA IGS AIH: aA] 7S o2I7F oh op @ + Sle} SHES aldo Ae ah HEnd User), 2KEPO), APS}, ZAHA ZF of 22 CHE 71& 7st Aaah aS AG S J EH YHA SSL BE oleh uk} ate Bass] als s4bsl7] We Pol) EWS Aolch ofoj] CHS wha End User9} 2] TS B+ Mol Bch SILE BWSeaol Hell ALGSHEnd User), Qa AKEPO), AVAL, A Atl Zl SSS AMBE + LE TE Gol HS AWS spo] FACe SUEUAS 8 NASR BINA US 710) ELL BA FejUe}2] SL Agashe Ly eh) 719} & Asa TACK =2] AA7]eS0] Flare Stack, Senubbe, VCU -54]) ALG: HIPSof et SIL¢] 4] Gz ASs|D Uc BE SIL Aol wks F7hH] So] Wve Shy Abate] a}eta7}s stele Sales Aza} Zo] SIL] aita}el =e) % zelshojor Ue sata ate S AMPAALO se abate oh cho ee esol aLaee ee} LAS aM Ietol Ay Target ‘SIL BBs BAtARealization)} A Result SILS AAIS}o} SAL] Abas 212} SIR, MDE MSS, 1A Sensor, Logic Solver, Final Element] Target SIL. SUA + WEA] ASS star VHA 2] Pos AS AR AA) 19] SILS Hl + ES 77/4 2= A)HS1 Belsh= Ae] SILA te] 7s SRR BAheh BS get. IEC 6111914 So SISS 418817] 91 et AAA BAS BAlst7] Aysbs, Be}e SIL Sao] whe} Q5-E|O}A| SISO] FAS yIo}s] AL Bee] We} AS SRE sol chs ktch Baal HEY we} A) ASA + Wal Seteh. We} Chae s}IsP44 21 IEC 615083} IBC 61511 ol] “1321 SISS} SIL2] 7to} JSPR o] aS Set AVWAEnd User), Licensor, Za 2HEPC) AS BY] AAMT AR AHA eS sok etch 1) IEC 615084 Baition 20 “Functional safety of cleotrial/elevtronic/programmable electronic safety- related systems - Part 4: Definitions and Abbrevia~ tions”, pp. 19-20, 2010. 2 eps, 7hsekaaahd, G78 37 }2}417), 2012, 3) 0/344, “KOSHA CODE P-45-2009, BB ASAY LOPA)7IRoH BRE 71214", Brae ebay AB, 2009. 4) TEC 61511 Part 1,3, First edition 2003 5) IBC 615082 Eulition 20 “Functional Safety of Electrical/lectronie/ Programmable Electronic Safety- related Systems ~ Part 2: Requirements for Electrical! Electronie/Programmable Electronic Safety~ related stems 26 Table 2, page 27 Table 3, 2010-04", © TEC ‘isin 1 Edition 2.0 “Functional Safety of Electrical/lectronic/Programmable Electronic Safety= related Systems ~ Part 1: General Requirements”, pp. 3, 2010. HAG, HAA, “SIL BUS FBS VA) 9) Ase ese, eS ade S EAL, 2012. ? 0