Safety Integrity Levels

What are Safety Integrity Levels?
Safety Integrity Level, or as more usually referred to "SIL" or "SIL level", is a unit of measurement for quantifying risk reduction. There are four integrity levels, i.e.
SIL 1 - represents the integrity required to avoid relatively minor incidents and is likely to be satisfied by a certain degree of fault tolerant design using guidelines that follow good practice.
SIL 2 - represents the integrity to avoid more serious, but limited, incidents some of which may result in serious injury or death to one or more persons.
SIL 3 - represents the integrity required to avoid serious incidents involving a number of fatalities and/or serious injuries.
SIL 4 - represents the integrity level required to avoid disastrous accidents
Each of the 4 levels of SIL represents an order of magnitude of risk reduction.

SIL Reviews
A SIL review, or SIL Study is a formal, documented method that enables a team of suitably qualified and experienced engineers to determine a SIL level, based on relevant criteria and analyses for any particular control or safety loop. The basis of a SIL review involves establishing the risk reduction required for each identifiable part, sometimes called sub-system, of a system e.g. loop. From this a safety system is selected with the required technical specification and architecture to satisfy the required reduction in risk for each of the subsystems. SIL reviews take place after the HAZOP analyses are completed. Documents used in a SIL review include P&IDs (Piping and Instrumentation Diagrams), and Cause & Effect Charts, and often a Failure Modes and Effects Analysis (FMEA) report.

Determining SIL Level (SIL Rating)
The safety integrity levels risk graph (sometimes called a SIL Tree) method is a common tool used in determining the safety integrity levels rating of a sub-system. A SIL tree is shown below:

SIL tree

Definitions of terms used on the SIL Tree table:

Consequence Severity
- No safety consequence. Exactly as it says.
- Slight Injury. Injuries not requiring immediate/emergency medical evacuation.
- Serious Injury or 1 death. All injuries requiring emergency medical evacuation and up to one fatality.
- Multiple deaths. All incidents resulting in more than one fatality and any number of injuries.
- Catastrophic. All incidents involving many fatalities.
 

Personnel Exposure
- Frequent. Personnel will be close enough to be affected and failure of the system precludes the possibility of mitigating action.
- Rare. Either personnel are not in the vicinity of the event, or if they are, fully independent means exist to initiate possible mitigation actions e.g. evacuation.

 

 

Alternatives to Avoid Danger
- Possible. The rate of escalation is such that personnel in the area will have time to get away from the immediate area or that there is sufficient warning from independent means to allow evacuation.
- Not Likely. All cases other than those explained previously in Possible.
 

Demand Rate
- Relatively High. Occurs between 1 and ten times a year.
- Low. Occurs between once per year and once in every 10 years.
- Very Low. Occurs less than once in every 10 years.
 

In general, the higher the specification of the safety system the higher will be its associated SIL rating, and the lower its probability of failure on demand (PFD), as described in the SIL Rating chart below:
 
SIL Rating Table
 
 
 
 
 
 

What is SIL Rated Equipment?
SIL Rated equipment, to the appropriate SIL level, are required in SIL rated systems. Therefore all instruments used in a SIL rated system, including each instrument’s sub components such as sensors, logic solvers and integral components are required to work safely and meet the Probability of Failure on Demand (PFD) requirements.
SIL standards allow for a manufacturer’s proven, in-use data as well as fully assessed, third party analysis to demonstrate reliability. SIL certification is a tool to measure the amount of risk reduction provided by a Safety Instrumented Function. It assesses the tolerable/acceptable failure rate of an individual device.
 

What is Probability of Failure on Demand?
Probability of Failure on Demand (PFD) is a measure of the effectiveness of an instrument or a safety function. It expresses the likelihood that the instrument or safety function does not work when required to.
The PFD for a loop depends on the failure rates of all the components in the loop, hence the need to know PFD data for all items in a loop when determining safety integrity level of a loop. Just buying a SIL 2 or SIL 3 certified transmitter does not ensure a SIL 2 or SIL 3 loop.

 

Technical Library and Further Reading - external links

For those who want to delve further into SIL Safety Integrity Level and IEC61511, or just want to broaden their knowledge of functional safety, then the following books will be of interest: