Safety Integrity Level (SIL) is a measure of the risk reduction provided by a SIF (Safety Instrumented Function) based on four discrete levels, each representing an order of magnitude of risk reduction.
A Safety Instrumented Function (SIF) is defined as a “Function to be implemented by a SIS (Safety Instrumented System) which is intended to achieve or maintain a safe state for the process with respect to a specific hazardous event”
ANSI/ISA 84.01 defines a Safety Instrumented System (SIS) as: “A system composed of sensors, logic solvers, and final elements for the purpose of taking the process to a safe state when predetermined conditions are violated.”
- Every SIF has SIL assigned to it.
- The SIS itself does not have a SIL assigned to it.
- Equipment does not have a SIL assigned to it.
The SIL level determined during the SIL Classification, it is necessary to calculate the system whether it full fills these requirements.
SIL – levels and there probability of failures rates:
|Safety Integrity Level (SIL)||Average Probability of Failure on Demand||Risk Reduction|
|SIL 4||>= 10^-5 to 10^-4||>10.000 to <=100.000|
|SIL 3||>= 10^-4 to 10^-3||>1000 to <=10.000|
|SIL 2||>= 10^-3 to 10^-2||>100 to <=1000|
|SIL 1||>= 10^-2 to 10^-1||>10 to <=100|
Considered is the “low demand mode”, means failures less then one time per year.
A typical safety system consists of the following components:
Located outside or inside of WHCP, such as: Pressure Switch as sensing device, Push Button, Bypass Selector Switch, etc
- ESD Logic Relays / Logic Solver
Located inside WHCP, such as: 3 way NC valve push button with pilot, 3 way NC valve with pilot, etc.
- Final Actuator / Final element
Located outside or inside WHCP, such as 3 way valve or DHSV, MV and SSV
PFD (Probability of Failure on Demand) is the probability of failures in case of the function is required. This has to be calculated for each device in the safety loop and added together to the total rate of PFD. PFD is the product of failure rate and test interval.
PFD = l*T/2
l Failure rate of device
T Test interval
Lambda describes the failure rate of devices. It is distinguished into for values:
lSD = safe detected failures
lSU = safe undetected failures
lDD = dangerous detected failures
l DU = dangerous undetected failures
ExSILentia is an certified IEC 61508 software to do SIL lifecycle tasks such as SIL selection, Safety Requirements Specification, and SIL verification.
The exSILentia SIL verification tool (SILver) is used to help in verifying the SIL of WHCP. SILver is an analysis tool that uses Markov models during all analyses. Besides Markov model calculation technique, SILver also features the exida Safety Equipment database.
SILver has been assessed by a third party to ensure the SILver development process meets the IEC 61508 software development process requirements. The assessment report is available trough the “Help – SILver Assessment Report” menu option. This assessment report is to provide for tool use justification.
SIL CALCULATION METHOD
The calculation of SIL of WHCP is divided into four main working steps.
Define Safety Instrumented Function
IEC standard 61511 defines a safety instrumented function as a “safety function with a specified safety integrity level which is necessary to achieve functional safety. A safety instrumented function can be either a safety instrumented protection function or a safety instrumented control function”.
Refer to project document, ESD logic Diagram, ESD system is divided to some level of ESD. Each ESD system consists of sensors input, WHCP loop logic solver and final element to next ESD level or to field device actuator.
In this calculation each ESD level such as ESD 1.3, ESD 2.13, ESD 3.1X are defined as one Safety Instrumented Function (SIF).
Define Architecture of SIF
When regarding a SIF, three parts can be distinguished as above. These three parts are the sensor part, the logic solver part and final element part. The sensor part and final element part further divided into group. The voting option is attached depending on number of group i.e. 4 group sensor the voting can be 1oo4, 2oo4, 3oo4 or 4oo4.
Equipment PFD Prediction
The source of sensor/ logic solver/ final element PFDs are from SILver database and external source – OREDA database.
PFD value is used as the input of SILver to determine SIL level of WHCP Safety Instrumented Function.
After defining SIF architecture and getting PFD of each equipment, SILver will determine the SIL achieved by a Safety Instrumented Function by Markov models method and complying to IEC 61508/61511 standard