SAFETY INTEGRITY LEVEL (SIL)
Introduction to Safety Integrity Levels
Safety instrumented systems (SIS) are used to provide safe control functions for processes, e.g. emergency shutdown (ESD), fire detection and blowdown functions. SIS typically are composed of sensors, logic solvers and final control elements. Due to the critical nature of such systems, OSHA recognizes compliance with the standard ANSI/ISA S84.01 – Application of SIS for the Process Industries – as a good engineering practice for safety instrumented systems. This is a consensus standard for the application of SIS for the process industries, which is based on international standards from the International Electrotechnical Commission (IEC).
One of the standards is IEC 61508, Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems, Parts 1-7, 1998. It is an umbrella standard applicable to all industries. IEC is in the process of developing a process-industry-specific version of IEC 61508 based on ANSI/ISA S84.01 i.e. IEC 61511, Functional SIS for the Process Industry Sector. Part 1 of the standard, IEC 61511-1 (Ed. 1.0) “Framework, definitions, systems, hardware and software requirements” is now available from IEC. Part 2 of the standard, IEC 61511-2 (Ed. 1.0) “Guidelines in the application of Part 1” will be published shortly and Part 3, IEC 61511-3 (Ed. 1.0) “Guidance for the determination of safety integrity levels” is scheduled to appear in June 2003.
What is a SIL?
A SIL is a statistical representation of the reliability of the SIS when a process demand occurs. It is used in both ANSI/ISA-S84.01 and IEC 61508 to measure the reliability of SIS. Both ISA and IEC have agreed that there are three categories: SILs 1, 2 and 3. IEC also includes an additional level, SIL 4, that ISA does not. The higher the SIL is, the more reliable or effective the system is.
SILs are correlated to the probability of failure of demand (PFD), which is equivalent to the unavailability of a system at the time of a process demand.
What is Target SIL?
ANSI/ISA S84.01 and IEC 61508 require that companies assign a target SIL for any new or retrofitted SIS. The assignment of the target SIL is a decision requiring the extension of the Process Hazards Analysis (PHA). The assignment is based on the amount of risk reduction that is necessary to mitigate the risk associated with the process to an acceptable level. All of the SIS design, operation and maintenance choices must then be verified against the target SIL.
Standards and Regulations relating to SIL Analysis
- ANSI/ISA-SP-84.01, “Application of Safety Instrumented Systems for the Process Industries,” Instrument Society of America Standards and Practices, 1996.
- IEC-61508,”Functional Safety: Safety Related Systems,” International Electrotechnical Commission,Technical Committee (1998).
- IEC-61511, “Functional Safety: Safety Instrumented Systems for the process industry sector”, International Electrotechnical Commission, Technical Committee (Draft).
- “Programmable Electronic Systems in Safety Related Applications”, Health and Safety Executive, U.K., 1987.
- 29 CFR Part 1910, “Process Safety Management of Highly Hazardous Chemicals; Explosives and Blasting Agents”, Occupational Safety and Health Administration, 1992.
When should you use SIL?
ANSI S84.04 requires that companies assign a target SIL for all SIS. As well, after a PHA study, the study team may determine that certain critical systems require that a SIL be assigned. The assignment of the target SIL is a decision requiring the extension of the Process Hazards Analysis (PHA). The assignment is based on the amount of risk reduction that is necessary to mitigate the risk associated with the process to an acceptable level. All of the SIS design, operation and maintenance choices must then be verified against the target SIL.
The first step for assignment of Target SIL is to use your (updated) PHA’s or conduct new PHA’s to screen for the hazards. HAZOP is most commonly used methodology. If the risk is unacceptable then it is reduced or eliminated using non-SIS or SIS elements. You consider SIS only after all the non-SIS protection layers have been considered. HAZOP’s identify risks in terms of the likelihood and the severity of the hazards. Target SILs are assigned to SIF’s of the SIS identified in the PHA studies. Various methodologies are available for assignment of target SILs. As in the case with PHA studies, the assignment of Target SILs must involve people with the relevant expertise and experience. Methodologies used for determining SILs include, but are not limited to:
- Consequence only
- Risk Graph
- Layered Risk Matrix
- Risk matrix
- Layer of protection
- Fault tree analysis