Question for the Expert: What does SIL mean?

The short answer is: “SIL” is an acronym for Safety Integrity Level.  The SIL is a measurement of a system’s ability to properly function when it is required to do so.  However, since this is an important concept in critical control systems, let’s take a deeper look into this subject.
IEC 61508 mandates two fundamental concepts:  safety lifecycle (engineering, manufacturing, and maintenance) and safety integrity levels (SILs).
Compliance with IEC-61508 necessitates compliance in all aspects of the development, manufacturing, and maintenance of the system.  To meet IEC 61508, the design processes (design lifecycle) used to create the product(s) must also comply with the directive.
Compliance with IEC-61511 necessitates that all elements of the system, including the sensor(s), actuator(s), logic solver(s), and the interconnecting wiring system(s) are included in the safety analysis.  Please reference Figure 1.

expert1

Figure 1:  Elements of the safety system.

The SIL level is determined by a risk assessment.  This SIL level specifies the amount of mitigation needed to reduce the risk to acceptable levels.  All processes must have a non-zero level of acceptable risk (zero risk costs infinite dollars).

The SIL level required depends greatly on the final use and location of the product.  If a catastrophic failure of a unit results in no significant damage to the environment, no significant financial impact to the customer, and no personnel death or injury, then a SIL level of 1 may be acceptable.

SIL

Dangerous Failures per Hour

4

>10-9 to 10-8

3

>10-8 to 10-7

2

>10-7 to 10-6

1

>10-6 to 10-5

0

N/A – Control Only

Table 1:  Relationship between SIL and Dangerous Failures per Hour
Often, the client has already completed a preliminary risk assessment and has determined the required SIL level for the proposed process before any equipment is purchased.

expert2

Figure 2:  Risks and Mitigations

To mitigate (reduce) risks, IEC-61511 requires independent layers of protection.  Please reference Figures 3, 4, and 5.  The SIS is an independent, dedicated safety system; “Mechanical” is a pressure relief valve (for example); and “Other” is manual intervention from the operator, etc.

figure3

Figure 3:  Example of independent layers (BPCS and SIS).
After the required SIL is determined, the processes and safety systems can be designed to meet this SIL.  The amount of risk reduction is determined mathematically, by statistical models of the systems.  Ideally, these models are based on actual documented failures in the field.  Otherwise, the models are based on standard databases of component failures.
The BPCS is only a fraction of the system and makes a partial contribution to the risk reduction.  Please see Figure 2.  Independent layers of protection (mitigation) are required to decrease risks to required levels.
When a proposed system is defined, the completed system is modeled to determine if the preventions/mitigations decrease the risk to acceptable levels.  Redundancy of the sensors, logic solver, and final elements are ways to increase the level of mitigation of each layer.  A system designer must balance between redundancy and availability and a myriad of SIS design techniques exist to achieve the required risk level.

To increase the SIL, the probability of failure on demand (PFD) of the safety system must be lowered to acceptable limits.  Please reference Table 2.

SIL

PFD Safety Availability Risk Reduction

4

0.0001 – 0.00001 0.9999 – 0.99999 10000 – 100000

3

0.001 – 0.0001 0.999 – 0.9999 1000 – 10000

2

0.01 – 0.001 0.99 – 0.999 100 – 1000

1

0.1 – 0.01 0.9 – 0.99 10 – 100

0

N/A (Control Only)

Table 2:  Relationship between SIL, PFD, Availability and risk reduction.

As you see some degree of judgment is involved in assessing the environment and the consequences of a component or system failure. The SIL requirement is typically specified by the end client.
Our Experts would be pleased to address a Controls question that you may have. Please submit your question to: experts@ucginc.com

Related documents

IEC 61508 – Functional safety:  Safety-Related Systems.
IEC 61511 – Functional safety:  Instrumented Systems for the Process Industry Sector
ISA 84 – 2004 – Functional safety:  Instrumented Systems for the Process  Industry Sector (IEC61511-1 Mod)

List of Abbreviations

BPCS:    Basic Process Control System
PFD:    Probability of failure upon demand
PLC:     Programmable Logic Controller
SIS:    Safety Instrumented System
SIL:    Safety Integrity Level (1-4)
UCG:    The United Controls Group, Inc.