SIL - Safety Classification
SIL - Safety Classification
SIL - Safety Classification
1
1. Functional Safety
2. SIL Classification
2
Functional Safety
3
Functional Safety
Context
Functional Safety
is improved by implementing a so called
SIS (Safety Instrumented System)
including necessary numbers of
SIF’s (Safety Instrumented Functions)
Risk Assessment
of the plant defines the
SIL (Safety Integrity Level)
of each SIF.
4
Functional Safety
Applicable
Safety Standard
5
Functional Safety
z The standards define four Safety Integrity Levels, SIL 1 to SIL 4, where SIL 4 is the
highest safety level
6
Functional Safety
Valve
Steam entry
Temperature measurement
Pt100 sensor with IPAQ C520
Steam exit
7
Functional Safety
SIF with three major parts: Sensor, Logic solver and Final element:
8
Functional Safety
Risk Assessment
Prior to designing and calculating the safety function (SIF), the so-called SIL assessment has to be performed, i.e.
the safety level (e.g. SIL 2), with which the safety function (SIF) must comply, has to be determined.
In IEC 61508 the following risk graph is used for this purpose:
Extent of damages
- - - S1
z S1: Minor injuries of a person; minor harmful
G1
- SIL1 SIL1 influences on the environment
G2 A1 z S2: Serious, irreversible injuries of one or more
SIL1 SIL1 SIL2 persons or death of a person; temporary major
S2
G1
harmful influences on the environment
SIL1 SIL2 SIL2 Starting point of risk
assessment z S3: Death of several persons; lasting major
G2 A2 harmful influences on the environment
SIL2 SIL2 SIL3
z S4: Catastrophic effects, many dead persons
SIL2 SIL3 SIL3 A1 How often/long do persons stay
S3
z A1: Seldom to once in a while
SIL3 SIL3 SIL4
A2 z A2: Frequently to permanently
SIL3 SIL4 -* S4
Risk avoidance
W1 W2 W3 z G1: Possible under special conditions
very low low relatively high
z G2: Hardly possible
Probability of occurence
(W1,W2,W3)
2. SIL Classification
10
SIL Classification
A given hardware is analyzed to evaluate its suitability for a specific application. Together with
the investigation of the mechanical / electromechanical components this allows to define the
device’s failure rates needed for SIL determination.
Basically, three parameters resulting from FMEDA are used for SIL classification of the device:
11
SIL Classification
Through proved operation as well as different safety requirements the value of the HFT can be
increased by ‘1‘ according to IEC 61511
12
SIL Classification
This value represents the fraction of safe device failures. An SFF of 85 % means that 85 out of
100 device failures do not affect the safety function of the device.
The SFF is used together with the HFT to determine the safety level in which the device may
be used under consideration of these two values:
13
SIL Classification
The PFDAVG indicates the probability of failure of a safety function (SIF) or a device,
referred to a certain time interval called Proof Test Interval, T[Proof]
E.g.: PFDAVG = 3.35 x 10-4 with T[Proof] = 1 year means that the safety function or the
device fails with a probability of 0.000335 within one year.
The following table shows which PFDAVG is assigned to which SIL for a complete SIF:
PFDAV SIL
14
SIL Classification
15
SIL Classification
SIL classification based on SFF: SIL classification based on PFD: Common requirements:
HFT
PFD AVG SIL z CE Declaration of
SFF 0 1 2 Conformity
< 60 % - SIL1 SIL2 < 3.5*10-3
z Safety Manual
SIL2
(35 % of the PFDAVG for a z Product documentation
SIL 2 classified SIF)
60-90 % SIL1 SIL2 SIL3 z FMEDA test
IPAQ C520S
18