Safety Integrity Level (SIL) : System Reliability and Integrity

The performance of any equipment will not stay constant over time. 2 concepts that are used to describe equipment performance are: reliability and integrity.

Reliability reflects the quality of the equipment used and it also depends on the software (in Programmable Logic Controllers or PLCs and PCs) used as the platform to develop the control application. High reliability can be achieved by selection of well-proven, high quality components from reputable suppliers.

Integrity reflects the performance and behaviour of the system in case of a component failure - its fault tolerance. It depends mainly on design issues in areas such as the structure of the system, the hardware configuration, communication links between system elements and the quality of developed application software.

The integrity required of a safety related system depends upon the level of risk reduction claimed for the safety function to be performed. Basically, the greater the process risk, the more effective the safety system must be in order to control the risk, i.e. the higher the level of integrity required.

Safety integrity is expressed as the probability that the safety related system will satisfactorily perform the required safety function under all stated conditions within a stated period of time when required to do so (i.e. when a demand occurs).

The applicable standards include the following:

  • ISA S84.01 “Application of Safety Instrumented Systems for the Process Industries”. There are 3 SILs in this standard.
  • IEC 61508 “Functional safety of electrical/electronic/programmable electronic safety-related systems” which is in 7 parts. Parts 1, 3, 4, are published as British Standards, Part 5 is issued as an international IEC standard, and Parts 2, 6 and 7 remain in draft form. An additional level - SIL 4 - is used in this standard.

2 other related characteristics are the safety availability (SA) and risk reduction factor (RRF). For example, if a risk reduction factor of 100 is needed, a SIL of 2 is chosen as the target for the safety system. Likewise, if a safety system needs to be available for more than 99.9% of the time, a SIL of 2 is chosen.

Most major companies have also developed their own internal standards that relate safety related system integrity to required risk reduction. These standards are likely to address the design process, system configuration, and demonstration that the required risk reduction has been achieved by qualitative or quantitative analysis of the failure rate of the design. They will also have procedures to ensure that the integrity is maintained during commissioning, operation, maintenance, and modification.

Underlying philosophy

Safety integrity levels for safety related systems may be determined from the hazard and risk analysis of the equipment under control. A number of different methodologies are available, but the process includes identification of hazards and the mechanisms which can initiate them, risk estimation (likelihood of occurrence), and risk evaluation (overall risk based on likelihood and consequences). The risk estimation provides a measure of the risk reduction required to reduce the risk to a tolerable level.

Hazard identification results in the identification of safety functions that are required to control the risk. The safety functions may then be allocated to a number of different systems including E/E/PES, other technology and external measures.

For each system providing a safety function, a failure rate measure can be assigned which in turn determines the integrity required of the system. Alternatively, a qualitative approach (based on the likelihood and consequence of the hazard, and the frequency and level of exposure and avoidability) may be used to define the required integrity.