|
Process Safety: SIL-based Systems
Electrical, Electronic or Programmable Electronic (E/E/PE)
equipment can be used as part of a Safety Related System to improve
operational or process safety.
However, a Safety Related System is more than just E/E/PE
equipment. It is the combination
of hardware, electronics, software, people and the reactions and
interactions of each in the event of abnormal operating conditions, that
is required to maintain process safety.
When specifying a Safety Related System, there are two elements to
consider:
•
Safety Function:
the specific task(s) that the system needs to perform, i.e. what
it does.
•
Safety Integrity Level (SIL): the reliability of the system and its
ability to implement the actions required to perform its Safety Function,
i.e. how well it does it.
Determining the Safety Function is a matter of conducting
a hazard analysis to identify the hazards that exist and the accident
scenarios that could potentially arise.
It is then possible to identify appropriate control measures to
prevent such an accident from occurring.
Determining the required Safety Integrity Levels (SILs) is a matter
of assessing the risk associated with a scenario, i.e. determining how
likely the accident is to occur and how bad it would be if it did occur. There are four SILs defined in the
relevant IEC standard1, as follows.
|
SIL
Rating
|
Low
Demand Mode: Probability of Failure on Demand (PFD)
|
High
Demand Mode: Failures per Hour
|
|
1
|
10-5 to 10-4
|
10-9 to 10-8
|
|
2
|
10-4 to 10-3
|
10-8 to 10-7
|
|
3
|
10-3 to 10-2
|
10-7 to 10-6
|
|
4
|
10-2 to 10-1
|
10-6 to 10-5
|
It is important to note that SIL ratings apply to entire
systems, including any human intervention required for systems to work, and
not just to the individual products or components in systems.
This concept is best illustrated by example. Consider overfill protection on a
storage tank: the Safety Function
for the system is as follows:
•
It should be able to detect when the liquid level exceeds
a certain threshold;
•
It should be able to activate an alarm;
•
It should be able to shut down the transfer to the tank
(this shut down could either be done automatically or by operator
intervention) before any loss of containment occurs.
The SIL rating that would be required for such a system
will depend on how likely an incident involving abnormal operating
conditions is to occur (how often the safety related system is expected
to be called upon) and on how significant the consequences, to people
and/or to the environment, would be if the incident did occur.
SIL-based systems can often be used to provide the required degree of
additional protection when process risk cannot be reduced by other means. However, they are just one way of
decreasing process risk and they may not always be the most
cost-effective solutions available.
They typically require increased levels of monitoring, control,
maintenance and testing to ensure that the equipment functions properly.
If you are
interested in the content of this article, and would like to discuss it
further, please contact Mr. Tom Leonard on +353-1-474 1533
or email Tom.Leonard@boc.ie.
_______
1. IEC 61508 “Functional
safety of electrical / electronic / programmable electronic
safety-related systems”
|
