SAFETY INTEGRITY LEVEL

UNDERSTANDING SAFETY INTEGRITY LEVELS

IEC 61508

SIL LEVELS ACCORDING IEC 61508 / IEC 61511

TOLERABLE RISKS AND ALARP (ANNEX ‘B’)

SAFETY:

SIL

PFDavg

RRF

PFDavg

Safety Integrity Level

Average probability of failure on demand per year (low demand)

Risk Reduction Factor

Average probability of failure on demand per hour (high demand)

SIL 4

≥ 10-5 and < 10-4

100000 to 10000

≥ 10-9 and < 10-8

SIL 3

≥ 10-4 and < 10-3

10000 to 1000

≥ 10-8 and < 10-7

SIL 2

≥ 10-3 and < 10-2

1000 to 100

≥ 10-7 and < 10-6

SIL 1

≥ 10-2 and < 10-1

100 to 10

≥ 10-6 and < 10-5

IEC 61511 Risk cannot be justified except in extraordinary circumstances

Intolerable Region

FREEDOM FROM UNACCEPTABLE RISK

Tolerable only if further risk reduction is impracticable or if its cost are grossly disproportional to the gained improvement. As the risk is reduced, the less proportionately, it is necessary to spend to reduce it further, to satisfy ALARP. The concept of diminishing proportion is shown by the triangle.

The ALARP or tolerability Region Risk is undertaken only if a benefit is desired

AVERAGE PROBABILITY OF FAILURE ON DEMAND (PFDAVG)

PFDavg

λ DU ×

1oo1 1oo2 1oo2D

( λDU

1

(

)

+ λ DU2

Vapor cloud explosion (BLEVE)

⎡⎣(1-β ) × ( λDU × TI) ⎤⎦ (β × λDU × TI) + 3 2

TI 3

⎡⎣ (1-β ) × ( λ DU × TI) ⎤⎦ +

)⎤⎥ × TI

2

2

⎡⎣(1-β ) × ( λ DU × TI) ⎤⎦ +

3

MEAN TIME TO FAILURE SPURIOUS

2oo2 2oo3

Actual risk reduction Partial risk covered by other technology safety-related systems

2

2

AVAILABILITY AND RELIABILITY Flash Fire

λ=

< 60% 60% - < 90% 90% - < 99% > 99% < 60% 60% - < 90% 90% - < 99% > 99%

Failures per unit time Components exposed to functional failure

A

2

2λ S × MTTR

B

B

C

1 2

6λ S × MTTR

2oo2

∑λ +

DD

+

∑λ

Hardware fault tolerance 0

∑λ DU

+

SD

+

MTTF = MTBF - MTTR =

Availability

V o t i n g

∑λ

SD

+

SU

∑λ

Hardware fault tolerance 1

TYPE A Components SIL 1 SIL 2 SIL 2 SIL 3 SIL 3 SIL 4 SIL 3 SIL 4 TYPE B Components Not allowed SIL 1 SIL 1 SIL 2 SIL 2 SIL 3 SIL 3 SIL 4

SU

∑λ = 1∑λ

= =

Jet Fire

=

Operating Time + Repair Time MTTF MTTF + MTTR

Hardware fault tolerance 2

t

Failure time

=

MTTF MTBF

=

μ μ+ λ

=

TTF

MTTR

MTBF Repair time (failure)

= Success

MTBM MTBM + MSD

λ μ

RELIABILITY

Acronyms: MTBF: Mean Time Between Failures MTTF: Mean Time To Failure MTTR: Mean Time To Repair MTBM: Mean Time Between Maintenance MSD: Expected Mean System Downtime

DU

Time

MTTF

Operating Time

TOT

AVAILABILITY

UNRELIABILITY UNAVAILABILITY

Success

Failure

MTTF

MTTR

SAFETY INTEGRITY LEVEL CALCULATION Pool Fire

Safety integrity of non-SIS prevention/ mitigation protection layers, other protection layers, and SIS matched to the necessary risk reduction

Process and process control system

SIL3 SIL 4 SIL 4 SIL 4

Necessary Risk Reduction

Consequence of Hazardous Event Process Risk

SIL2 SIL 3 SIL 4 SIL 4

Failure rates categories: λDD: dangerous detected; λDU: dangerous undetected λSD: safe detected; λSU: safe undetected

0

1 λ

Unavailability = 1- Availability =

2oo3

∑λ

Operating time

MTBF = MTTF + MTTR

SAFE FAILURE FRACTION (SFF) AND SIL LEVELS

SFF

1

Failure Rate :

1oo2

A

1

DD

Reliability

Basic Concepts:

B 1oo1

Partial risk covered by external risk reduction facilities

Risk reduction obtained by all safety-related systems and external risk reduction systems

( β × λDU × TI)

A

A

1 2λS

∑λ

Partial risk covered by E/E/PE safety-related system

1 FIT = 1 × 10-9 Failures per hour

1 λS

1oo2

Necessary risk reduction

SYSTEM ARCHITECTURES

MTTFs 1oo1

INCREASING RISK

(β × λDU × TI)

TI: Proof Test time interval Et: Test Effectiveness λDU: dangerous undetected failures

⎡⎛ TI ⎞ SL ⎤ λDU ⎢⎜ Et × ⎟ + (1-Et ) ⎥ 2⎠ 2⎦ ⎣⎝

1oo1 (Et ≠ 100%)

EUC Risk

3

TI × 2 ⎥ ⎥⎦

Tolerable Risk

⎡⎣(1-β ) × ( λ DU × TI) ⎤⎦ (β × λDU × TI) + 4 2

TI3 × 4

) ( )

Residual Risk

2

2

⎡ λ DU × λ DU + λ DU × λ DU 1 2 1 3 ⎢ ⎢+ λ DU 2 × λ DU3 ⎢⎣

(

RISK REDUCTION

-

λ DU1 × λ DU2 × λ DU3

2oo2

RISK IS NEGLIGIBLE

With common causes (Beta factor)

TI 2

λ DU1 × λ DU2 ×

1oo3

It is necessary to maintain assurance that risk remains at this level

No need for detailed working to demonstrate ALARP

Simplified equations Without common causes

2oo3

Broadly Acceptable Region

Tolerable accident frequency 1 = Frequency of accidents w ithout protections RRF

Frequency of Hazardous Event

Fireball

Non-SIS prevention / mitigation protection layers

SIS

Quantitative Method for SIL level determination As found in IEC 61508 Annex ‘C’

Other protection layers

Tolerable Risk Target

ITALY

RUSSIA

UNITED STATES OF AMERICA

G.M. INTERNATIONAL S.R.L Via San Fiorano, 70 20058 Villasanta (MI) Tel: +39 039 2325038 Fax: +39 039 2325107

Serpukhovsky Val 8, Office 10 115191 Moscow Tel: +7 495 950 5779 Fax: +7 495 952 1006

GM International Safety Inc. 17453 Village Green Drive Houston, TX 77040 Tel: +1 713 896 0777 Fax: +1 713 896 0782

[email protected] www.gmintsrl.com

[email protected] www.gminternational.ru

[email protected] www.gmisafety.com