Safety Integrity Level - Wikipedia, the free encyclopedia Page 1 of 4

Safety Integrity Level

From Wikipedia, the free encyclopedia

Safety Integrity Level (SIL) is defined as a relative level of risk-reduction provided by a safety
function, or to specify a target level of risk reduction. In simple terms, SIL is a measurement of
performance required for a Safety Instrumented Function (SIF).

The requirements for a given SIL are not consistent among all of the functional safety standards. In
the European Functional Safety standards based on the IEC 61508 standard four SILs are defined,
with SIL 4 being the most dependable and SIL 1 being the least. A SIL is determined based on a
number of quantitative factors in combination with qualitative factors such as development process
and safety life cycle management.

Contents
■ 1 SIL Assignment
■ 2 Problems with the use of SIL
■ 3 Advantages for Managers
■ 4 Certification to a Safety Integrity Level
■ 5 SIL in Safety Standards
■ 6 See also
■ 7 References
■ 8 Textbooks
■ 9 External links

SIL Assignment
There are several methods used to assign a SIL. These are normally used in combination, and may
include:

■ Risk Matrices
■ Risk Graphs
■ Layers Of Protection Analysis (LOPA)

The assignment may be tested using both pragmatic and controllability approaches, applying
guidance on SIL assignment published by the UK HSE.[1] SIL assignment processes that use the
HSE guidance to ratify assignments developed from Risk Matrices have been certified to meet IEC
EN 61508

Problems with the use of SIL

There are several problems inherent in the use of Safety Integrity Levels. These can be summarized
as follows:

■ Poor harmonization of definition across the different standards bodies which utilize SIL
■ Process-oriented metrics for derivation of SIL
■ Estimation of SIL based on reliability estimates
■ System complexity, particularly in software systems, making SIL estimation difficult to
impossible

http://en.wikipedia.org/wiki/Safety_Integrity_Level 01-Aug-12
Safety Integrity Level - Wikipedia, the free encyclopedia Page 2 of 4

These lead to such erroneous statements as, "This system is a SIL N system because the process
adopted during its development was the standard process for the development of a SIL N system", or
use of the SIL concept out of context such as, "This is a SIL 3 heat exchanger" or "This software is
SIL 2". According to IEC 61508, the SIL concept must be related to the dangerous failure rate of a
system, not just its failure rate or the failure rate of a component part, such as the software.
Definition of the dangerous failure modes by safety analysis is intrinsic to the proper determination
of the failure rate.[2]

SIL is for electrical controls only and does not relate directly to the caT architecture in EN 62061. It
appears to be a precursor to PL ratings that are now the new requirements which encompass
hydraulic and pneumatic valves.[citation needed]

Advantages for Managers

Because SIL has a simple number scheme to represent its levels (1-4), a high-level understanding of
each level is typically all that is necessary to convey SIL at management levels. This saves
management from having to understand the technical aspects of SIL, while allowing them to discuss
their concerns.

Certification to a Safety Integrity Level

The International Electrotechnical Commission's (IEC) standard IEC 61508, now IEC EN 61508,
defines SIL using requirements grouped into two broad categories: hardware safety integrity and
systematic safety integrity. A device or system must meet the requirements for both categories to
achieve a given SIL.

The SIL requirements for hardware safety integrity are based on a probabilistic analysis of the
device. To achieve a given SIL, the device must meet targets for the maximum probability of
dangerous failure and a minimum Safe Failure Fraction. The concept of 'dangerous failure' must be
rigorously defined for the system in question, normally in the form of requirement constraints whose
integrity is verified throughout system development. The actual targets required vary depending on
the likelihood of a demand, the complexity of the device(s), and types of redundancy used.

PFD (Probability of Failure on Demand) and RRF (Risk Reduction Factor) of low demand operation
for different SILs as defined in IEC EN 61508 are as follows:

SIL PFD PFD (power) RRF

1 0.1-0.01 10−1 - 10−2 10-100
2 0.01-0.001 10−2 - 10−3 100-1000
3 0.001-0.0001 10−3 - 10−4 1000-10,000
4 0.0001-0.00001 10−4 - 10−5 10,000-100,000

For continuous operation, these change to the following. (Probability of Failure per Hour)

http://en.wikipedia.org/wiki/Safety_Integrity_Level 01-Aug-12
Safety Integrity Level - Wikipedia, the free encyclopedia Page 3 of 4

SIL PFH PFH (power) RRF

1 0.00001-0.000001 10−5 - 10−6 100,000-1,000,000
2 0.000001-0.0000001 10−6 - 10−7 1,000,000-10,000,000
3 0.0000001-0.00000001 10−7 - 10−8 10,000,000-100,000,000
4 0.00000001-0.000000001 10−8 - 10−9 100,000,000-1,000,000,000

Hazards of a control system must be identified then analysed through risk analysis. Mitigation of
these risks continues until their overall contribution to the hazard are considered acceptable. The
tolerable level of these risks is specified as a safety requirement in the form of a target 'probability of
a dangerous failure' in a given period of time, stated as a discrete SIL level.

Certification schemes are used to establish whether a device meets a particular SIL.[3] The
requirements of these schemes can be met either by establishing a rigorous development process, or
by establishing that the device has sufficient operating history to argue that it has been proven in use.

Electric and electronic devices can be certified for use in Functional Safety applications according to
IEC 61508, providing application developers the evidence required to demonstrate that the
application including the device is also compliant. IEC 61511 is an application-specific adaptation of
IEC 61508 for the Process Industry sector. This standard is used in the petrochemical and hazardous
chemical industries, among others.

SIL in Safety Standards

The following standards use SIL as a measure of reliability and/or risk reduction.

■ ANSI/ISA S84 (Functional safety of safety instrumented systems for the process industry
sector)
■ IEC EN 61508 (Functional safety of electrical/electronic/programmable electronic safety
related systems)
■ IEC 61511 (Safety instrumented systems for the process industry sector)
■ IEC 62061 (Safety of machinery)
■ EN 50128 (Railway applications - Software for railway control and protection)
■ EN 50129 (Railway applications - Safety related electronic systems for signalling
■ EN 50402 (Fixed gas detection systems)
■ MISRA, various (Guidelines for safety analysis, modelling, and programming in automotive
applications)
■ Defence Standard 00-56 Issue 2 - accident consequence

The use of a SIL in specific safety standards may apply different number sequences or definitions to
those in IEC EN 61508.[4]

See also
■ ALARP
■ Spurious trip level
■ HIPPS

All the major components of HIPPS system shall be SIL-3 Approved.

There is a whole family of C-level standards based more or less on IEC 61508 that also uses SIL,
e.g., 62061, 26262.

http://en.wikipedia.org/wiki/Safety_Integrity_Level 01-Aug-12
Safety Integrity Level - Wikipedia, the free encyclopedia Page 4 of 4

References
1. ^ M. Charlwood, S Turner and N. Worsell, UK Health and Safety Executive Research Report 216, “A
methodology for the assignment of safety integrity levels (SILs) to safety-related control functions
implemented by safety-related electrical, electronic and programmable electronic control systems of
machines”, 2004. ISBN 0-7176-2832-9
2. ^ F. Redmill, "Understanding the Use, Misuse, and Abuse of SILs"
http://www.csr.ncl.ac.uk/FELIX_Web/3A.SILs.pdf with capture date of 11th October 2010
3. ^ CASS Scheme, Conformity Assessment of Safety Systems, http://www.cass.uk.net/
4. ^ F. Redmill, "Understanding the Use, Misuse, and Abuse of SILs"
http://www.csr.ncl.ac.uk/FELIX_Web/3A.SILs.pdf with capture dates of 9th July 2010 and 11 October
2010

Textbooks
D. Smith, K. Simpson, "Safety Critical Systems Handbook - A Straightforward Guide to Functional
Safety, IEC 61508 (2010 Edition) and Related Standards" (3rd Edition, ISBN 978-0-08-096781-3,
270 Pages).

M. Punch, "Functional Safety for the Mining Industry – An Integrated Approach Using AS(IEC)
61508, AS(IEC)62061 and AS4024.1." (1st Edition, ISBN 978-0-9807660-0-4, in A4 paperback,
150 pages). www.marcuspunch.com (http://www.marcuspunch.com)

External links
■ Safety Users Group (http://www.safetyusersgroup.com) Functional Safety-Information
Resources
■ Inside Functional Safety (http://www.insidefunctionalsafety.com) Technical magazine
focusing on functional safety
■ 61508.org (http://www.61508.org) The 61508 Association
■ IEC Safety Zone (http://www.iec.ch/functionalsafety) The IEC Functional safety zone
■ Functional Safety, A Basic Guide
(http://www.ida.liu.se/~snt/teaching/SCRTS/IEC61508_Guide.pdf) Functional Safety and IEC
61508: A basic guide
■ SIL Made Simple (http://docs.google.com/viewer?
a=v&pid=explorer&chrome=true&srcid=0B5PSPJfG9S5kMzhhZDM4YjMtYjhhMC00NDZhL
- White Paper presented at Valve World 2010

Retrieved from "http://en.wikipedia.org/w/index.php?

title=Safety_Integrity_Level&oldid=503427163"
Categories: Safety Risk

■ This page was last modified on 21 July 2012 at 12:07.

■ Text is available under the Creative Commons Attribution-ShareAlike License; additional
terms may apply. See Terms of use for details.
Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc., a non-profit
organization.

http://en.wikipedia.org/wiki/Safety_Integrity_Level 01-Aug-12