Developments in SIL determination and calculation

https://doi.org/10.1016/j.ress.2018.04.028Get rights and content

Highlights

  • Various SIL determination and calculation methods were examined and compared.

  • Comparison was per criteria of relevant qualifying factors considering their pros/cons.

  • Bottom line is meeting safety requirements economically without sacrificing accuracy.

  • Proposed the FRGM to assess lower SIL ratings and complex methods on higher ones.

Abstract

Recent developments in technology and the move towards efficient utilisation of resources have inspired researchers and practitioners to come up with cost-effective approaches to Safety Integrity Level (SIL) determination and calculation as the current methods are too cumbersome and time-consuming. The bottom line is meeting the organisation's safety requirements in an economical manner regardless of methodology employed without sacrificing accuracy. This paper proposes the Funnel Risk Graph Method (FRGM) as a funnel technique to assess lower SIL ratings, whilst more complex methods can be applied on higher SILs with caution. A review of various target SIL determination and calculation methods in the life cycle of a Safety Instrumented System (SIS) is also presented and compared as per the criteria of relevant qualifying factors. The key outcome of this review is that the qualitative FRGM can be used as a funnel technique to assess lower SIL ratings whilst more complex methods are applied on higher SILs with caution.

Introduction

IEC 61508 [1] and IEC 61511 [2] are standards used to measure the SIL of a SIS in the related industries such as oil, gas, chemicals and electricity [3]. SIL is a concept that was introduced during the development of IEC 61508 [1], which is a measure of the confidence with which the system can be expected to perform its safety function. SIL is the measure that indicates the importance of Safety Instrumented Function (SIF), as described in IEC 61508-6 [4].

Fig. 1 shows the block diagram of SIS subsystems and Fig. 2 shows an example of a SIS, which generally consists of three subsystems: sensor, logic solver and final element. The sensor subsystem detects the onset of possible hazardous situations, the logic solver subsystem decides what to do by evaluating the information from the sensor subsystem, and the final element subsystem takes action through control valves, safety valves, circuit breakers, among others.

A SIF is designed to respond to a specific hazardous event and implements an action. Bringing to safe state is the task for demand mode SIFs. Continuous mode SIFs 'maintain' plant in safe state. Demand mode SIFs bring Equipment under Control (EUC) into a safe state. Each SIF is defined with a SIL according to the risk reduction level that is required from that function.

The SIL has a discrete four-level scale, where SIL 1 is the minimum safety requirement and SIL 4 is the most stringent. These levels are used to specify the safety integrity requirements for the safety functions performed by safety systems. The target SIL indicates how significant the safety requirements would be for each SIF. The actual calculated SIL indicates how reliable a SIF is in performing its safety function. There are three different approaches in SIL determination [5], i.e., qualitative, quantitative and semi quantitative. Several methods under these approaches can be used and have their advantages and disadvantages.

Functional safety refers to a SIS that implements a SIF. SIL targets must first be determined, and later verified. SIS are widely used in the process industry to protect humans, the environment, and material assets against hazardous events, such as an explosion due to high pressure or product spillage due to high tank level.

The SIS must fulfil certain safety requirements to provide a specified level of risk reduction. Many standards and guidelines have been developed, which define the SIF requirements and how the SIL should be determined and its requirements should be fulfilled. Some examples are:

  • IEC 62061 (Safety of machinery—functional safety of safety-related electrical, electronic and programmable electronic control systems, based on EN 61508),

  • ISO 13849-1 (Safety of machinery—safety-related parts of control systems. Non-technology dependent standard for control system safety of machinery),

  • EN 50129 (Railway industry specific/system safety in electronic systems),

  • EN 50495 (Safety devices related to explosion risks), NASA Safety Critical Guidelines,

  • EUROCAE ED-12B European Airborne Flight Safety Systems.

IEC 61508 [1] is the most common of these standards, which is a generic standard specifying the SIS functional safety requirements. IEC 61508 [1] also serves as the overarching standard for the development of industry-specific safety standards such as IEC 61511 [2] for the process industry, and IEC 62061 [6], [7] for machinery systems. SISs have been used for many years to perform SIF in the process industries. If a SIS is to be effectively used for a SIF, it is essential that the SIS achieves certain minimum standards and performance levels. IEC 61511 [2] standard addresses the application of a SIS in process industries. It also requires a process hazard and risk assessment to be carried out to enable the specification for a SIS to be derived.

Functional safety objectives can be implemented by Integrated Control and Safety Systems (ICSS), which are usually operating in a computer network using wired and/or wireless communication technologies. Risk managers may use a SIF together with several other risk reduction measures to control risk exposure. The target level of risk reduction for each SIF is determined to ensure that the overall risk to personnel is as low as reasonably practicable.

This paper presents a review of SIL determination and verification methods. SIL determination is the front-end engineering aspect to set the target SIL on each of a given SIF, while SIL verification is the process to ensure if the target SIL can be achieved using preferred methods. There are several calculation techniques described in the IEC 61508-7 [1] standard to verify the SIL for the systems comprised of programmable electronic and automation components. It was noted that the application of each one of these methods might be cumbersome depending on the different approaches that the analyst may take.

This paper is organised as follows: Section 2 discusses various SIL approaches, and reviews the key features of two key standards, which can be used to determine the SIL of a SIF in related industries. Section 3 presents research on SIL determination methods for selecting the required SIL for a SIF. Section 4 deals with the process of SIL calculation which is a critical part of the overall SIL verification process. Section 5 compares different SIL determination and calculation methods. Section 6 concludes the paper.

Section snippets

SIL approaches

IEC 61508 [8] is the generic approach for all safety lifecycle activities for systems comprised of Electrical and/or Electronic and/or Programmable Electronic Systems (E/E/PESs) that are designed to perform safety functions. This integrated approach has been utilised such that a rational and consistent technical policy can be developed for all electrically-based safety-related systems. The overall safety lifecycle of IEC 61508 [1] is shown in Fig. 3 [1]. IEC 61508 [8] has the following

Selective target SIL determination methods

SIL determination refers to selecting the required SIL for a SIF. It follows risk assessment when the required SIFs are defined. Qualitative and quantitative techniques can be used to evaluate the risk associated with a process. Risk assessment scores can be determined by multiplying the scores for the probability and severity values together based on Eq. (1) [9], [10]:R=P×Swhere

  • R is the risk with no safety-related systems in place,

  • P is the probability of occurrence, which includes the exposure

Techniques in SIL calculation

SIL verification plays a critical role in reliability assessment. After the target SIL has been determined, then SIL verification must take place. One of the necessary procedures of the overall safety lifecycle is the SIL calculation, which verifies whether the PFDavg of designed safety-related system meets the required failure measure. The SIL of safety-related system can be calculated reliably by quantitative analysis techniques given in IEC 61508-6 [4] or ISA-TR84.00.02 [29]. They are both

Evaluation of SIL determination methods

The risk graph method has the advantage of being less complex and more cost-effective as analysts need to consider only the four risk parameters, namely: C, consequence of the hazardous event; F, frequency of, and exposure time in, the hazardous zone; P, possibility of failing to avoid the hazardous event; and W, probability of the unwanted occurrence, to determine SIL [1]. Due to its qualitative nature, it is not as accurate as the quantitative method. The FRGM [13] has more advantages when

Discussion and conclusion

This paper has presented the FRGM as a funnel technique to assess lower SIL ratings and presented a review and comparison of other SIL determination techniques against FRGM using a well-defined criteria. The study has primarily compared the advantages and disadvantages of reviewed methods from the perspectives of complexity, accuracy and cost-effectiveness. The authors have also reviewed and compared various selected SIL calculation methodologies using a similar criteria. Past experiences of

Angelito ‘Allan’ Gabriel received the Instrumentation Technology degree from the Don Bosco Technical College, B.S. degree in computer engineering from the ICS, Pennsylvania, USA, the B.S. degree in Mechanical Engineering from the Polytechnic University of the Philippines and the M.B.A. degree (Honours with distinction) from the Ateneo Graduate Schools of Business, Philippines, in 2003. He is now pursuing the Ph.D. degree at Victoria University, Australia and University of Western Australia. His

References (66)

  • Y.D. Shu et al.

    A simplified Markov-based approach for safety integrity level verification

    J Loss Prev Process Ind

    (2014)
  • L. Beckman

    Expanding the applicability of ISA TR84.02 in the field

    ISA Trans

    (2000)
  • A. Baghaei

    3-Parameters SPW technique: a new method for evaluation of target safety integrity level

    J Loss Prev Process Ind

    (2013)
  • B. Cai et al.

    A multiphase dynamic Bayesian networks methodology for the determination of safety integrity levels

    Reliab Eng Syst Saf

    (2016)
  • H. Jahanian et al.

    SIL determination as a utility-based decision process

    Process Saf Environ Prot

    (2016)
  • H. Jahanian

    Optimization, a rational approach to SIL determination

    Process Saf Environ Prot

    (2017)
  • P. Stavrianidis et al.

    Performance-based standards: safety instrumented functions and safety integrity levels

    J Hazard Mater

    (2000)
  • W. Mechri et al.

    Switching Markov chains for a holistic modeling of SIS unavailability

    Reliab Eng Syst Saf

    (2015)
  • Y. Langeron et al.

    Combination of safety integrity levels (SILs): A study of IEC61508 merging rules

    J Loss Prev Process Ind

    (2008)
  • Y. Liu et al.

    Reliability assessment of safety instrumented systems subject to different demand modes

    J Loss Prev Process Ind

    (2011)
  • H. Jahanian

    Generalizing PFD formulas of IEC 61508 for KooN configurations

    ISA Trans

    (2015)
  • T. Zhang et al.

    Availability of systems with self-diagnostic components—applying Markov model to IEC 61508-6

    Reliab Eng Syst Saf

    (2003)
  • A.C. Torres-Echeverría et al.

    Modeling safety instrumented systems with MooN voting architectures addressing system reconfiguration for testing

    Reliab Eng Syst Saf

    (2011)
  • H. Jin et al.

    Reliability of safety-instrumented systems subject to partial testing and common-cause failures

    Reliab Eng Syst Saf

    (2014)
  • J.K. Vaurio

    Unavailability equations for K-out-of-N systems

    Reliab Eng Syst Saf

    (2011)
  • L. Ding et al.

    A novel method for SIL verification based on system degradation using reliability block diagram

    Reliab Eng Syst Saf

    (2014)
  • R. Ouache et al.

    A reliability model for safety instrumented system

    Saf Sci

    (2015)
  • Y. Dutuit et al.

    Probabilistic assessments in relationship with safety integrity levels by using fault trees

    Reliab Eng Syst Saf

    (2008)
  • M. Chebila et al.

    Generalized analytical expressions for safety instrumented systems' performance measures: PFDavg and PFH

    J Loss Prev Process Ind

    (2015)
  • F. Innal et al.

    Safety and operational integrity evaluation and design optimization of safety instrumented systems

    Reliab Eng Syst Saf

    (2015)
  • H. Guo et al.

    Automatic creation of Markov models for reliability assessment of safety instrumented systems

    Reliab Eng Syst Saf

    (2008)
  • H. Jin et al.

    Reliability performance of safety instrumented systems: a common approach for both low- and high-demand mode of operation

    Reliab Eng Syst Saf

    (2011)
  • S. Verlinden et al.

    Hybrid reliability model for nuclear reactor safety system

    Reliab Eng Syst Saf

    (2012)
  • Cited by (0)

    Angelito ‘Allan’ Gabriel received the Instrumentation Technology degree from the Don Bosco Technical College, B.S. degree in computer engineering from the ICS, Pennsylvania, USA, the B.S. degree in Mechanical Engineering from the Polytechnic University of the Philippines and the M.B.A. degree (Honours with distinction) from the Ateneo Graduate Schools of Business, Philippines, in 2003. He is now pursuing the Ph.D. degree at Victoria University, Australia and University of Western Australia. His research interests include control systems, safety instrumented systems, cyber security and process control networks. He is a fellow and a Chartered Professional Engineer of the Institution of Engineers Australia, TUV Functional Safety Engineer from Rheinland, Germany, IEEE member and a Senior Member of ISA.

    Cagil Ozansoy received his Bachelor of Engineering degree in Electrical and Electronic Engineering (Honours) and the Ph.D. research degree in power system communications from Victoria University, Melbourne, Australia, in 2002 and 2006, respectively. He is now working as a Senior Lecturer and Researcher in the College of Engineering and Science, Victoria University. His major teaching and research focus is in power systems protection and communications, and distributed generation. He has over 50 publications detailing his work and contributions to knowledge.

    Juan Shi received the Bachelor of Engineering (Honours) in Electrical Engineering from Northeastern University, China in 1988 and PhD degree in Electrical Engineering from Victoria University (VU), Melbourne, Australia, in 1995. Dr Shi received the Graduate Certificate in Tertiary Education from VU in 2003. She joined VU as a Lecturer in 1994, where she is currently an Associate Professor in the College of Engineering and Science. Her current research interests include automatic control and applications, power system stability, intelligent control and applications to smart energy, systems identification, and engineering education.

    View full text