Unravelling the terminology and meaning of safety integrity level and functional safety in rotating equipment
SIL (Safety Integrity Level) is a very important safety indicator that has been extensively discussed, described and often misunderstood within the industry over the past years. The purpose of this page is to provide reliability engineers, instrumentation specialists and department managers with a practical overview of the areas where SIL and functional safety are important in their daily business life.
In the light of the International Electrotechnical Commission (IEC) and most other safety-relevant standards, a risk is strictly defined as “harm to health safety environment” (HSE). Potential economic losses resulting from process downtime are often one of the justifications for the realization of process improvements. However, there are concerns in the industry that the implementation of additional and SIL certified machinery protection may add to the nuisance trip rate. This is discussed at the end of this page.
Most safety responsible staff members have gone through a HAZOP (hazard and operability study), evaluating imposed process weaknesses, potential risks and even working out ways to improve process safety. This very systematic approach has brought huge improvements to process industry safety and is still one of the key tools. It involves going through a process, step by step, looking left and right at what can go wrong under certain, even rare, circumstances. However, accidents are not entirely avoidable and in all cases, some kind of risk remains and Unravelling the terminology and meaning of safety integrity level and functional safety in rotating equipment severe accidents still do happen. This is where IEC 61511, initially released in 1998, steps in with yet another systematic evaluation based on those imposed risks found out through the HAZOP.
IEC 61511 offers guidance to the process equipment operator, defining the SIL requirements necessary to be met by the machinery protection system of choice (also often called a safety instrumented system, or SIS). It is important to note that the end user/operator is finally responsible for this evaluation as well as for the reduction of the remaining process risks to an acceptable damage level (HSE related). IEC 61511 requirements are mandatory and to be followed by operators. In the US, ANSI/ISA84.00.01-2004 was issued in September 2004 and it primarily mirrors IEC 61511. The European standards body CENELEC has adopted the standard as EN 61511.
LOPA, risk graph and risk assessments
Commonly, detailed risk assessments applying IEC 61511 criteria on the process hazard analysis (PHA) results are performed by expert consulting companies. An often seen approach is called layers of protection analysis (LOPA) assessment. The SIL of an SIS is derived by taking into account the required risk reduction to be provided by that function. IEC 61511 notes that this is best accomplished as part of a process hazards and risk analysis (PHA) to benefit from possible synergies and the information developed. Another way to obtain an overview of the appropriate SIL is the risk graph. By following the path characterized through the four different risk parameters (occurrence probability, the extent of damage, exposure time and hazard avoidance [once damage occurs]) the appropriate SIL1 to SIL4 will result (with 4 being the highest, most stringent SIL). The example within the risk graph indicates that even under rather dramatic circumstances (unexpected death of one person) a SIL1 machinery protection system would meet the IEC 61511 requirements in this respect. The author wants to be very clear that the SIS is employed to prevent a severe HSE event and that severe harm or even the death of a person is not acceptable in any way. Every effort and technical advancement
should be employed to prevent harm and HSE in general. If an SIS is chosen to reduce the imposed process risks to the acceptable level it must meet the SIL requirement just evaluated.
IEC 61508, PFD and PTI
Vendors of SIS have to follow the guidance given under IEC 61508 when developing, testing and having them SIL certified. Stringent availability criteria must be met by each individual component employed inside an SIS. Also, every single embedded algorithm is tested,…