Definition of Safety Integrity Levels
SIL stands for Safety Integrity Level and indicates the safety level on a device. The standards set out four safety integrity levels for minimising the risks of equipment. For example, a safety function designed in accordance with SIL 1 reduces the plant risk by a factor of 10-100, a function designed in accordance with SIL 2 reduces the plant risk by a factor of 100 – 1000, etc
A safety function (SIS – Safety Integrated Function) as per IEC 61508 essentially consists of three components:
sensor technology that has to identify a critical state in a plant component
(e.g. pressure or temperature sensors to identify overpressure or a critical temperature).
a safety system, which uses the sensor technology to identify and assess the critical plant state, and if necessary trigger safety measures to render the plant safe.
actuator technology which allows the plant to achieve a safe state
(e.g. gates to shut down plant components, or shut-off valves to stop the flow of material).
Criteria for the design of safety functions
The safety integrity level is defined by the plant operator in a risk assessment (HAZOP). Two criteria must be fulfilled for the safety function to be configured properly (e.g. as per SIL 2):
a maximum failure probability (PFD) of the entire safety loop must be achieved. To this end, the PFD values of the sensor technology, the safety system and the final elements are calculated individually and added together.
For example: the overall failure probability of an SIL 2 safety device must not exceed 0.01 per year, i.e. mathematically the safety functions must fail less than every 100 years.
The second criterion is known as the structural constraint, calculated from the hardware fault tolerance (HFT) and the safe failure fraction (SFF) of the devices. This structural fitness is always stated by device and system manufacturers in the safety manual.
What the SIL logos mean
This means that the hardware of the field instrument is certified in SIL 2, whereas the software is certified in SIL 3. Thus these devices can be used in a single channel (1oo1) in SIL 2 and in two channels (1oo2) in SIL 3 applications.