This document discusses safety integrity levels (SILs) which are assigned based on a risk assessment of industrial safety systems. SILs range from 0 to 4, with 4 being the highest level of safety integrity. The document outlines factors that determine a system's SIL such as the number and effectiveness of safety measures implemented. It also discusses challenges in applying SILs such as over-allocating the highest SIL 4 which can be expensive. The document concludes that agreed risk acceptance levels should be used and lower SILs may be sufficient rather than always defaulting to the highest SIL 4 level.
3. 1. Introduction
• Industrial safety in pre-digital era focused
mainly around:
– safe work practices,
– hazardous materials control, and
– the protective “armouring” of personnel and
equipment (PPE and machine guarding)
3
4. Introduction
• Today, safety penetrates far deeper into more
complex manufacturing infrastructures,
extending its protective influence all the way
to a company’s bottom line.
• Contemporary safety systems reduce risk with
operational advancements that improve
reliability, productivity and profitability as
well.
4
6. Introduction
• What is a Risky System?
• It is a system with an unacceptable
combination of:
• probability of occurrence of harm
and
• the severity of that harm.
6
8. Assess risk and mitigate it
• The risk assessment should be followed by the
assignment of Safety Integrity Levels (SILs)
8
9. 2. Safety Integrity
• It is the ability of a safety function to continue
to be effective in spite of deterioration of its
implementation
9
10. Safety Integrity
• Things can go wrong, so we need additional functionality
– Safety functions to reduce the risks (redundancy)
• Safety functions can have varied implementation measures
• active functionality
• design properties
• administrative measures
• any combination of the above
Safety functions help in reducing the risks.
Failure of part of the implementation does not mean total loss
of the safety function. (Example: Failure of one solenoid out
of 3 in series does not affect the system.)
10
11. 3. Safety Integrity Levels
• The degree or level of Safety Integrity is determined by:
• the number of safety measures implemented
• how effective they are
• how vulnerable they are
• how independent they are
• … and so on.
• Many different degrees of safety integrity, grouped into 5
levels (0–4):
• SIL 0 = no safety integrity at all
• ...
• SIL 4 = highest possible safety integrity level
• For "important" safety functions, a high SIL will be needed.
• Safety Integrity Levels depend on Risk Acceptability.
11
12. Safety Integrity Level (SIL)
12
SIL Inference Risk
Reduction
Availability
(%) *
4 (Highest Safety
Integrity Level) 10-4 to 10-5 10,000 to 100,000 99.99 to 99.999
3 10-3 to 10-4 1,000 to 10,000 99.9 to 99.99
2 10-2 to 10-3 100 to 1,000 99 to 99.9
1 10-1 to 10-2 10 to 100 90 to 99
0 (No safety
integrity level at all) < 10-1 < 10 < 90
* Likelihood (%) that failure would not occur.
13. 4. Risk Acceptability
ALARP (As Low As Reasonably Practicable)
Risk shall be brought as low as reasonably practicable.
3 Risk Zones: (1) unacceptable, (2) acceptable, (3) negligible
Assumes that we know where the acceptable limit is.
‘GAMAB’
"Globalement Au Moins Aussi Bon“ (Any modification shall leave a system globally at
least as good as it was.)
Allows for redistribution of risks.
Assumes current level is already acceptable.
MEM (Minimum Endogenous* Mortality)
Starts with the lowest technological mortality rate in the population
A new system should not increase that mortality rate significantly.
Assumes that the current mortality rate is acceptable.
*Endogenous mortality = Mortality due to genetic constitution of the individual.
Exogenous mortality = Mortality due to external causes such as an infectious
disease or accidental injury
13
14. 5. Allocating SILs
• Determine risks
• Determine acceptable risk levels
• Identify safety functions
• Based on risk acceptance level, determine safety
integrity level for each safety function
• Identify implementation measures for each safety
function
• Based on the safety integrity level for each function,
determine tolerable failure rates for each
implementation measure
• OR, JUST DEMAND SIL 4 BY DEFAULT!?
14
15. 6. Problems
– SIL 4 is VERY EXPENSIVE.
– Systems that have been working satisfactorily
don't necessarily fulfill SIL 4 requirements.
• So, think: Do we always need SIL 4?
– The relationship between failure rates and SILs is
often misunderstood:
• SILs depend on failure rates of safety functions and
not on failure rates of equipment.
– Risk acceptability is controversial.
15
16. 7. Conclusions
Agreed methods for determining acceptable risk levels
must be determined
Demanding the highest safety integrity level by default
can be uneconomic decision.
• A proper analysis could show that a lower safety integrity
level is sufficient.
Non-technical measures for implementing safety
functions must be included in the analyses
Apply the standards correctly:
• Perform risk acceptability analyses first
• Next, identify the safety functions
• Then allocate SILs.
* * * * * 16