Professional Documents
Culture Documents
61508
(IEC 615085 A
C)
SIL L
Intolerable Region
The ALARP or
tolerability region
(Risk is undertaken only if
a benefit is desired)
IEC
61511
AP
SIL
Safety
Integrity
Level
PFDavg
Average probability of
failure on demand
per year
(low demand mode)
RRF
Risk
Reduc on
Factor
PFDavg
Average probability of
failure on demand
per hour
(high demand or
con nuous mode)
SIL4
105and<104
100000to10000
109and<108
SIL3
104and<103
10000to1000
108and<107
SIL2
103and<102
1000to100
107and<106
SIL1
102and<101
100to10
106and<105
RISKIS
NEGLIGIBLE
Residual
Risk
(IEC 615085 A
A)
EUC Risk
PFDavg
1oo2
1oo2D
(IEC 615085 A
102
125
0.000400
9%
91.8 %
SIL 2
Barrier
0.00159
0.0014
0.00019
0.00318
314
629
0.000095
2%
94.0 %
SIL 3
PLC
0.00135
0.0001
0.00001
0.00146
685
741
0.000005
0.1 %
99.3 %
SIL 3
Valve
0.01370
0.0066
0.00720
0.02750
36
73
0.003602
81 %
73.8 %
SIL 2
1 DU TI
DU TI
+
3
2
Power
Supply
0.00530
0.0000
0.00070
0.00600
167
189
0.000350
7.9 %
88.3 %
SIL 3
1 DU TI
DU TI
+
4
2
Total
(SIF)
21
33
0.004452 100 %
225
SIL 2
PFD
(1
S
Risk (RNP) = FNP x C
EUC
Risk
Frequency of
Hazardous Event
FNP
FP
FNP
Frequency
Catastrophic
Cri cal
Marginal
Negligible
Frequent
I
I
I
II
III
IV
I
I
II
III
III
IV
I
II
III
III
IV
IV
II
III
III
IV
IV
IV
Remote
Improbable
Incredible
1 DU TI
DD
DD
DU TI
+
2
(IEC 615082 C
DU
SD
SD
7.4)
SU
SU
=1
DU
1)
MANUALPERIODICTESTDURATION
The dura on of a manual proof test can have a significant impact on the overall SIS performance.
In 1oo1 architectures, during the test, the system must be taken oine, and its availability is zero.
The original simplified formula is modified into:
PFDavg = DU
TI TD
+
2 TI
where TI is the proof test interval and TD the test dura on.
Note: The average probability of failure is strictly related to test interval (TI); increasing me between tests
directly leads to higher probability of failures and therefore lower SIL levels.
TO T
TYPEAComponents
Simple devices with wellknown failure modes and a solid history of opera on
Consequences
TI
DU TI
Occasional
SFF
Tolerable
Risk Target
1 DU TI +
Safetyrelated protec on
system required to achieve
necessary risk reduc on
EUC and
EUC control system
Probable
Consequence of
Hazardous Event
TI
SL
DU Et + 1 Et
2
2
1oo1
(Et100%)
D)
SIL
Level
0.00980
DU DU + DU DU
1
2
1
3
+
DU2 DU3
2oo3
SFF
TI2
%of
RRF
Total
=1/PFDavg
PFDavg
Withcommoncauses(Betafactor)
TI3
DU1 DU2 DU3
4
TI
DU1 + DU2
2
2oo2
PFDavg
1oo1
=DU/2
0.00080
TI
DU1 DU2
1oo3
Risk reduc on obtained by all safetyrelated systems and external risk reduc on systems
DU
MTBFs
=1/S
(yrs)
0.0010
Simplified equations
1oo1
MTBF
(yrs)
0.00800
Withoutcommoncauses
INCREASING RISK
S
DD
DU
peryear
peryear peryear peryear
=1/MTBF
Tx
To le ra b le a ccid e n t fre q u e n cy
1
=
Fre q u e n cy o f a ccid e n ts w ith o u t p ro te ctio n s R R F
Tolerable
Risk
Sub
system
<60%
SIL 1
SIL 2
SIL3
60%<90%
SIL 2
SIL 3
SIL 4
90%<99%
SIL 3
SIL 4
SIL 4
>99%
SIL 3
SIL 4
SIL 4
Example:
DU= 0.002 / yr; TI = 1 yr (= 8760 hrs); TD = 8 hrs
We obtain: PFDavg = 0.001 + 0.0009 = 0.0019; RRF = 1/0.0019 = 526 (suitable for SIL 2 level)
MANUALPERIODICTESTEFFECTIVENESS
The eec veness of a periodic proof test indicates the percentage of dangerous failures detected by the test.
If eec veness is lower than 100%, the proof test does not bring the probability of failure of the system back to zero
(as new), therefore PFDavg progressively increases in me.
In this case the system not always maintains the original SIL level throughout its life me.
The formula for calcula ng PFDavg when eec veness is lower than 100% is:
PFDavg = (Et DU
TYPEBComponents
Complex components with poten ally unknown failure modes
<60%
Not allowed
SIL 1
SIL2
60%<90%
SIL 1
SIL 2
SIL 3
90%<99%
SIL 2
SIL 3
SIL 4
>99%
SIL 3
SIL 4
SIL 4
where:
Et:
SL:
TI
SL
) + [(1 Et)x DU ]
2
2
TableC.1Exampleofriskclassifica onofaccidents
T S
MTTFs
1
S
1oo1
B
1oo1
1oo2
2oo2
1
2
2 S MTTR
A
A
B
B
1
6 S 2 MTTR
2oo2
V
o
t
i
n
g
Availability
Operating Time
Operating Time + Repair Time
=
=
2oo3
MTTF
MTTF + MTTR
MTTF
MTBF
1
MTTR
1
Failure me
Time
TTF
SIL 1
M TTF
MTTF
MTTR
MTBF
MTBM
Success
MTBM + MSD
Unavailability = 1 Availability =
G.M.INTERNATIONALS.R.L
Via San Fiorano, 70
20852 Villasanta (MB) ITALY
phone: +39 039 2325038
info@gmintsrl.com
www.gmintsrl.com
The following graph shows an example of PFD and PFDavg varia ons in case Tproof test is carried out once a year with 70%
eec veness: SIL 2 level is maintained only for about 4 years; the SIF then downgrades to SIL 1.
Opera ng me
1
MTTF = MTBF MTTR =
2oo3
1
2 S
DU TD
SL
)+
+ [(1 Et)x DU ]
2
TI
2
1oo2
PFDavg = (Et
Reliability
Failure Rate :
=
BasicConcepts:
A
The complete formula for calcula ng PFDavg taking bothinfluences into account is:
Repair
me
(failure)
SIL 2
Acronyms:
MTBF: Mean Time Between Failures
MTTF: Mean Time To Failure
MTTR: Mean Time To Repair
MTBM: Mean Time Between Maintenance
MSD: Expected Mean System Down me
: Failure rate
: Repair rate
SIL 3
RELIABILITY
AVAILABILITY
Success
MTTF
UNRELIABILITY
UNAVAILABILITY
Failure
MTTR
When dealing with SIFs, safety engineers should pay special a en on to the selec on of subsystems, the me interval
between periodic tests and the system architecture.
A wise choice of these three key elements is what it takes to achieve the required SIL level.
For more details on any of the subjects in this poster, refer to Safety Instrumented Systems manual by G.M. Interna onal.