1. What is SIL?

SIL stands for Safety Integrity Level. SIL is a measure of the probability of failure on demand (PFD) for safety system performance or SIF or SIS. There are four discrete integrity levels related to SIL. The higher the SIL level, the lower the probability of failure for safety system requirements and the better the system performance. It is also worth noting that as the SIL level increases, the cost and complexity of the system typically also increase.

SIL level is applicable to the entire system. Some products or components do not have SIL ratings. When using SIL level during SIF execution, it is necessary to reduce the existing intolerable process risk level to an acceptable risk range.

2. What is SIS?

SIS is a safety instrumented system. It aims to prevent or mitigate hazardous events by placing the process in a safe state when predetermined conditions are violated. SIS consists of a logic solver, sensors, and final elements. Other common terms for SIS are safety interlock system, emergency shutdown system (ESD), and safety shutdown system (SSD). SIS can be one or more Safety Instrumented Functions (SIFs).

3. What is SIF?

SIF stands for Safety Instrumented Function. SIF aims to prevent or mitigate hazardous events by elevating processes to an acceptable level of risk. SIF consists of a logic solver, sensors, and final elements. SIF has a specified SIL level, depending on the number of risks that need to be reduced. One or more SIFs contain SIS.

What does functional safety mean?

Functional safety is a term used to describe a safety system that relies on the correct functioning of logic solvers, sensors, and final elements to achieve the required level of risk reduction. When each SIF is successfully executed and the process risk is reduced to the required level, functional safety can be achieved.

Why were ANSI/ISA 84, IEC 61508, and IEC 61511 standards developed?

These standards are a natural evolution that requires more formal and quantifiable methods to reduce process risks and improve safety. In addition, especially for IEC 61508, with the development and popularization of software applications and usage, there is an increasing need to establish standards to guide system/product designers and developers in ensuring and "declaring" that their systems/products are acceptable and safe for their intended use.

When do I need SIF or SIS?

The standard philosophy states that SIS or SIF should only be implemented when there are no other non instrumental ways to fully eliminate or mitigate process risks. Specifically, ANSI/ISA-84.00.01-2004 (IEC 61511 Mod) recommends following a multidisciplinary team approach to the safety lifecycle, conducting process hazard analysis, designing various protective layers (i.e. LOPA), and ultimately implementing SIS when a hazardous event cannot be prevented or mitigated through methods other than instrumentation.

7. What is the validation testing interval?

Verification testing is a requirement of safety instrumented systems to ensure that everything is functioning properly and executing as expected. The testing must include the validation of the entire system, logic solver, sensors, and final elements. The interval is the time when the test occurs. The testing frequency varies for each SIS and depends on the technology, system architecture, and target SIL level. The validation testing interval is an important component of calculating the probability of system failure requirements.

What is Process Hazard Analysis (PHA)?

PHA is an OSHA directive used to identify safety issues and risks during the process, develop corrective measures to address safety issues, and proactively develop alternative emergency measures in the event of a safety system failure. PHA must be conducted by a diverse team with specific expertise in the analysis process. Many consulting and engineering companies also provide PHA services. The PHA method can include hypothesis analysis, hazard and operability study (HAZOP), failure mode and effects analysis (FEMA), and fault tree analysis.

 What voting configuration is required for each SIL level?

Obtaining the required SIL level depends on multiple factors. The SIL level plays an important role in determining the type of technology used, the number of system components, the number of failure point requirements (PFDs) for each component, the system architecture (such as redundancy, voting), and the validation testing interval. There is no standard answer for what voting configuration is required for each SIL level. The voting architecture must be analyzed in the context of all the factors mentioned above.

 Does the SIL rating system require additional maintenance?

The SIL solution is certainly not the most cost-effective solution to reduce process risks. Many times, implementing SIL solutions requires additional equipment, which inevitably requires more maintenance. In addition, the higher the SIL level, the more frequent the verification testing interval, which may ultimately increase the required system maintenance. That's why the standard only recommends SIL based solutions when other methods determined by LOPA cannot reduce process risks.

 Can F&G systems become SIF or SIS?

The fire and gas (F&G) system can automatically initiate process operations to prevent or mitigate hazardous events, and subsequently place the process in a safe state, which can be considered as a safety instrumented function/safety instrumented system.

However, ensuring optimal sensor placement is absolutely crucial in F&G systems. If the positions of gas/flame detectors and harmful gases are incorrect and the flame is not fully detected, SIF/SIS will not be effective.

The correct placement of sensors is more important than determining whether F&G SIF/SIS is SIL 2 or SIL 3.

What is SIL 4?

SIL 4 is the highest level of risk reduction that can be achieved through safety instrumented systems. However, in the process industry, this is not a realistic level, and currently there are almost no products/systems that support this level of safety integrity.

SIL 4 systems are typically so complex and expensive that they are not economically feasible for implementation. In addition, if a process involves so many risks that it requires a SIL 4 system to enter a safe state, then fundamentally there is a problem in the process design that needs to be addressed through process changes or other non instrumentation methods.

 13. Can a single product pass SIL certification?

may not. Some products are only suitable for SIL environments. SIL level is applicable to safety instrumented functions/safety instrumented systems.

 What type of communication bus or protocol is suitable for SIL 2 or SIL 3 systems?

The type of communication protocol applicable to SIL 2 or SIL 3 systems actually depends on the platform type being used. The options include but are not limited to: 4-20 mA output signal, ControlNet (Allen Bradley), DeviceNet Safety (Allen Bradley), SafetyNet (MTL), and PROFIsafe. At present, the ISA SP84 committee is developing guidelines for safety buses to ensure compliance with the IEC 61508 and IEC 61511 standards. The first batch of devices with a secure bus should be launched before 2008. The Fieldbus Foundation actively participates in the committee and is committed to establishing the Foundation's Fieldbus Safety Instrumented System (FFSIS) project to jointly develop safety bus specifications with suppliers and end-users.

 How to access the PFD and MTBF data of a product for a general monitor?

The universal monitor SIL certificate has PFD, SFF, and SIL numbers corresponding to each product. MTBF data can be provided through request.

 Can manufacturers declare that their products are "SIL X certified" rather than "applicable to SIL X systems"?

A single product is only suitable for SIL environments. SIL level is applicable to safety instrumented functions/safety instrumented systems.

Product certificates are issued by manufacturers (self certification) or other independent organizations to indicate that the corresponding processes have been carried out, calculations have been performed, and individual product analyses have been completed to demonstrate that they can operate in a given SIL level system.

The complete IEC 61508 certification can be applied to the manufacturer's processes. Full certification means that the manufacturer's product development process complies with the standards specified in the corresponding parts of IEC 61508 Parts 2-3 (including hardware/systems and software). Obtain comprehensive certification from the certification notification agency, ensuring that the end user is confident that the manufacturer's engineering processes have been audited, and that the electrical content, firmware, and logic of their products have been evaluated and comply with the guiding principles specified in the standards.

Very few nationally recognized institutions can issue nationally recognized certifications. Certificates issued by other consulting firms indicate that the product and/or process has been audited by an independent third party.

 Can manufacturers demonstrate that their products comply with all parts of IEC 61508, Parts 1 to 7?

IEC 61508 consists of the following parts, with the overall title of Functional Safety of Electrical/Electronic/Programmable Electronic Safety Related Systems:

Part 1: General Requirements

Part 2: Requirements for Electrical/Electronic/Programmable Electronics

Security related systems

Part 3: Software Requirements

Part 4: Definitions and Abbreviations

Part 5: Examples of Methods for Determining Security Integrity Levels

Part 6: Guidelines for Applying Parts 2 and 3

Part 7: Overview of Technologies and Measures

It is necessary to comply with Parts 1-3 in order to meet the standards. Sections 4-8 only provide information that can be used to understand and apply the standard, but do not require compliance.

Product manufacturers typically meet the requirements of Section 2 and determine through FMEDA analysis that their products are suitable for use within a given SIL level.

Companies that choose to certify their engineering processes and obtain comprehensive IEC 61508 certification will also comply with the provisions regarding software development in Section 3.

 What is the meaning of SIL X applicable, is this a valid declaration in accordance with standard IEC 61508, or can other wording be used?

SIL stands for Safety Integrity Level. SIL is a measure of the probability of failure on demand (PFD) for safety system performance or SIF or SIS. There are four discrete integrity levels related to SIL. The higher the SIL level, the lower the probability of failure for safety system requirements and the better the system performance. It is also worth noting that as the SIL level increases, the cost and complexity of the system typically also increase.

The SIL level applies to the entire system if it reduces the risk of the corresponding SIL level. Some products or components do not have SIL ratings. When using SIL level during SIF execution, it is necessary to reduce the existing intolerable process risk level to an acceptable risk range.

Meets the standards. Users should ensure that the program is executed correctly, demonstrate that testing is performed correctly, and have appropriate design, process, and program files in place. The device or system must be used as expected in order to successfully achieve the required level of risk reduction. Purchasing components suitable for SIL2 or SIL3 does not guarantee the SIL2 or SIL3 system.

Service Hotline: 18924609560 (same WeChat account)