IEC UNDERSTANDING IEC

61508 SAFETY INTEGRITY LEVELS 61511

SIL LEVELS ACCORDING IEC 61508 / IEC 61511 TOLERABLE RISKS AND ALARP (ANNEX ‘B’)
SIL PFDavg RRF PFDavg SAFETY: Intolerable Region Risk cannot be justified except
Safety Average probability of Risk Average probability of in extraordinary circumstances
Integrity
Level
failure on
demand per year
Reduction
Factor
failure on
demand per hour
FREEDOM FROM
(low demand) (high demand)
UNACCEPTABLE Tolerable only if further
SIL 4 ≥ 10-5 and < 10-4 100000 to 10000 ≥ 10-9 and < 10-8 risk reduction
RISK The ALARP or
is impracticable or if its cost are
SIL 3 ≥ 10-4 and < 10-3 10000 to 1000 ≥ 10-8 and < 10-7
tolerability Region
grossly disproportional to the gained
improvement.
As the risk is reduced, the less
SIL 2 ≥ 10-3 and < 10-2 1000 to 100 ≥ 10-7 and < 10-6
Risk is undertaken only if proportionately, it is necessary to
a benefit is desired spend to reduce it further,
SIL 1 ≥ 10-2 and < 10-1 100 to 10 ≥ 10-6 and < 10-5
to satisfy ALARP.
The concept of diminishing
AVERAGE PROBABILITY OF FAILURE ON DEMAND (PFDAVG) proportion is shown by the triangle.
Broadly Acceptable It is necessary to maintain
Tolerable accident frequency 1 Region assurance that risk remains
= at this level
Frequency of accidents w ithout protections RRF
PFDavg Simplified equations
No need for detailed working
to demonstrate ALARP RISK IS
NEGLIGIBLE
Without common causes With common causes (Beta factor)

TI RISK REDUCTION
1oo1 λ DU × -
2
Vapor cloud explosion (BLEVE) Residual Tolerable EUC Risk
2 Risk Risk
1oo2 TI2
⎡⎣(1-β ) × ( λDU × TI) ⎤⎦ (β × λDU × TI)
λ DU1 × λ DU2 × +
1oo2D 3 3 2 INCREASING RISK
3
TI3 ⎡⎣(1-β ) × ( λ DU × TI) ⎤⎦ (β × λDU × TI)
Necessary risk reduction
1oo3 λ DU1 × λ DU2 × λ DU3 × +
4 4 2 Actual risk reduction

Partial risk covered by Partial risk covered by Partial risk covered by

TI (β × λDU × TI)
( λDU )
other technology E/E/PE external risk
2oo2 + λ DU2 × ⎡⎣ (1-β ) × ( λ DU × TI) ⎤⎦ + safety-related systems safety-related system reduction facilities
1
2 2

( ) (
⎡ λ DU × λ DU + λ DU × λ DU
⎢
)⎤⎥ × TI
2
2 ( β × λDU × TI)
Risk reduction obtained by all safety-related systems and external risk reduction systems

⎡⎣(1-β ) × ( λ DU × TI) ⎤⎦ +
1 2 1 3
2oo3 ⎢+ λ
⎢⎣ (
DU 2 × λ DU3 ) ⎥
⎥⎦
3
2
AVAILABILITY AND RELIABILITY
⎡⎛ TI ⎞ SL ⎤ TI: Proof Test time interval
1oo1
λDU ⎢⎜ Et × ⎟ + (1-Et ) ⎥ Et: Test Effectiveness Flash Fire Reliability
(Et ≠ 100%) 2⎠ 2⎦
⎣⎝ λDU: dangerous undetected failures Basic Concepts:
1
Failure Rate :
Failures per unit time
λ=
MEAN TIME TO FAILURE SPURIOUS SYSTEM ARCHITECTURES Components exposed to functional failure
Operating time Time
1 FIT = 1 × 10-9 Failures per hour 0
MTTFs A
MTBF = MTTF + MTTR
Failure time t TTF

A
1
1 MTTF = MTBF - MTTR =
1oo1 B λ MTTF MTTR
λS
Operating Time
1oo1 1oo2 Availability = = MTBF
1 Operating Time + Repair Time
1oo2 MTTF MTTF μ
2λS = = = = Repair
V MTTF + MTTR MTBF μ+ λ time
A Success
o Jet Fire (failure)
1 A MTBM
2oo2 2 B
t =
2λ S × MTTR i MTBM + MSD
B n
λ
1 C g Unavailability = 1- Availability =
μ RELIABILITY
2oo3 2
6λ S × MTTR 2oo2 2oo3 AVAILABILITY UNRELIABILITY
Acronyms:
MTBF: Mean Time Between Failures UNAVAILABILITY
SAFE FAILURE FRACTION (SFF) AND SIL LEVELS MTTF: Mean Time To Failure
MTTR: Mean Time To Repair
Success Failure
MTBM: Mean Time Between Maintenance

∑λ DD + ∑λ SD + ∑λ SU
= 1-
∑λ DU
MSD: Expected Mean System Downtime MTTF MTTR

SFF
∑λ DD + ∑λ DU + ∑λ SD + ∑λ SU ∑λ TOT
SAFETY INTEGRITY LEVEL CALCULATION
Hardware fault Hardware fault Hardware fault
tolerance tolerance tolerance
Pool Fire Safety integrity of non-SIS prevention/
0 1 2 mitigation protection layers, other pro-
tection layers, and SIS matched to the
necessary risk reduction
TYPE A Components Process and
process
< 60% SIL 1 SIL 2 SIL3 control system

60% - < 90% SIL 2 SIL 3 SIL 4

90% - < 99% SIL 3 SIL 4 SIL 4 Consequence Necessary Risk Reduction
of Hazardous
> 99% SIL 3 SIL 4 SIL 4 Event Non-SIS
prevention / Other
TYPE B Components Process
Risk mitigation SIS protection
protection layers
< 60% Not allowed SIL 1 SIL2 Frequency layers
60% - < 90% SIL 1 SIL 2 SIL 3 of Hazardous
Event
90% - < 99% SIL 2 SIL 3 SIL 4
> 99% SIL 3 SIL 4 SIL 4 Tolerable
Risk Target
Failure rates categories: λDD: dangerous detected; λDU: dangerous undetected Quantitative Method for SIL level determination
λSD: safe detected; λSU: safe undetected As found in IEC 61508 Annex ‘C’
Fireball

ITALY RUSSIA UNITED STATES OF AMERICA

G.M. INTERNATIONAL S.R.L
Via San Fiorano, 70
20058 Villasanta (MI)
Tel: +39 039 2325038
Fax: +39 039 2325107
Serpukhovsky Val 8, Office 10 GM International Safety Inc.
115191 Moscow 17453 Village Green Drive
Tel: +7 495 950 5779 Houston, TX 77040
Fax: +7 495 952 1006 Tel: +1 713 896 0777
Fax: +1 713 896 0782

info@gmintsrl.com info@gminternational.ru info@gmisafety.com

www.gmintsrl.com www.gminternational.ru www.gmisafety.com