November/December 2019

36 n MACHINE SAFETY November/December 2019 www.drivesncontrols.com Are you using the right SILs? F ew of us think about the importance of safety redundancy in automation systems unless it is specified as part of a project we are working on. However, automated safety instrumented systems (SISs) are becoming more common, because they can be used to prevent or mitigate hazardous events in a variety of situations. By taking a process to a safe state when specific conditions are breached, SISs can offer different levels of protection, so it is important to know what Safety Integrity Level (SIL) your application needs to meet. SILs are measures of performance or dependability for systems incorporating safety functions. According to the IEC (or EN) 61508 standards on Functional safety of electrical / electronic / programmable electronic safety-related systems, there are four SIL bands. The higher the SIL number, the higher the required protection. The SIL requirements of a given application can be determined in different ways. IEC 61508 describes both quantitative and qualitative methods to define which SIL is required. Common approaches include risk graphs or matrices, fault tree analysis, or layers of protection analysis. As the SIL levels increase, system costs and complexity tend to rise. Implementing high SIL 3 and SIL 4 systems is not always necessary and you should consider using the lowest appropriate SIL for an application. The SIL level will ultimately be applied to, and refer to, the total system configuration. The design of the complete system architecture and redundancy at the device level can affect the SIL rating. Most systems that need a SIL level to be applied, rarely need certification above SIL 2, but this will depend, of course, on the application and the risk. The most important aspect that SIL 2 SISs need to address is the uninterrupted control and regulation of relevant machinery – known as “equipment under control” – by a safety controller. This helps to avoid any risky downtime. As a result, control systems need redundant CPUs and power supplies, as well as redundant network communications infrastructures and processors. In this way, if the equipment fails, the system can maintain its availability and continue to operate safely. For example, ventilation for road or rail tunnels must operate during static traffic conditions or in emergencies. Redundant control systems provide high availability and instant switchover essential to ensure continuous and safe operations. This can be achieved by means of a SIL-compliant PLC platform coupled with a fast and reliable redundant communications network. For example, Mitsubishi Electric’s latest SIL 2-certified PLC system, the Melsec iQ-R series, has a modular structure and can be paired easily with additional CPUs and power supplies to ensure system redundancy. In addition, redundant Ethernet comms can be set up to provide a single IP address for both control and standby systems. Systems that combine process control and process safety are becoming increasingly popular. These SISs regulate the proper running of Equipment Under Control (EUC) by collecting and processing relevant data in both normal and emergency conditions. Based on the results obtained, the process and safety controllers communicate with EUC to obtain pre-set safe conditions. Costs can be cut by using process automation controllers (PACs) that offer the same level of reliability and functions as those offered by more costly DCSs (distributed control systems). The world of equipment safety is advancing continuously, providing more reliable, available and flexible systems. Staying up-to-date is essential to future-proof automation integration practices. n Safety Integrity Levels, or SILs, are a key measure of the safety performance of automated systems. Barry Weller, product manager at Mitsubishi Electric, looks at what SILs are, and how to determine the safety requirements for a particular application. Safety can be ensured in tunnels during emergencies or static traffic conditions if their ventilation systems are controlled using redundant SIL-compliant PLCs, coupled to fast, reliable communications networks.