36 n SAFETY November/December 2023 www.drivesncontrols.com Overcoming misconceptions about SIL ratings Safety Integrity Level (SIL) ratings were first introduced as part of IEC 61508 in 1998. They seek to quantify the probability of dangerous system failures. The international standard defines functional safety as the safety that control systems provide to an industrial process or plant. Its purpose is to prevent both direct and indirect risks to human life that could result from industrial processes, such as risks caused by damage to equipment, property or the environment. Functional safety applies across the industrial spectrum, from petrochemical plants and tank farms, to nuclear installations and manufacturing plants. One metric used to assess the risk of unsafe failure in industrial settings are SIL ratings, which correspond to the frequency and severity of hazards. They describe the probability of failure on demand (PFD) and the performance required for a safety instrumented function (SIF) to maintain safety. There are four SIL ratings spanning the range SIL1 up to SIL4. The higher the level, the higher the associated safety, and the lower the probability that the system will fail to perform. However, installation and maintenance costs, as well as system complexity, typically increase with the SIL rating. The levels are distinguished by their acceptable rate of failure, which increases each time by a factor of ten – so SIL1 systems accept one failure in every ten demands, while SIL2 systems accept one failure in every 100 demands – and so on. Bigger isn’t always better One misconception is that higher SIL ratings are always better for every application. Although SIL4 does indeed offer the most reliability, the complexity involved with redundant back-up systems, more regular performance testing and hierarchical voting arrangements, can be unwieldy and overexpensive, if this level is not essential. The correct SIL rating depends on the application. For example, if you can rely on a human operator to take action on an abnormal condition – such as an alarm annunciator alert – then a SIL1 system will suffice. Indeed, a safety loop involving a human cannot be rated above SIL1 because systems are required to operate independently of operators for SIL2 and above. While the most critical applications – such as aircraft flight systems or nuclear reactor protection – require SIL4 protection, correct safety analysis during the design stage is vital to determine the minimum acceptable SIL rating for a particular application. Adhering to this recommendation will provide an adequate level of functional safety, while remaining cost-effective. Evaluating instrumentation Alarm annunciator systems are a vital layer of protection in plant safety strategies. They provide operators with early warnings of abnormal conditions that allow action to be taken before hazards take effect and enable human logic-driven intervention. Independent validation of safety instruments such as these is an important factor for customer confidence in every industrial sector. Evaluation International (EI), a member-owned, not-for-profit organisation, offers consultation and evaluation services for electrical, control and instrumentation matters. For example, in 2007, EI evaluated Omniflex’s Omni16C alarm annunciator and found that it passed the various functionality tests, and that the results were in accordance with the company’s specifications. EI reports such as these are useful for facility planners and functional safety managers, because they provide reliable information about validated and qualified instrumentation. For a quarter of a century, SIL ratings have been an important metric for industrial functional safety, but misinterpretations about their application remain. To avoid incurring unnecessary cost and complexity, it’s important for facility planners and managers to work with safety system suppliers who fully understand safety integrity levels. n Catastrophic industrial accidents can occur if safety systems are poorly designed and inadequate. Gary Bradshaw, director of the critical alarm specialist Omniflex, explains how SIL ratings work and the dangers of some of the misconceptions that exist around them. Alarm annunciator panels are one of the items of factory equipment subject to SIL ratings
RkJQdWJsaXNoZXIy MjQ0NzM=