SIL determines the design cycle where all risks are identified, requirements are quantified and final design is validated.
Safety instrument systems (SIS) has been a major design factor in all process plants for as long as the author can remember. This standard for application of SIS for process industries is based on international standards from the International Electro-technical Commission (IEC), namely IEC 61511 and IEC 61508. These identify an overall approach to the task of determining and applying safety within a process plant.
Safety integrity level (SIL) is a popular phrase used in the designing and outlaying of instruments; and this requires explanation. SIL is a statistical representation of the reliability of safety instrument systems. There are four categories, namely SILs 1, 2, 3 and 4. It is defined as the probability of the safety instrument system (SIS) to fail on demand (PFD). A process demand occurs whenever the process reaches the trip condition and causes the SIS to take action.
Consider a tank filling with a process fluid. If the tank is full, the SIS comes into play as the trip conditions are reached. The SIS prevents the tank from overflowing. The number of times this occurs is known as the incident frequency.
Consider an SIL 1 installation, which has a maximum probability level of 1 in 10. This means for every 10 times the SIS is activated as a result of a high tank level trip, the safety function (ie, the dump valve opens lowering the level) could be expected to work nine times. The other one time the safety function would not work and the tank would overflow.
In SIL 2 this overflow probability would be one in a hundred as a worst-case scenario.
The required SIL level in a particular process design and what actions should be taken to reduce the number of process demands is based on the perceived risk and tolerable incident frequency. This decision is taken when considering injuries, fatalities, environmental releases, property damage, plant equipment damage, permit violations and the plant's licence to operate.
It is easy to understand the damage caused by the failure of a safety system to work properly, but it is more difficult to realise the true benefit when the safety system does what it is supposed to do. The SIL must be chosen to reduce the incident frequency (ie, tank overflow in the example above) to a tolerable level only.
The standard IEC 61508 deals specifically with the functional safety of electrical, electronic and programmable electronic safety related systems. It is therefore a requirement for instrument manufacturers to supply relevant information to enable the use of their equipment by others in a SIS. This is done during the development of these devices and they must be validated following the demands of IEC 61508.
A typical safety loop requires a SIL level, which is associated with a safety function - for example, preventing a tank from overflowing - and therefore is not associated with a standalone instrument or piece of equipment only. Thus, for a particular safety system, a SIL level is only obtained after analysing the whole safety loop.
In the figure, the dump valve must operate to prevent tank overflow. Safety isolators are used for explosion protection. The loop is broken down into individual blocks, in order to perform the safety function. All of the blocks have to be evaluated in order to obtain the required SIL level.
It can be seen that IEC 61508 considers the total instrument loop.
Much like 'a chain is only as strong as its weakest link', so too, all the elements in the instrument loop of the safety system play their part. SIL is mostly referred to as a performance criterion, which is the capability to perform at the time needed. The choice of SIL level is often decided by the cost of non-performance. This is difficult to accept ... especially at project budget meetings. No matter how SIL is referred to, or viewed, it can be seen as a good industry involvement toward safety system design. SIL level must therefore be decided upon to reduce incident frequency to a tolerable level only. SIL is the design basis for all engineering decisions related to the safety function.
When the design is complete it must be validated against the SIL. Therefore SIL determines the design cycle where all risks are identified, requirements are quantified and final design is validated.
For more information contact Paul Giffen, WIKA Instruments, 011 621 0000, [email protected], www.wika.co.za
| Tel: | +27 11 621 0000 |
| Email: | [email protected] |
| www: | www.wika.co.za |
| Articles: | More information and articles about WIKA Instruments |
© Technews Publishing (Pty) Ltd | All Rights Reserved
printer friendly version