Safety Integrity Level (SIL)

A SIL study is a collaborative decision making process that allows a PHA team to determine the reliability of safeguards used to prevent specific consequences which were identified in the risk assessment process.

A HAZOP can be used to efficiently identify scenarios with high severity consequences, which can then be further analyzed using a LOPA to determine if additional independent layers (IPLs) of protection are needed to meet the tolerable event frequency target. In some cases, these additional independent protection layers need to be automated with functions that meet a specific probability of failure on demand (PFD) target. These are called Safety Instrumented Functions (SIFs).

A SIF is comprised of a combination of sensors, logic solvers and final elements, which together can detect an abnormal process condition and automatically initiate an action to bring the process to a safe state. The execution of the safety instrument function is carried out by a high integrity logic solver, and the whole system is referred to as a Safety Instrumented System (SIS).

A Safety Integrity Level (SIL) Study is used to quantitatively verify the reliability of the SIF to ensure it meets the required reliability and is a feasible IPL to close the LOPA gap between the tolerable event frequency and the mitigated event frequency.  SIFs can be categorized based on their reliability level. The SIL of the SIF describes the reliability range of the control loop, as seen in the table below. SIL 1 has the highest allowable probability of failure, while SIL 4 has the lowest.  Each different SIL level will require different proof testing and configuration in order to meet the required reliability level.

The safety requirements of the SIS are developed based on the reliability and function determined during the hazard and risk analysis, such as during the LOPA.  The safety requirement specification (SRS) thus serves as a method of clearly and concisely documenting the design, implementation and maintenance requirements of the SIS. The list of required components in the SRS can be found in IEC 61511. The SRS is a critical part of ensuring the SIF is effective for the lifetime of the facility.

Overall, a SIL verification study is a useful way of determining the required reliability of a SIF based on a logical decision framework rather than the general idea of making an automated safety function as safe as possible. A SIL study provides valuable information about the required hardware architecture, technology selection, voting logic and required maintenance levels, which ultimately can reduce the cost of instrumentation for a project by avoiding over-engineering.