You are on page 1of 104

User Guide

SILcet 4.0

version PRO & PRO Plus


Guide rev. 6 – SILcet 4.0 1
Introduction
This document is a user guide to explain the main features and
options of the tool SILcet. It does not contain descriptions or
explanations about functional safety, design of safety instrumented
functions or SIL calculations.

When reading this guide it is advisable to have some knowledge about


Functional Safety.

The following documents and training courses are also available:

 Formulas SILcet 4.0


 SILcet Installation and Troubleshooting
 Training course “Design of SIFs and SIL calculation”.
 Help Videos (english link spanish link)
Watch Video:
Before starting
Guide rev. 6 – SILcet 4.0 2
About version TRIAL 1

The following features are disabled in version TRIAL 1:

 SIFs from 2 to 35 are disabled (sheet “SIL”).


 Generation of reports.
 Comparison of SIFs.
 All architectures are disabled except 1oo1, 1oo2 (sheet “SIL”)
 Calculations of sheet “CF” are disabled.
 In the option to analyze the SIF behavior (sheet C2), parameters Cpt and
DU are disabled.

Guide rev. 6 – SILcet 4.0 3


Main differences among versions
Feature SILcet 4.0 Pro SILcet Pro Plus Trial 1
Number of SIFs 35 35 1
Architectures (low/high demand) 21 + / 8 21 + / 8 1oo1, 1oo2
Calculations PFDavg/PFH, PFDavg/PFH, PFDavg/PFH,
MTTFS, SIL, Beta MTTFS, SIL, Beta MTTFS, SIL, Beta
Architectural Constraints Route 1H / 2H Route 1H / 2H Route 1H / 2H
Reports R1, R2 R1, R2 No
Draw Logic Diagram of the SIF
Yes Yes Only SIF-1
(one by one on sheet LOGIC).
Show Logic Diagrams of the
No Yes No
SIFs in Reports
Analysis of the SIF behavior by TI, Cpt, DU,
changing main parameters DU/DD/SU/SD Only TI (SIF-1)
Only TI
(quick generation of 12 (Convert DU/SU
calculations in the same SIF) into DD/SD)
Option of Multi-user license No Yes --
Other features Yes Yes No
Guide rev. 6 – SILcet 4.0 4
List of abbreviations

Guide rev. 6 – SILcet 4.0 5


List of Architectures (sheets “SIL” & “SIL2”).

Table 2 - Safety Architectures versus Hardware Fault Tolerance


Route 2H
Low demand High demand
Route 1H Maximum Maximum PFDavg for Low Demand.
HFT HFT SIL SIL PFH for High Demand.
1oo1 0 0 2 1
1oo2 1 1 3 3
2oo2 0 0 2 1
2oo3 1 1 3 3
2oo4 2 2 4 --
1oo2div 1 1 3 --
2oo2div 0 0 2 --
1oo2R 1 1 3 --
2oo2S 1 1 3 --
More complex
1oo2D 1 1 3 3 configurations on
1oo3 2 2 4 4
1oo4 3 3 4 --
sheet “CF”
1oo5 4 4 4 --
3oo3 0 0 2 1
4oo4 0 0 2 1
2oo5 2 2 4 --
Modificable
5x1oo2 1 1 3 --
Kx1oo2
3oo4 1 1 3 --
3oo5 2 2 4 --
4oo5 1 1 3 --
1oo6 5 5 4 --

Guide rev. 6 – SILcet 4.0 6


Practical Tips to
calculate PFDavg

Guide rev. 6 – SILcet 4.0 7


Practical Tips to calculate PFDavg with SILcet (I)
Sensor Subsystem Actuator Subsystem
Logic Solver
S

VV
Subsystem Air

Sensor Final element


(e.g.: PT) Isolators, Safety Isolators, (e.g.: solenoid +
barriers, PLC barriers, actuator + valve)
relays,… relays,…

PFDavgSIF = PFDavgsensor + PFDavglogicsolver + PFDavgactuator

The Failure Probability of the SIF is the sum of the probabilities of failure
of each subsystem.

The reliability of the SIF depends on the weakest link that is normally the
ACTUATOR subsystem.

Guide rev. 6 – SILcet 4.0 8


Practical Tips to calculate PFDavg with SILcet (II)

When several elements are used in the same subsystem, the most correct and conservative approach is to
first add the failure rates of all the elements of the subsystem and enter the total in SILcet. In this way the
value of PFDavg is higher than the value obtained by calculating each PFDavg separately and then adding
the PFDavg of each element. For greater clarity in the generated documentation it is always better to
introduce the elements separately which is acceptable if the final value of the PIFDavg of the SIF has much
margin until the lower SIL (for example, a margin higher than 60% is usually acceptable).

When one of the elements is for example a safety relay (normally with much lower failure rates than the
valve, the actuator, etc.) then both calculations are practically the same.

Conservative calculation Less conservative calculation


S Select Select Select PFDavg SIL (pfd) S Select Select Select PFDavg SIL (pfd)
Db sensor PT fs-best PT-11 2oo3 5,12E-05 4 Db sensor PT fs-best PT-11 2oo3 5,12E-05 4
M 1oo1 M 1oo1
Db logicsolver Safety PLC - b SI-400F 1oo2D 4,43E-05 4 Db logicsolver Safety PLC - b SI-400F 1oo2D 4,43E-05 4
M 1oo1 M 1oo1
M 1oo1 M 1oo1
M actuator Full subsystem XV-110 1oo2 1,99E-03 2 Db actuator F.B. valve -b XV-110 1oo2 1,02E-03 2
M 1oo2 Db actuator Actuator -b actuator 1oo2 6,50E-04 3
M 1oo2 Db actuator Solenoid-b solenoid 1oo2 1,80E-06 4
M 1oo2 Db actuator Relay fs relay 1oo2 1,40E-08 4
M 1oo1 M 1oo1
M 1oo1 M 1oo1
M 1oo1 M 1oo1
Print1 2,09E-03 SIL-2 Print1 1,76E-03 SIL-2

Guide rev. 6 – SILcet 4.0 9


Practical Tips to calculate PFDavg with SILcet (III)

 Failure rates should always be as realistic as possible, otherwise high calculation


margins should be used and it’s recommended to multiply the rates by safety factors
(cell K2 of the "SIL" sheet can be used for this).

 The value of Cpt ("Coverage Proof Test") is very important in the calculations. In case
of not knowing its value, we recommend using the following values:

Sensor (smart transmitter): 90%.


Logic Solver (safety PLC): 95%
Final element: 60%

 The value of Beta factor (common cause factor for redundant architectures) is very
important in the calculations. In case of not knowing its value, we recommend using
the following values:

Sensor subsystem: 5%
Logic Solver (safety PLC): 2%
Actuator subsystem: 10%.

Guide rev. 6 – SILcet 4.0 10


Practical Tips to improve Safety of an existing SIS

SENSOR Subsystem: Examples to lower the PFDavg and increase the SIL.

Existing SIS Modifications in the SIS Possible improvements


Switch (PS/TS/LS) Transmitter (PT/TT/LT) Up: Diagnostics, DD/SD failures, SIL.
Down: DU/SU failures, PFD
PS-1 in SIS and PT-2 in BPCS Replace PS-1 with PT-1. 1oo1→1oo2 (PT-1 / PT-2).
Share PT-2 with SIS (use isolator). Credit by comparison→Diagnostics are
increased.
Transmitters 4-20 mA Implement application diagnostics (e.g.: Up: Diagnostics,DD/SD failures, SIL.
signal out of range). Down: DU/SU failures, PFD.
1oo2 with PS-1A and PS-1B Replace PS-1A with PT-1A. More diagnostics in PT-1A.
1oo2 with diversity.
DU/SU failures ↓, PFD ↓, SIL ↑
2oo3 with PS-1A/B/C and PT- PS-1A → PT-1A, share PT-2 with SIS. More diagnostics in PT-1A y PT-2.
2 in BPCS. 2oo3: PT-1A/B + 2oo2 of PS-1B/C. 2oo3 with diversity.
DU/SU failures ↓, PFD ↓, SIL ↑

For different reasons it is not always possible to upgrade a SIS in full compliance with IEC-61508/61511, but it is
possible to increase the safety of the process by taking some measures of low or moderate cost that partially
comply with the Standards.
In addition, the recommendations of other Standards specific to the application must be followed (ex .: NFPA-85 for
Boilers).
Guide rev. 6 – SILcet 4.0 11
Practical Tips to improve Safety of an existing SIS
LOGIC SOLVER Subsystem: Examples to lower the PFDavg and increase the SIL.

Existing SIS Modifications in the SIS Possible improvements


Standard PLC Replace with “Safety PLC”. SIL certification.
Up: Diagnostics, DD failures, SIL.
Down: DU failures, PFD
Standard PLC and very few Standard PLC + safety relays for SIFs. SIL certification in the relays.
SIFs. 1oo2 with diversity.
PFD ↓, SIL ↑
Standard PLC and few SIFs. Add “Safety PLC” for SIFs. SIL certification.
Maintain standard PLC for the rest. Up: Diagnostics, DD failures, SIL.
Communication between PLCs with I/Os. Down: DU failures, PFD
Standard PLC with many Replace with“Safety PLC”. SIL certification.
SIFs. Up: Diagnostics, DD failures, SIL.
Down: DU failures, PFD
Standard PLC or “Safety Implement software routines for Up: Diagnostics, DD failures.
PLC”. application diagnostics. Down: DU failures, PFD.
For different reasons it is not always possible to upgrade a SIS in full compliance with IEC-61508/61511, but it is
possible to increase the safety of the process by taking some measures of low or moderate cost that partially
comply with the Standards.
In addition, the recommendations of other Standards specific to the application must be followed (ex .: NFPA-85 for
Boilers).
Guide rev. 6 – SILcet 4.0 12
Practical Tips to improve Safety of an existing SIS

ACTUATOR Subsystem: Examples to lower the PFDavg and increase the SIL.

Existing SIS Modifications in the SIS Possible improvements


Elements without SIL Replace with certified elements or "proven The IEC is met (Systematic
certification or "proven in in use". Capability).
use" justification. DU failures ↓, PFD ↓, SIL ↑
Valves Implement tests without process shutdown DU/SU failures ↓, DD/SD failures ↑
(e.g.: PVST). PFD ↓, SIL ↑
Possibility to extend TI.
Valves Improve effectiveness of manual tests with Cpt ↑, PFD ↓, SIL ↑
process stopped (e.g.: FST, leak test).
Final element SIL-2/3: minimum architecture 1oo2 Compliance with the requirement
although it depends on other factors. of "Architectural Constraints".
PFD ↓, SIL ↑

For different reasons it is not always possible to upgrade a SIS in full compliance with IEC-61508/61511, but it is
possible to increase the safety of the process by taking some measures of low or moderate cost that partially
comply with the Standards.
In addition, the recommendations of other Standards specific to the application must be followed (ex .: NFPA-85 for
Boilers).

Guide rev. 6 – SILcet 4.0 13


Quick guide Use this link

Detailed guide Use this link

Guide rev. 6 – SILcet 4.0 14


Quick guide

Guide rev. 6 – SILcet 4.0 15


Watch Video:
How to calculate the SIL? Before starting

Subsystems: SENSOR, LOGIC


Option 1
SOLVER, 2 x ACTUATOR
Use Sheet “SIL2”

Select among 19
architectures

12 elements per SIF – Up to 35 SIFs


Option 2 S Select Select Report Select PFDavg SIL (pfd)
M sensor LT-2_sif1 LT-2A 2oo3 1,44E-04 3
M 1oo1 --
Db logicsolver PLC_sif1 PLC (fs) 1oo2D 2,59E-04 3
Use Sheet “SIL” M 1oo1 -- For very complex
Db actuator Relay_sif1 XS-2A (relé) 1oo2 2,22E-06 3
Pfd actuator XV-2-sif1 XV-2A 1oo2 1,12E-03 2 configurations you can
Select among 21 M 1oo1 --
use also the sheet “CF”.
M 1oo1 -- --
architectures M 1oo1 -- --
(up to 35 SIFs) M 1oo1 -- --
M 1oo1 -- --
M 1oo1 -- --
1,53E-03 SIL-2
Reached SIL= SIL-2
Guide rev. 6 – SILcet 4.0 16
Option 1 Quick guide for calculations on sheet “SIL2” (I)
SIL Calculator Option 1A: Use the cells and
IEC-61508 SIL (achieved) PFDavg RRF MTTFS (years)
SIF Total PFDavg
PFDavg
8,95E-03
RRF
112
SIL
2 spreadsheet “SIL2”.
SIF SIL-1 8,95E-03 112 10 Architectural Constraints 1
Systematic Capability 2

Cpt TI (y) MTTRDD Type Cpt TI (y) MTTRdd Type


90% 2 12 2 95% 5 12 2
β LT (y) MTTRs OnOff SC β LT (y) MTTRs OnOff SC
5% 15 24 0 2 2% 15 24 0 3

SENSOR SUBSYSTEM LOGIC SOLVER


Smart transmitter FITS (λ = FITS x 1E-9) Safety PLC with QMR technology FITS (λ = FITS x 1E-9)

Option 1B: Open the “user-form”.


SD SU DD DU SD SU DD DU
Element 1 transmitter 600 700 600 300 Element 1 CPU 5000 150 2000 100
Element 2 isolator 0 400 0 60 Element 2 PS 500 50 90 10
Element 3 seal Element 3 AI 300 20 600 10
Element 4 Element 4 DO 400 20 120 12
Logic > 1oo1 600 1100 600 360 Logic > 1oo2D 6200 240 2810 132

RRF SIL RRF SIL


Subtotal PFDavg (calculated) 5,2E-03 192 2 Subtotal PFDavg (calculated) 1,2E-04 8.501 3
Subtotal PFDavg (manual entry) -- -- Subtotal PFDavg (manual entry) -- --

Total PFDavg 5,2E-03 192 2 Total PFDavg 1,2E-04 8.501 3


Architectural Constraints HFT SFF SIL Architectural Constraints HFT SFF SIL
On Route 1H > 0 86,5% 1 On Route 1H > 1 98,6% 3

Achieved SIL SIL-1 Achieved SIL SIL-3


MTTFS (years) 67 MTTFS (years) 170

Cpt TI (y) MTTRdd Type Cpt TI (y) MTTRdd Type


70% 2 12 1 65% 2 12 1
β LT (y) MTTRs OnOff SC β LT (y) MTTRs OnOff SC
10% 15 24 0 2 10% 15 24 0 3

ACTUATOR SUBSYSTEM (1) ACTUATOR SUBSYSTEM (2) On


Safety Valve Assembly FITS (λ = FITS x 1E-9) Safety relay to motor FITS (λ = FITS x 1E-9)
SD SU DD DU SD SU DD DU
Element 1 safety relay 700 6 Element 1 safety relay 900 220
Element 2 solenoid 300 50 Element 2
Element 3 actuator 1100 320 Element 3
Element 4 valve 2000 600 Element 4
Logic > 1oo2 0 4100 0 976 Logic > 1oo2 0 900 0 220

RRF SIL RRF SIL


Subtotal PFDavg (calculated) 3,0E-03 338 2 Subtotal PFDavg (calculated) 6,6E-04 1.514 3
Subtotal PFDavg (manual entry) -- -- Subtotal PFDavg (manual entry) -- --

Total PFDavg 3,0E-03 338 2 Total PFDavg 6,6E-04 1.514 3

Architectural Constraints HFT SFF SIL Architectural Constraints HFT SFF SIL
On Route 1H > 1 80,8% 3 On Route 1H > 1 80,4% 3

Achieved SIL SIL-2 Achieved SIL SIL-3


MTTFS (years) 15 MTTFS (years) 67

Guide rev. 6 – SILcet 4.0 17


Option 1 Quick guide for calculations on sheet “SIL2” (II)
SIL Calculator
This is the configuration of
the SIF. It’s possible to include
up to 4 elements and select
19 different architectures in
each subsystem.

IEC-61508 SIL (achieved) PFDavg RRF MTTFS (years) PFDavg RRF SIL
SIF Total PFDavg 8,95E-03 112 2

SIF SIL-1 8,95E-03 112 10 Architectural Constraints 1


Systematic Capability 2

Cpt TI (y) MTTRDD Type Cpt TI (y) MTTRdd Type


90% 2 12 2 95% 5 12 2
β LT (y) MTTRs OnOff SC β LT (y) MTTRs OnOff SC
5% 15 24 0 2 2% 15 24 0 3

SENSOR SUBSYSTEM LOGIC SOLVER


Smart transmitter FITS (λ = FITS x 1E-9) Safety PLC with QMR technology FITS (λ = FITS x 1E-9)
SD SU DD DU SD SU DD DU
Element 1 transmitter 600 700 600 300 Element 1 CPU 5000 150 2000 100
Element 2 isolator 0 400 0 60 Element 2 PS 500 50 90 10
Element 3 seal Element 3 AI 300 20 600 10
Element 4 Element 4 DO 400 20 120 12
Logic > 1oo1 600 1100 600 360 Logic > 1oo2D 6200 240 2810 132

RRF SIL RRF SIL


Subtotal PFDavg (calculated) 5,2E-03 192 2 Subtotal PFDavg (calculated) 1,2E-04 8.501 3
Subtotal PFDavg (manual entry) -- -- Subtotal PFDavg (manual entry) -- --

Total PFDavg 5,2E-03 192 2 Total PFDavg 1,2E-04 8.501 3


Architectural Constraints HFT SFF SIL Architectural Constraints HFT SFF SIL
On Route 1H > 0 86,5% 1 On Route 1H > 1 98,6% 3

Achieved SIL SIL-1 Achieved SIL SIL-3


MTTFS (years) 67 MTTFS (years) 170

Cpt TI (y) MTTRdd Type Cpt TI (y) MTTRdd Type


70% 2 12 1 65% 2 12 1
β LT (y) MTTRs OnOff SC β LT (y) MTTRs OnOff SC
10% 15 24 0 2 10% 15 24 0 3

ACTUATOR SUBSYSTEM (1) ACTUATOR SUBSYSTEM (2) On


Safety Valve Assembly FITS (λ = FITS x 1E-9) Safety relay to motor FITS (λ = FITS x 1E-9)
SD SU DD DU SD SU DD DU
Element 1 safety relay 700 6 Element 1 safety relay 900 220
Element 2 solenoid 300 50 Element 2
Element 3 actuator 1100 320 Element 3
Element 4 valve 2000 600 Element 4
Logic > 1oo2 0 4100 0 976 Logic > 1oo2 0 900 0 220

RRF SIL RRF SIL


Subtotal PFDavg (calculated) 3,0E-03 338 2 Subtotal PFDavg (calculated) 6,6E-04 1.514 3
Subtotal PFDavg (manual entry) -- -- Subtotal PFDavg (manual entry) -- --

Total PFDavg 3,0E-03 338 2 Total PFDavg 6,6E-04 1.514 3

Architectural Constraints HFT SFF SIL Architectural Constraints HFT SFF SIL
On Route 1H > 1 80,8% 3 On Route 1H > 1 80,4% 3

Achieved SIL SIL-2 Achieved SIL SIL-3


MTTFS (years) 15 MTTFS (years) 67

Guide rev. 6 – SILcet 4.0 18


Option 1 Quick guide for calculations on sheet “SIL2” (III)
2 Cpt TI (y) MTTRDD Type
Example with
90% 2 12 2
Enter other data, β LT (y) MTTRs OnOff SC SENSOR subsystem
element type and 5% 15 24 0 2
Systematic Capability. SENSOR SUBSYSTEM
Smart transmitter FITS (λ = FITS x 1E-9)
SD SU DD DU 1
Element 1 transmitter 600 700 600 100
3 Element 2 isolator 0 400 0 60 Enter Failure
Element 3 seal Rates of each
Select the architecture Element 4
(19 types) Logic > 1oo1 600 1100 600 160 element.
RRF SIL
Subtotal PFDavg (calculated) 2,3E-03 431 2
Optional: manual entry Subtotal PFDavg (manual entry) -- --

Total PFDavg 2,3E-03 431 2 Video: Option 1


Architectural Constraints HFT SFF SIL
4 On Route 1H > 0 93,5% 2
Click on “Update”
button to make Achieved SIL SIL-2 Subsystem
calculations.
Update
MTTFS (years) 67
5
results

6 Same steps with LOGIC SOLVER and ACTUATOR

7 IEC-61508 SIL (achieved) PFDavg RRF MTTFS (years) PFDavg RRF SIL
SIF Total PFDavg 5,40E-03 185 2
SIF results
SIF SIL-2 5,40E-03 185 11 Architectural Constraints 2
Systematic Capability 2

Guide rev. 6 – SILcet 4.0 19


Option 2 How to calculate SIL on sheets “SIL & CF”?

Sheet “SIL”
Use the sheet “SIL” when
you need to generate a
report, compare several SIL & MTTFS
designs or use data from calculations
your data base. (up to 35 SIFs)

If you have a very complex


configuration in the sensor or Group1: 1oo2
actuator subsystems then you
Group 2: 1oo2
need first to go to sheet “CF”

2oo3
Group 3: 1oo1
Sheet “CF”
Group 4: --

Combined Group 5: --
voted group
(up to 10)
Example with actuator subsystem

Guide rev. 6 – SILcet 4.0 20


Option 2 General guide to know when to use sheet “CF”.

Example. Use sheet “SIL”


Use sheet SIL Group1: NooM
Group1: 1oo2
(up to K=12) Group 2: NooM
Group 2: 1oo2

NooN

3oo3
Group 3: NooM
Group 3: 1oo1
……….
Group 4: --
Group K: NooM
Group 5: --

Example. Use sheet “CF”


Use sheet CF Group1: NooM
Group1: 1oo2
(up to K=5) Group 2: NooM
Group 2: 1oo2
NooM

2oo3
Group 3: NooM
Group 3: 1oo1
If N≠M use sheet ………….
Group 4: --
CF (if N=M better
to use sheet SIL) Group K: NooM
Group 5: --

Only use sheet CF when needed or for making a very accurate calculation
(PFDavg is calculated with integrals).

Guide rev. 6 – SILcet 4.0 21


Option 2 Quick guide for calculations on sheet “SIL” (I)
5
Architectures: (1oo1,1oo2,2oo2,2oo3,2oo4,1oo3,…) Select architectures
Cpt / TI / LT / β / MTTR 4
Enter other values.
Failure Rates source: Sheet “SIL”
1
SIL & MTTFS
FITs: SU, SD, DD, DU
1)Manual entry.
The main sheet is “SIL”.
2)Import from sheets: calculations
(up to 35 SIFs)
“sensor”,
Use at least 3 rows of the SIF,
“logicsolver”, one per subsystem (Select:
2 sensor, logicsolver, actuator)
“actuator”, Update
“other”.
SIL / PFD / MTTFS

Click on “Update”
Enter the Failure Rates button to make
(and element type and 6 calculations.
Systematic Capability). 3

Guide rev. 6 – SILcet 4.0 22


Option 2 Quick guide for calculations on sheet “SIL” (II)

Architectures (1oo1,1oo2,2oo2,2oo3,2oo4,1oo3,…)
Cpt / TI / LT / β / MTTR
Failure Rates source: Sheet “SIL”

SIL & MTTFS


FITs: SU, SD, DD, DU
1)Manual entry. Click on “Update”
button if any change
2)Import from sheets: calculations is made.
(up to 35 SIFs) 7
“sensor”,
“logicsolver”,
“actuator”, Update 8
“other”. Use other options
SIL / PFD / MTTFS

Button Sheet “Compare” Sheets “R1 / R2”


for Excel Create PDF
SIFs comparison Generate Reports
macro Print
Compare Reports

Guide rev. 6 – SILcet 4.0 23


Option 2 Quick guide for calculations on sheet “CF”
Complex configurations (combined voted group) 1
Use sheet “CF”
Enter the
Cpt / TI / LT / β / MTTR
values Select
Sheet “SIL” Sheet “CF” architectures
4

Calculation: PFD / MTTFS


5
SIL & MTTFS Combined

FITs: SU, SD, DD, DU


voted group
calculations (up to 10)
(up to 35 SIFs) 3
Enter the
Update values
CF
7 SIL / PFD / MTTFS

Enter PFD/MTTFS into 2


Enter the
SIF on sheet “SIL” (and subsystem (sensor, Click on “CF” button
select option “Pfd” on to make calculations.
column G).
actuator)
6

Guide rev. 6 – SILcet 4.0 24


Detailed guide

Guide rev. 6 – SILcet 4.0 25


Watch Video:
How to calculate the SIL? Before starting

Option 1 Subsystems: SENSOR, LOGIC


SOLVER, 2 x ACTUATOR
Use Sheet “SIL2”

Select among 19
architectures

12 elements per SIF – Up to 35 SIFs


Option 2 S Select Select Report Select PFDavg SIL (pfd)
M sensor LT-2_sif1 LT-2A 2oo3 1,44E-04 3
M 1oo1 --
Db logicsolver PLC_sif1 PLC (fs) 1oo2D 2,59E-04 3
Use Sheet “SIL” M 1oo1 -- For very complex
Db actuator Relay_sif1 XS-2A (relé) 1oo2 2,22E-06 3
Pfd actuator XV-2-sif1 XV-2A 1oo2 1,12E-03 2 configurations you can
Select among 21 M 1oo1 --
use also the sheet “CF”.
M 1oo1 -- --
architectures M 1oo1 -- --
(up to 35 SIFs) M 1oo1 -- --
M 1oo1 -- --
M 1oo1 -- --
1,53E-03 SIL-2
Reached SIL= SIL-2
Guide rev. 6 – SILcet 4.0 26
New
Option 1 How to calculate the SIL?

Subsystems: SENSOR, LOGIC


SOLVER, 2 x ACTUATOR
Use Sheet “SIL2”

Select among 19
architectures

This is an easy-to-use SIL Calculator.

We recommend to watch this video:

Video: Option 1

Guide rev. 6 – SILcet 4.0 27


Option 2 How to calculate SIL on sheets “SIL & CF”?

Sheet “SIL”
Use the sheet “SIL” when
you need to generate a
report, compare several SIL & MTTFS
designs or use data from calculations
your data base. (up to 35 SIFs)

If you have a very complex


configuration in the sensor or Group1: 1oo2
actuator subsystems then you
Group 2: 1oo2
need first to go to sheet “CF”

2oo3
Group 3: 1oo1
Sheet “CF”
Group 4: --

Combined Group 5: --
voted group
(up to 10)
Example with actuator subsystem

Guide rev. 6 – SILcet 4.0 28


Option 2 General guide to know when to use sheet “CF”.

Example. Use sheet “SIL”


Use sheet SIL Group1: NooM
Group1: 1oo2
(up to K=12) Group 2: NooM
Group 2: 1oo2

NooN

3oo3
Group 3: NooM
Group 3: 1oo1
……….
Group 4: --
Group K: NooM
Group 5: --

Example. Use sheet “CF”


Use sheet CF Group1: NooM
Group1: 1oo2
(up to K=5) Group 2: NooM
Group 2: 1oo2
NooM

2oo3
Group 3: NooM
Group 3: 1oo1
If N≠M use sheet ………….
Group 4: --
CF (if N=M better
to use sheet SIL) Group K: NooM
Group 5: --

Only use sheet CF when needed or for making a very accurate calculation
(PFDavg is calculated with integrals).

Guide rev. 6 – SILcet 4.0 29


Option 2
Index – Detailed guide for
option 2 (sheets “SIL” & “CF”)
Basic steps to Generate Draw SIF
calculate SIL Reports Logic
Calculate Beta
Factor (for common Compare
cause failures) SIFs
Import SIF data
Enter PFD or add Analysis of from another
bypass probability
SIF behavior Excel

Calculate COMPLEX Create a


CONFIGURATIONS Data Base of Objects with links to navigate
(sheet CF) failure rates through this document

Guide rev. 6 – SILcet 4.0 30


Basic steps to calculate
SIL & MTTFS (sheets SIL/CF)

Guide rev. 6 – SILcet 4.0 31


Sheet “SIL” to calculate PFDavg and MTTFS

12 lines per SIF – Up to 35 SIFs


21 available Architectures for S Select Select Report Select PFDavg SIL (pfd)
M sensor LT-2_sif1 LT-2A 2oo3 1,44E-04 3
each subsystem M 1oo1 --
Db logicsolver PLC_sif1 PLC (fs) 1oo2D 2,59E-04 3
 With identical components: M 1oo1 --
Db actuator Relay_sif1 XS-2A (relé) 1oo2 2,22E-06 3
1oo1, 1oo2, 1oo2D, 2oo2, 2oo3, Pfd actuator XV-2-sif1 XV-2A 1oo2 1,12E-03 2
2oo4, 2oo5, 1oo3, 1oo4, 1oo5, M 1oo1 --
M 1oo1 -- --
3oo3, 4oo4, 3oo4, 3oo5, 4oo5, M 1oo1 -- --
1ooM. M 1oo1 -- --
M 1oo1 -- --
 With identical components M 1oo1 -- --
(special): 1oo2R, 2oo2S, Kx1oo2 1,53E-03 SIL-2
 With diverse components: Reached SIL= SIL-2
1oo2div, 2oo2div

Guide rev. 6 – SILcet 4.0 32


Sheet “SIL”: Basic data needed to calculate PFD and MTTFS

1- Select: Db, 2- Select 3A- Import of FITS 3B- Entry of FITS 4- Entry of < Click over the
M, Pfd or na subsystem (selection “Db”) (selection “M”) other data objetcs for more info.

S Select Select
M sensor PT-100A/B/C
FITS Entry of
M logicsolver PLC-200 Entry of other data
M actuator XV-300A/B Failure (Cpt, TI, LT,
M Rates (λ) β, MTTR)
M and SC
5- Selection of
architecture Click for more info about IEC
Tables (HFT, SFF)

Select PFDavg SIL (pfd) HFT SFF man SFF SIL (arch) MTTFS
2oo3 7,06E-04 3 1 75,0% 2 642
1oo2D 5,68E-04 3 1 97,5% 3 72
1oo2 2,64E-02 1 1 50,0% 2 10
1oo1 -- -- 0 -- -- --
1oo1 -- -- 0 -- -- --
2,77E-02 SIL-1 Route 1H SIL-2 8,4 More info.
Reached SIL= SIL-1 Req. SIL = SIL-2
6- Selection of
Route 1H or 2H
Guide rev. 6 – SILcet 4.0 33
Sheet “SIL”: Macro to calculate PFD and MTTFS
Button to show
“Board of main
macros”

Comp1: To compare upto 5 SIFs.


Comp2: To analyze the behavior
To start a new project from of a SIF by changing main
scratch (it deletes all SIFs parameters.
Button to values except orange area).
calculate PFD
and MTTFS.
Click on this To draw Logic
button always of the SIF.
after modifying
any value on
sheet “SIL”.

To copy values Copy/Paste all SIL Calculator used


from one SIF values of sheet on sheet “SIL2”
to another. “SIL” from another
workbook. 34
Guide rev. 6 – SILcet 4.0
Sheet “SIL”: Checking of results

SIF results SIF tag = SIF-34


Req. SIL SIL-2 SIL = SIL-1 SIL (reached) PFDavg MTTFS (years)
Req. RRF 300 PFDavg 2,77E-02 Sensor SIL-2 7,06E-04 642
Used SIL range 27,7% RRF = 36 Logic solver SIL-3 5,68E-04 72
SIL (PFDavg) SIL-1 MTTFS (years) 8 Actuator SIL-1 2,64E-02 10
SIL (Arch.C.) SIL-2 SIL (SC) SIL-3 Other -- 0,00E+00 --

FITS (λ = FITS x 1E-9)


Total FITS SD SU DD DU
Sensor 550 550 550 550 Used for reports R1 & R2
Logic solver 10.906 574 10.906 574
Actuator 0 6.200 0 6.200 (if needed modify texts
Other 0 0 0 0 only in SIF-1).

SUM of all elements If reached SIL is lower than requested SIL


failure rates (per
subsystem) then modify data and update calculation.

Guide rev. 6 – SILcet 4.0 35


Site Safety Index

Site Safety Index is used by Exida© to adjust Steps to follows:


safety metrics used in the calculations of the
achieved SIL, depending on the performance of
the operations and maintenance activities of Make an evaluation of the
each specific site. With the same safety values site. For a rough estimate
(failure rates, tests interval, etc.) and the same
SIF we can reach a different SIL depending on of SSI go to this website.
the fulfillment of the O&M.
Enter the correction factors
There are five levels as follows:
into SILcet (in row 2 of
 SSI 4: Perfect site sheet “SIL”).
 SSI 3: Excellent site
 SSI 2: Typical site
 SSI 1: Medium site
 SSI 0: Weak site

Watch this Exida video for more info.

Guide rev. 6 – SILcet 4.0 36


Macros to hide columns on sheet “SIL”
Use these macros to hide or show some columns on sheet “SIL”.

Hide / Show
blue area

Hide / Show
green area

Hide / Show Hide / Show


orange area area for Logic
Diagrams
1oo1 1oo2 2oo2 2oo3 These 4 architectures are
1,86E-03 9,42E-05 3,72E-03 1,44E-04 always calculated for
comparison purposes.
5,57E-03 1,31E-04 1,11E-02 2,28E-04

1,10E-04 2,22E-06 2,21E-04 3,34E-06


1,05E-02 1,12E-03 2,09E-02 1,77E-03

Guide rev. 6 – SILcet 4.0 37


Calculate Beta Factor
(for common cause failures)

Guide rev. 6 – SILcet 4.0 38


Basic steps with the tool “Beta Factor”
Methodology recommended by IEC-61508 (part 6 – Annex D)
 Use Excel tool “Beta Factor” included with SILcet.

1- On sheet “Score” select the architecture of


each subsystem (sensor, logic solver, actuator)

Guide rev. 6 – SILcet 4.0 39


Basic steps with the tool “Beta Factor”
2- On sheet “Score”, answer all questions based
on your specific case.

Score S (X+Y) = 66,8 45,0 40,0


Select architecture > 1oo2 1oo2 1oo2
β of above architecture 2,0% 5,0% 10,0%

Project comments:
Logic subsystem Sensors Final elements

Sub-Totales (X / Y) = 35,25 31,5 18,5 26,5 16 24


Category XLS YLS XS YS XF YF
Separation/segregation
Are all signal cables for the channels routed
separately at all positions?
#### 1 1 #### 1 2 ### 1 2
Are the logic subsystem channels on separate
printed-circuit boards?
#### 2,5 0,5 #### ###

Are the logic subsystems physically separated in


an effective manner? For example, in separate
#### 2,5 0,5 #### ###
bi sensors/final elements have dedicated
If the
control electronics, is the electronics for each #### #### 2,5 1,5 ### 1,5 0,5
channel on separate printed-circuit boards?
If the sensors/final elements have dedicated
control electronics, is the electronics for each #### #### 2,5 0,5 ### 2,5 0,5
channel indoors and in separate cabinets?

Guide rev. 6 – SILcet 4.0 40


Basic steps with the tool “Beta Factor”

3- Result on sheet “Score”


Values to be entered into SILcet

Score S (X+Y) = 66,8 45,0 40,0


Select architecture > 1oo2 1oo2 1oo2
β of above architecture 2,0% 5,0% 10,0%

Project comments:
Logic subsystem Sensors Final elements

Sub-Totales (X / Y) = 35,25 31,5 18,5 26,5 16 24


Category XLS YLS XS YS XF YF

IMPORTANT: SILcet multiply automatically the entered β


by the factor of Table D.5, according to the architecture
used in each row. Therefore, enter always the β
calculated for the 1oo2 architecture.

Guide rev. 6 – SILcet 4.0 41


Basic steps with the tool “Beta Factor”

Tables recommended by IEC (on sheet “Tables”)


Table D.5 IEC-61508 -
Calculation of β for systems
Table D.4 IEC-61508 - Calculation of βint and βD int (1oo2) with levels of redundancy
Score (S or Sd) Corresponding value of βint and βd int greater than 1oo2
Architecture Factor
Sensors or final
>= < Logic subsystem
elements
1oo2 1
2oo2 0
120 999 0,5% 1,0% 2oo3 1,5
70 120 1,0% 2,0% 2oo4 0,6
45 70 2,0% 5,0% 1oo3 0,5
0 45 5,0% 10,0% 1oo4 0,3
3oo3 0
1oo5 0,2
βint (MooN)= βint (1oo2) x Factor 2oo5 0,4
3oo4 1,75
3oo5 0,8
IMPORTANT: SILcet multiply automatically the entered β 4oo5 2
by the factor of Table D.5, according to the architecture
used in each row. Therefore, enter always the β
calculated for the 1oo2 architecture.
Guide rev. 6 – SILcet 4.0 42
Generate Reports

Guide rev. 6 – SILcet 4.0 43


Sheets “Co”, “R1” & “R2”: Generation of Reports
There are 2 types of REPORTS:

Report 1 (sheet R1): 3/4 pages per SIF, customizable to include


all SIF information and Logic Diagrams.
Report 2 (sheet R2): 4 SIFs per page showing only a summary.

R2
Cover R1
Guide rev. 6 – SILcet 4.0 44
Video with < Video with example to create a compact Report
example 1. (typical for SILcet 4.0 Pro).

Video with < Video with example to create a complete Report


example2 . (typical for SILcet 4.0 Pro Plus).

Guide rev. 6 – SILcet 4.0 45


Sheets “Co”, “R1” & “R2”: Generation of Reports

Button “Reports” >

Report 1 Quick: to update


just the values of a
previous Report 1.
Report 1 has
many options
selectable by
the user.

Selections for
all Reports.
Reduce this
number if PC
performance is low
and report is long.

Guide rev. 6 – SILcet 4.0 46


Sheets “Co”, “R1” & “R2”: Generation of Reports
Reports are generated with SIFs data from sheets “SIL” & “CF”.
(sheet “Format” is also used).
Range of SIFs in the
report (enter just the
needed range for
faster calculations).
SIF Logic Diagram
Option (only for SILcet
4.0 Pro Plus)
See next page.

To include only
SIFs with marked
labels.
For deleting the values
and graphs of SIFs not
used in the report.
Guide rev. 6 – SILcet 4.0 47
Sheets “Co”, “R1” & “R2”: Generation of Reports
Headers: We can insert a Logo and
texts as in any Excel sheet.

This area is called “Summary”. It’s


copied from the sheet “Format”
where we can change the format if
needed.

This gray area is used for general data


or for some notes about the specific
SIF. Enter the text on sheet “Format”.

Guide rev. 6 – SILcet 4.0 48


Sheets “Co”, “R1” & “R2”: Generation of Reports

In this example we are including


on page 1:
-SIF Summary.
-Detail information (PFDavg,
MTTFS, HFT, SFF, etc.)
-Detail information (Cpt, TI, LT,
Beta, MTTRdd, MTTRs)
-Graph.

Video with
example 1.

These Tables contains data from the


SIF. We can select to be shown on first
page or on page 2.

We can select among


3 types of Graphs.

Guide rev. 6 – SILcet 4.0 49


Sheets “Co”, “R1” & “R2”: Generation of Reports

In this example we are including


on page 1:
-SIF Summary.
-Logic Diagram.
-Graph.

Video with
example2 .

In version SILcet 4.0 Pro Plus it’s


possible to include the Logic Diagrams
of the SIFs (see section DrawLogic for
more information).

Guide rev. 6 – SILcet 4.0 50


Sheets “Co”, “R1” & “R2”: Print out of Reports

Button “PRINT” >

Steps to create a PDF:


 1-Modify cover on sheet “Co”.
 2-Generate report R1 and/or R2.
 3-Open user-form on the right by
pushing the button PRINT.
 4-Mark the options (Cover, R1, R2).
 5-Enter number of pages to include
in the PDF.
 6-Push button “Print”.

In report 1 it’s possible to insert blank


pages after any SIF (see next slide)

Guide rev. 6 – SILcet 4.0 51


How to insert blank pages or sheet “CF” data in Report 1
S Select Select
Db sensor PT fs-worst PT-11
M
Db logicsolver Safety PLC - b SI-400F
M
Db actuator Final E. - b XV-11
Db actuator Relay fs XV-R-11
M
M
M
M
M
M
Print1
1 A na
To add a page with detail Mark this option to insert
information from sheet a page with information
“CF” (e.g.: Complex from sheet “CF”.
On sheet “SIL” enter Function “A”).
number of blank pages to
be inserted after the SIF
(1 or 2 blank pages).

Guide rev. 6 – SILcet 4.0 52


How to generate a report in any language

For creating a report in another language it’s just necessary to make a


few changes in the texts:

 Sheet “Format”: Change unlocked texts only in SIF-1 (range


D7:AP17). Change Headers of Tables (column AT).
 Sheet “CF”: Change unlocked texts only in CF-A (range BD16:GS26).
 Sheets “R1” & “R2”: Change texts in rows 1 to 4 which are shown
on all pages of the report.

Guide rev. 6 – SILcet 4.0 53


Draw SIF Logic

Guide rev. 6 – SILcet 4.0 54


Video 1
< Option 1 for most cases (typical most used architectures).
How to draw the SIF
Logic Diagram

Video 2
How to draw the SIF < Option 2 for more complex functions (we only need sheet “SIL”)
Logic Diagram

Video 3 < Option for sheet “CF” for complex functions


How to draw the SIF
Logic Diagram

Video 4
How to change the < Simple steps to change the language.
language of the Report

Guide rev. 6 – SILcet 4.0 55


Draw the SIF Logic Diagram on sheet “LOGIC”

< Button “DrawLogic”

1-Enter number of the SIF (from sheet “SIL”).


2-Click on button “DrawLogic”.
PT-11A
Input LOGIC SOLVER
SI-400F XV-11A
2oo3 1oo2 Output
PT-11B 1oo2D
Input Input Output
voting PLC voting XV-11B
group Model: group Output
PT-11C
Input

Go to Tags to know the options to show the Tag of each element.

Guide rev. 6 – SILcet 4.0 56


Draw the SIF Logic Diagram on sheet “LOGIC”
S Select Select PFDavg
The architectures used in the Logic Diagram
are the first one per subsystem. Db sensor 2oo3 2,37E-04
M 1oo1
Db logicsolver 1oo2D 3,63E-05
M 1oo1
First architecture of the actuator subsystem > Db actuator 1oo2 1,69E-03
Db actuator 1oo2 5,53E-06
M 1oo1
Important tip: When several elements are
M 1oo1
used in the same subsystem, it is best to
always start with the main element to obtain M 1oo1
the best results when drawing the Logical M 1oo1
Diagram of the SIF. M 1oo1
M 1oo1
PT-11A
Print1 1,97E-03
Input LOGIC SOLVER
SI-400F XV-11A
2oo3 1oo2 Output
PT-11B 1oo2D
Input Input Output
voting PLC voting XV-11B
group Model: group Output
PT-11C
Input

Guide rev. 6 – SILcet 4.0 57


Draw the SIF Logic Diagram on sheet “LOGIC”

S Select Select Select PFDavg


Db sensor PT fs-worst PT-11 2oo3 2,37E-04
Actuator Subsystem: In this example we M 1oo1
have an interposing relay plus the complete Db logicsolver Safety PLC - b SI-400F 1oo2D 3,63E-05
final element (solenoid+actuator+valve). M 1oo1
Db actuator Final E. - b XV-11 1oo2 1,69E-03
It’s recommended to start always with main Db actuator Relay fs XV-R-11 1oo2 5,53E-06
element, therefore we enter the relay as M 1oo1
second element of the actuator subsystem. M 1oo1
This way the Tags used are from the main M 1oo1
element. M 1oo1
M 1oo1
M 1oo1
Print1 1,97E-03

PT-11A
Input LOGIC SOLVER
SI-400F XV-11A
2oo3 1oo2 Output
PT-11B 1oo2D
Input Input Output
voting PLC voting XV-11B
group Model: group Output
PT-11C
Input

Guide rev. 6 – SILcet 4.0 58


Draw the SIF Logic Diagram on sheet “LOGIC”

Example 2 S Select Select Select PFDavg SIL (pfd)


Actuator Subsystem: In this example we Db sensor PT fs-best PT-11 2oo3 5,12E-05 4
enter one by one the elements of the M 1oo1
actuator subsystem. Db logicsolver Safety PLC - b SI-400F 1oo2D 4,43E-05 4
It’s recommended to start always with main M 1oo1
element. This way the Tags used are from M 1oo1
the main element. Db actuator F.B. valve -b XV-110 1oo2 1,02E-03 2
Db actuator Actuator -b actuator 1oo2 6,50E-04 3
Note: this way to calculate the PFDavg is not the Db actuator Solenoid-b solenoid 1oo2 1,80E-06 4
conservative approach. To get a more accurate result it’s Db actuator Relay fs relay 1oo2 1,40E-08 4
better to sum firstly the Failure Rates of all elements and M 1oo1
enter the total in one line. M 1oo1
M 1oo1
Print1 1,76E-03 SIL-2
PT-11A
Input LOGIC SOLVER
SI-400F XV-110A
2oo3 1oo2 Output
PT-11B 1oo2D
Input Input Output
voting PLC voting XV-110B
group Model: group Output
PT-11C
Input

Guide rev. 6 – SILcet 4.0 59


Draw the SIF Logic Diagram on sheet “LOGIC”

Is it possible to
draw a customized
Logic Diagram?

Guide rev. 6 – SILcet 4.0 60


Example 1

Let`s see how to draw this SIF:

Guide rev. 6 – SILcet 4.0 61


Is it possible to draw a customized Logic Diagram?

Use the LD button to hide/unhide columns AH:AJ (sheet “SIL”)

SIF-6
Example 1
6 SIF tag = Only for Logic Diagrams
On Tags "One by one"
S Select Arch Sensor Actuator Select
M sensor PT-100 2oo3
M sensor PT-ISO-100 (isolator) 2oo3
M logicsolver SI-400F 1oo2D
M 1oo1
M actuator XV-11 2oo2 1oo2
M actuator Pump 2oo2 1oo1
M 1oo1
M 1oo1 This option is
M 1oo1 normally use for
Enter N times the
M 1oo1 architectures NooN
same architecture to
M 1oo1 (N <= 5)
draw a MooN Logic
M
(N <= 5) 1oo1

Off

Guide rev. 6 – SILcet 4.0 62


Is it possible to draw a customized Logic Diagram?
6 SIF tag = SIF-6 Only for Logic Diagrams

S Select
On
Arch
Tags "One by one"
Sensor Actuator Select Example 1
M sensor PT-100 2oo3
M sensor PT-ISO-100 (isolator) 2oo3
M logicsolver SI-400F 1oo2D
M 1oo1
M actuator XV-11 2oo2 1oo2
M actuator Pump 2oo2 1oo1
M 1oo1
M 1oo1
M 1oo1
M 1oo1
M 1oo1
M 1oo1
XV-11A
Off
1oo2 Output
PT-100A
Input LOGIC SOLVER Output
SI-400F voting XV-11B
2oo3 2oo2 group Output
PT-100B 1oo2D
Input Input Output
voting PLC Group 1oo1
group Model: Pump
PT-100C Output Output
Input voting
group

Guide rev. 6 – SILcet 4.0 63


Is it possible to draw a customized Logic Diagram?
XV-11A
Example 2 1oo2 Output
PT-100A
Input LOGIC SOLVER Output
SI-400F voting XV-11B
2oo3 3oo3 group Output
PT-100B 1oo2D
Input Input Output
voting PLC Group 1oo1
group Model: Pump
PT-100C Output Output
Input voting
group

(to ESD) XS-12A


7 SIF tag = SIF-7 Only for Logic Diagrams 2oo2 Output
On Tags "One by one"
S Select Arch Sensor Actuator Select Output
M sensor PT-100 2oo3 voting (to ESD) XS-12B
group Output
M sensor PT-ISO-100 (isolator) 2oo3
M logicsolver SI-400F 1oo2D
M 1oo1
M actuator XV-11 3oo3 1oo2
M actuator Pump 3oo3 1oo1
M actuator (to ESD) XS-12 3oo3 2oo2
M 1oo1

Guide rev. 6 – SILcet 4.0 64


Is it possible to draw a customized Logic Diagram?
(1oo2) XS-14A/B
PT-100A
Input
Example 3 LOGIC SOLVER
5x1oo2
(1oo2) XS-15A/B
SI-400F Output (1oo2) XS-16A/B
2oo3 voting (1oo2) XS-17A/B
PT-100B 1oo2D group (1oo2) XS-18A/B
Input Input
voting PLC
group Model:
PT-100C
Input

8 SIF tag = SIF-8 Only for Logic Diagrams


On Tags "One by one"
S Select Arch Sensor Actuator Select
M sensor PT-100A/B/C PT-100A (1oo2) XS-14A/B 2oo3
M PT-100B (1oo2) XS-15A/B 1oo1
M logicsolver SI-400F PT-100C (1oo2) XS-16A/B 1oo2D
M (1oo2) XS-17A/B 1oo1
M (1oo2) XS-18A/B 1oo1
M 1oo1
M actuator XS-14/15/16/17/18 5x1oo2
Cells to enter Tags
M 1oo1 “one by one”.
M 1oo1
M 1oo1
Select “On” to
M 1oo1
Mtake the Tags 1oo1
one by one.
On

Guide rev. 6 – SILcet 4.0 65


How to draw Logic Diagrams from sheet “CF” ?

Example 4
LS-1A 1oo1
Input 1oo2 Contactor XS-1
Output Output
Input LOGIC SOLVER voting
LS-1B voting SI-400F group
Input group 1oo2 3oo3
1oo2D
Input Output 1oo1
SV-1A Group PLC Group Contactor XS-2
Input Model: Output Output
voting
group
SV-1B
Input 1oo4
1oo1
Input Sounder
SV-1C voting Output Output
Input group voting
group

SV-1D
Input
This is a Complex
Function calculated
on sheet “CF”.
Guide rev. 6 – SILcet 4.0 66
How to draw Logic Diagrams from sheet “CF” ?
LS-1A 1oo1
Input 1oo2 Contactor XS-1

Enter CF-A or cf-a or cfa to


Output Output
Input LOGIC SOLVER voting
LS-1B voting SI-400F group

Example 4
Input group 1oo2 3oo3

draw, in the sensor subsystem,


1oo2D
Input Output 1oo1
SV-1A Group PLC Group Contactor XS-2
Input Model: Output Output
voting

the logic diagram from sheet


group
SV-1B
Input 1oo4
1oo1

“CF”.
Input Sounder
SV-1C voting Output Output
Input group voting
group

SV-1D
Input

9 SIF tag = SIF-9 Only for Logic Diagrams


On Tags "One by one"
S Select Arch Sensor Actuator Select
Pfd sensor Complex Function A cf-a 1oo2
M 1oo1
M logicsolver SI-400F 1oo2D
M 1oo1
M 1oo1
M 1oo1
M 1oo1
M 1oo1
M actuator Contactor XS-1 3oo3 1oo1
M actuator Contactor XS-2 3oo3 1oo1
M actuator Sounder 3oo3 1oo1
M 1oo1

Guide rev. 6 – SILcet 4.0 67


How to draw unusual architectures?
TT-100A
Example 5
1oo6
TT-100B LOGIC SOLVER
TT-100C Input SI-400F XV-200A
TT-100D voting 1oo2 Output
TT-100E group 1oo2D
TT-100F Output
PLC voting XV-200B
Model: group Output

Use this “general


symbol” only in very
specific cases (e.g.: To draw the
1oo6, 1oo7, etc.) “general symbol”
enter “g NooM”

9 SIF tag = SIF-9 Only for Logic Diagrams


On Tags "One by one"
S Select Arch Sensor Actuator Select
M sensor TT-100 g 1oo6 1oo6
M 1oo1
M logicsolver SI-400F 1oo2D
M 1oo1
M 1oo1
M 1oo2D
M actuator XV-200 1oo2

Guide rev. 6 – SILcet 4.0 68


Options for the Tags in the Logic Diagrams
< Button “Reports”

Use these
selections to define
the source of the
TAGS used in the
Logic Diagrams.

Guide rev. 6 – SILcet 4.0 69


Options for the Tags in the Logic Diagrams

The Tag source is normally column J of sheet “SIL”.


We can add a Suffix (A-B-C…, or 1-2-3…).
When selecting “One by one” the Tag source of all SIFs is columns AI/AJ.
We can select the option “One by one” only for specific complex SIFs (by
using On-Off selection in column AH of sheet “SIL” (e.g.: cell AH22 for SIF-1)

Guide rev. 6 – SILcet 4.0 70


Change text of the Logic Solver

Text taken from Tag


column J (sheet
LOGIC SOLVER “SIL”)
SI-400F
Text taken from
1oo2D column AL (sheet
“SIL”)

PLC
Model:
These 2 texts can
be changed on
sheet “Symbols” ,
cells AR11/AR12

Guide rev. 6 – SILcet 4.0 71


Compare SIFs

Guide rev. 6 – SILcet 4.0 72


Comparison of SIFs

Button “Comp 1” >

1-Enter number of SIFs to


be compared.
2-If needed use the Excel
chart filters to hide series
or categories (on sheet
“Compare”).

Guide rev. 6 – SILcet 4.0 73


Comparison of SIFs – Create a PDF file

Use the Excel option “save as” and select PDF format.

Guide rev. 6 – SILcet 4.0 74


Analysis of SIF behavior

Guide rev. 6 – SILcet 4.0 75


SIF behavior when changing main parameters

Button “Comp 2” >

This function allows to


analyze the SIF behavior
when the main parameters
are changed. It automatically
makes 12 calculations of the
PFDavg.

Video with
examples

Guide rev. 6 – SILcet 4.0 76


SIF behavior when changing main parameters

Complete report of the calculations are shown on sheet “C2”.

Here we define if the


change is made to
Sensor, Actuator or
both.

We can define what


parameter to change
(TI, Cpt, DU/DD), and
the change step.

We can define if
“Undetected Failures”
(DU/SU) are converted
into “Detected Failures”
(DD/SD).
Guide rev. 6 – SILcet 4.0 77
SIF behavior when changing main parameters
Complete report of the calculations and both Graphs are shown on sheet “C2”.

SIF Tag: SIF-13 (sensor / actuator)


Description PFDavg MTTRs SIL (pfd) TI (mo) Cpt Beta SIL Achieved
1 (SIL-2) 6,08E-03 48 SIL-2 12 / 12 90% / 60% 5% / 10% SIL-2
2 (SIL-2) 5,57E-03 48 SIL-2 12 / 12 90% / 60% 5% / 10% SIL-2
3 (SIL-2) 5,08E-03 48 SIL-2 12 / 12 90% / 60% 5% / 10% SIL-2
4 (SIL-2) 4,60E-03 48 SIL-2 12 / 12 90% / 60% 5% / 10% SIL-2
5 (SIL-2) 4,14E-03 48 SIL-2 12 / 12 90% / 60% 5% / 10% SIL-2
6 (SIL-2) 3,69E-03 48 SIL-2 12 / 12 90% / 60% 5% / 10% SIL-2
7 (SIL-2) 3,26E-03 48 SIL-2 12 / 12 90% / 60% 5% / 10% SIL-2
8 (SIL-2) 2,84E-03 48 SIL-2 12 / 12 90% / 60% 5% / 10% SIL-2
9 (SIL-2) 2,44E-03 48 SIL-2 12 / 12 90% / 60% 5% / 10% SIL-2
10 (SIL-2) 2,05E-03 48 SIL-2 12 / 12 90% / 60% 5% / 10% SIL-2
11 (SIL-2) 1,68E-03 48 SIL-2 12 / 12 90% / 60% 5% / 10% SIL-2
12 (SIL-2) 1,32E-03 48 SIL-2 12 / 12 90% / 60% 5% / 10% SIL-2

(sensor / actuator in FITS)


Description PFDavg DU DD SU SD
1 (SIL-2) 6,08E-03 30 / 1500 570 / 0 30 / 1180 570 / 0
2 (SIL-2) 5,57E-03 30 / 1400 570 / 100 30 / 1080 570 / 100
3 (SIL-2) 5,08E-03 30 / 1300 570 / 200 30 / 980 570 / 200
4 (SIL-2) 4,60E-03 30 / 1200 570 / 300 30 / 880 570 / 300
5 (SIL-2) 4,14E-03 30 / 1100 570 / 400 30 / 780 570 / 400
6 (SIL-2) 3,69E-03 30 / 1000 570 / 500 30 / 680 570 / 500
7 (SIL-2) 3,26E-03 30 / 900 570 / 600 30 / 580 570 / 600
8 (SIL-2) 2,84E-03 30 / 800 570 / 700 30 / 480 570 / 700
9 (SIL-2) 2,44E-03 30 / 700 570 / 800 30 / 380 570 / 800
10 (SIL-2) 2,05E-03 30 / 600 570 / 900 30 / 280 570 / 900
11 (SIL-2) 1,68E-03 30 / 500 570 / 1000 30 / 180 570 / 1000
12 (SIL-2) 1,32E-03 30 / 400 570 / 1100 30 / 80 570 / 1100

Guide rev. 6 – SILcet 4.0 78


Calculate COMPLEX
CONFIGURATIONS on
sheet CF

Guide rev. 6 – SILcet 4.0 79


General guide to know when to use sheet “CF”.

Example. Use sheet “SIL”


Use sheet SIL Group1: NooM
Group1: 1oo2
(up to K=12) Group 2: NooM
Group 2: 1oo2

NooN

3oo3
Group 3: NooM
Group 3: 1oo1
……….
Group 4: --
Group K: NooM
Group 5: --

Example. Use sheet “CF”


Use sheet CF Group1: NooM
Group1: 1oo2
(up to K=5) Group 2: NooM
Group 2: 1oo2
NooM

2oo3
Group 3: NooM
Group 3: 1oo1
If N≠M use sheet ………….
Group 4: --
CF (if N=M better
to use sheet SIL) Group K: NooM
Group 5: --

Only use sheet CF when needed or for making a very accurate calculation
(PFDavg is calculated with integrals).

Guide rev. 6 – SILcet 4.0 80


Sheet “CF” to calculate PFDavg and MTTFS

Combined voted  10 complex functions.


group to be
 Up to 5 groups per combined group.
calculated
 For any subsystem (sensor, actuator, l.s.)

Sensor subsystem

Guide rev. 6 – SILcet 4.0 81


Sheet “CF”- Possible configurations
MooN: MooN: MooN:
MooN:
1oo1, 1oo2, 2oo2, 1oo2, 2oo2, 2oo3, 1oo3, 1oo1, 1oo2, 2oo2,
1oo2, 2oo2, 2oo3, 1oo3,
2oo3, , 1oo3, 3oo3, 1oo4, 1oo5, 2oo4, 2oo3, , 1oo3, 3oo3,
1oo4, 1oo5, 2oo4,
1oo4, 1oo5, 2oo4, 3oo3, 4oo4, 5oo5 1oo4, 1oo5, 2oo4,
3oo3, 4oo4, 5oo5
2oo5, 4oo4, 3oo4, 2oo5, 4oo4, 3oo4,
3oo5, 4oo5. 3oo5, 4oo5.

Same architectures can be


used for logic solver.

Contact us if you need


other architectures.

Guide rev. 6 – SILcet 4.0 82


Sheet “CF” to calculate PFDavg and MTTFS – Basic steps
2- Select 3A- Import of FITS 3B- Entry of FITS 4- Entry of
1- Select: Db, M subsystem (selection “Db”) (selection “M”) other data

S Select Select
Db sensor TT-worst TT-400A/B/C FITS Entry of
Db sensor FT fs-best FT-40A/B/C Entry of
M sensor Contactor XS-5
other data
Failure
na sensor TT-best (Cpt, TI, LT,
Rates (λ)
na sensor TT-best and SC β, MTTR)

sensor_c

5- Selection of
Select PFDavg STR Calculate? MTTFS
groups architectures
1oo2 8,82E-05 5,20E-06 yes 22
1oo2 8,82E-05 5,20E-06 yes 22 7- Enter these 2
1oo1 1,10E-02 2,60E-06 yes 44 values into SIF (on
1oo1 yes sheet “SIL”)
1oo1 yes
6- Selection of
combined voted 3oo3 1,12E-02 Select > Add STR 9
group architecture SIL-1

Method 2 > 1,12E-02 Factor Cf


SIL-1 1,00

Guide rev. 6 – SILcet 4.0 83


Sheet “CF” to calculate PFDavg and MTTFS
Example with 3 groups and a
combined 1oo3 architecture.

Select Select Select PFDavg STR Calculate? MTTFS PFS


sensor TT-worst 2oo4 5,50E-04 1,14E-07 yes 999 2,11E-05
sensor TS-best 1oo2 3,18E-05 1,17E-07 yes 976 1,20E-03
sensor PT-best 2oo3 3,03E-05 6,39E-09 yes 17.855 2,54E-06
sensor 1oo1 yes
sensor 1oo1 yes

sensor_c 1oo3 3,27E-13 Select > Add STR 480

Button to update calculations


of sheet “CF”. Click on this
button always after modifying
any value on sheet “CF”. Select method to calculate
Spurious Trip Rate (see
formulas document).

Guide rev. 6 – SILcet 4.0 84


Sheet “CF” to calculate PFDavg and MTTFS
Example with 3 groups and a
combined 1oo3 architecture.

Select Select SD SU DD DU Cpt TI (y) LT (y) β MTTRDD MTTRs Select PFDavg STR Calculate? MTTFS
sensor TT-worst 1700,0 1700,0 1700,0 1700,0 90% 1 15 5% 12 24 2oo4 5,50E-04 1,14E-07 yes 999
sensor TS-best 0,0 60,0 0,0 60,0 90% 1 15 5% 12 24 1oo2 3,18E-05 1,17E-07 yes 976
sensor PT-best 90,0 90,0 90,0 90,0 90% 1 15 2% 12 24 2oo3 3,03E-05 6,39E-09 yes 17.855
sensor 90% 1 15 0% 24 1oo1 yes
sensor 90% 1 15 0% 24 1oo1 yes

sensor_c 1700,0 1700,0 1700,0 1700,0 90% 1 15 0,0% 1oo3 3,27E-13 Select > Add STR 480

Select method to calculate


These values are ONLY used to Spurious Trip Rate (see
calculate the common cause formulas document).
term of the combined group.

Button to update
calculations of sheet “CF”.

Guide rev. 6 – SILcet 4.0 85


Create a Data Base of
failure rates

Guide rev. 6 – SILcet 4.0 86


Create a Data Base of failure rates and other values
 There are 4 sheets to enter safety data of user most used components: SENSOR,
LOGICSOLVER, ACTUATOR, OTHER.
 Data sources: Previous projects, real data of the Plant, databases of OREDA, Exida, etc., data
of the safety certificates, data of the safety manual of the manufacturer, high bounds (worst
case) and low bounds (best case) data for device type, etc.
Optional: Description
Short text to be
(short or long) and
shown in the drop
other data
down selection of
sheets “SIL” & “CF”

Selection text
in sheet SIL Description Manufacturer Category Type Other
PS-worst PS - worst case PS Switch Mechanical
PS-best PS - best case PS Switch Mechanical
PT-worst PT - worst case PT Smart
PT-best PT - best case PT Smart
PT fs-worst PT (safety) - worst case PT Safety Certified
PT fs-best PT (safety) - best case PT Safety Certified

Guide rev. 6 – SILcet 4.0 87


Create a Data Base of failure rates and other values

Type (important SC (important


data for data for
Architectural Systematic
Constraints SIL Capability SIL
Failure Rates Data requirement). requirement).

Selection text FITS (λ = FITS x 1E-9) A=1;B=2


in sheet SIL SD SU DD DU Type SC Cost/u
PS-worst 0 1100 0 1100 1
PS-best 0 60 0 60 1
PT-worst 550 550 550 550 2
PT-best 90 90 90 90 2
PT fs-worst 3040 160 3040 160 2 3
PT fs-best 570 30 570 30 2 3

All these values can be imported automatically by the Optional: cost


macros that calculate PFDavg and MTTFS in the SIL and CF per unit
sheets. To do this, select the option "Db" in column G.

Guide rev. 6 – SILcet 4.0 88


End

Guide rev. 6 – SILcet 4.0 89


Slides with detailed information.
These slides are used to explain some
topics more in detail. We recommend to
use the links for a better navigation through
the document.

Sheet “SIL”: Basic data needed


to calculate PFD and MTTFS

Return

Guide rev. 6 – SILcet 4.0 90


Sheet “SIL”: Select the mode to enter failure rates

Select one of the following options:


Db: For importing failure rates and other
data (in blue area) from Data Base sheets
(sensor, logicsolver, actuator, other).
M: Option to enter manually the data of
cells K:S (blue area): failure rates and
other.

Pfd: Option to enter manually the PFD


and MTTFS values (calculated in sheet CF
or with other tool). In this case the values
of cells K:N are not considered to calculate
PFD and MTTFS. PFD values must be
entered in cells AM, and MTTFS values in
AS. Also check if SFF value must be or not
entered manually in field "SFF man".
Return

na: not applicable. The row is not used.

Guide rev. 6 – SILcet 4.0 91


Sheet “SIL”: Select the mode to enter failure rates

Drop down menu to select the


element entered on sheet “sensor”,
“logicsolver”, “actuator” or “other”.

This option imports the failure rates


and other data from the Data Base
sheets fill out by the user.
Select Db to
import data.

Return

Guide rev. 6 – SILcet 4.0 92


Sheet “SIL”: Entry of Failure Rates of the SIF

 Failure Rates are in FITs (rates per billion hours)


 Type of element (1 for type A, 2 for type B) is used for “Architectural Constraints”
SIL calculation (Tables 3&4 on sheet “SIL”).
 SC (Systematic Capability): 1, 2 , 3 or none.

FITS (λ = FITS x 1E-9)


SD SU DD DU Type SC Cost/u
570 30 570 30 2 3
912 48 912 48 2 3
0 6200 0 6200 1

Return

Guide rev. 6 – SILcet 4.0 93


Sheet “SIL”: Entry of other data of the SIF

 Cpt: Proof Tests Coverage


 TI in years: Test Interval
 LT in years: Life Time of the SIF
 β: Beta factor for common cause failures.
 MTTR: Mean Time To Repair (only for dangerous detected failures)
 MTTRs: Mean Time To Repair a safe failure (used to calculate MTTFS)

Cpt TI (y) LT (y) β MTTRDD MTTRs OnOff Select


90% 3 15 5% 8 24 1 2oo3
90% 3 15 2% 8 24 0 1oo2D
80% 3 15 10% 8 24 1 1oo2

All these values must


be entered manually.

Return

Guide rev. 6 – SILcet 4.0 94


Sheet “SIL”: Selection of Architecture

 Select the architecture for each row (sensors, logic solver, actuator).
 In case of architectures “1oo2div” and “2oo2div”, the calculations are
made with 2 diverse components (odd row and even row).

For complex configurations of sensors


Return
or final elements use the sheet “CF”.

Guide rev. 6 – SILcet 4.0 95


Sheet “SIL”: Selection of Route 1H or 2H

Drop down menu to select Route 1H or 2H.


Route 1H use Tables 2, 3 & 4.
Route 2H use only Table 2.
Return

Guide rev. 6 – SILcet 4.0 96


Tables used on sheets “SIL” & “SIL2” – Table 1

Table 1A - Dangerous Failures Limits per Hour (Low demand mode)

PFDavg RFF
SIL >= < > <=
1 0,01 0,1 10 100
2 0,001 0,01 100 1000
3 0,0001 0,001 1000 10000
4 0 0,0001 10000 --

Table 1B - Dangerous Failures Limits per Hour (High demand mode)

PFH Max. 1 dangerous


SIL >= < failure per…(hours)
1 1E-06 1E-05 100.000
2 1E-07 1E-06 1.000.000
3 1E-08 1E-07 10.000.000
4 0E+00 1E-08 100.000.000
Return

Guide rev. 6 – SILcet 4.0 97


List of Architectures (sheets “SIL” & “SIL2”).

Table 2 - Safety Architectures versus Hardware Fault Tolerance


Route 2H
Low demand High demand
Route 1H Maximum Maximum PFDavg for Low Demand.
HFT HFT SIL SIL PFH for High Demand.
1oo1 0 0 2 1
1oo2 1 1 3 3
2oo2 0 0 2 1
2oo3 1 1 3 3
2oo4 2 2 4 --
1oo2div 1 1 3 --
2oo2div 0 0 2 --
1oo2R 1 1 3 --
2oo2S 1 1 3 --
More complex
1oo2D 1 1 3 3 configurations on
1oo3 2 2 4 4
1oo4 3 3 4 --
sheet “CF”
1oo5 4 4 4 --
3oo3 0 0 2 1
4oo4 0 0 2 1
2oo5 2 2 4 --
Modificable
5x1oo2 1 1 3 --
Kx1oo2
3oo4 1 1 3 --
3oo5 2 2 4 --
4oo5 1 1 3 -- Return
1oo6 5 5 4 --

Guide rev. 6 – SILcet 4.0 98


Tables used on sheets “SIL” & “SIL2” – Table 3 & 4

Architectural Constraints - Route 1H


Type A element (=type 1) Table 3
SFF HFT
>= < 0 1 2 3 4
0% 60% 1 2 3 4 4
60% 90% 2 3 4 4 4
90% 99% 3 4 4 4 4
99% 100% 3 4 4 4 4

Type B element (=type 2) Table 4


SFF HFT
>= < 0 1 2 3 4
0% 60% 0 1 2 3 4
60% 90% 1 2 3 4 4
90% 99% 2 3 4 4 4
99% 100% 3 4 4 4 4

Return

Guide rev. 6 – SILcet 4.0 99


Enter PFD or add bypass
probability

Guide rev. 6 – SILcet 4.0 100


Sheet “SIL”: Enter PFD or add bypass probability
S Select Select SD SU DD DU Type SC
M sensor LT-2A 1500 100 1500 100 2 3
M
Db logicsolver PLC_sif1 PLC (fs) 4000 300 4000 300 2 3
M
Db actuator Relay_sif1 XS-2A (relé) 700 6 1 3
Db actuator XV-2-sif1 XV-2A 1000 306 1 3
Pfd actuator Bypass 3

Select here “Pfd” in the following cases: When selecting “Pfd” then the
1- To enter directly the values of PFD and MTTFS calculation of the row is not made.
(calculated externally or calculated on sheet “CF”). It’s useful to enter directly the
2- To add a new term of PFD, for example, for adding the PFD/MTTFS values or for adding
manually other terms to be
term “PTD/TI” when overriding the SIF with a manual
considered in the calculations.
bypass (PTD= Proof Test Duration; TI= Test Interval for
periodic tests).

Guide rev. 6 – SILcet 4.0 101


Sheet “SIL”: Enter PFD or add bypass probability
S Select Select SD SU DD DU Type SC
M sensor LT-2A 1500 100 1500 100 2 3
M
Db logicsolver PLC_sif1 PLC (fs) 4000 300 4000 300 2 3
M
Db actuator Relay_sif1 XS-2A (relé) 700 6 1 3
Db actuator XV-2-sif1 XV-2A 1000 306 1 3
Pfd actuator Bypass 3

Report Select PFDavg SIL (pfd) HFT SFF man SFF SIL (arch) MTTFS
2oo3 1,44E-04 3 1 96,9% 3 835
1oo1 -- 0 -- -- --
Enter any text 1oo2D 2,59E-04 3 1 96,5% 3 159,2
here (e.g., enter 1oo1 -- 0 -- -- --
“Bypass” to replace 1oo2 2,22E-06 3 1 99,2% 4 82
“1oo1” by “Bypass” 1oo2 1,12E-03 2 1 76,6% 3 60
(in report R1) Bypass 1oo1 4,57E-04 3 0 100,0% 100,0% 3 --
1,98E-03 SIL-2 Route 1H SIL-3 27,6
Reached SIL= SIL-2 Req. SIL = SIL-2 Ok
In the case of
Enter the value a bypass, this
PTD/TI (e.g., 4 hours In the case of a should be 0.
divided by 8760) bypass, enter
here 100%.

Guide rev. 6 – SILcet 4.0 102


Import all SIF data from
another Excel

Guide rev. 6 – SILcet 4.0 103


Import all SIF data from another Excel

Button “Import” >

1- Open first the another SILcet Excel file with 3-Select any cell on the source file (+OK).
the data to be imported.

2-Then click on “Import” and “Yes”.

Also it’s possible to import values of sheets CF,


SENSOR, LOGICSOLVER, ACTUATOR, OTHER (just
follow instructions on the messages).

When using this option it’s recommended to close all


Windows applications except both SILcet Excel files.
Guide rev. 6 – SILcet 4.0 104