Facts at your Fingertips: Safety Instrumented Systems and Risk - Chemical Engineering | Page 1

(chemengonline.com)

Facts at your Fingertips: Safety

Instrumented Systems and Risk
October 1, 2019 | By Scott Jenkins, Chemical Engineering magazine

Within the chemical process industries (CPI), the need to design safety systems to prevent
process failures from occurring, or to control them when they do, is well recognized, as is the
importance of having confidence in the safety systems that are put in place. However, when
formalized, the specific terminology, definitions and concepts are sometimes misunderstood,
misinterpreted or implemented incorrectly. Provided here is a review of terms and definitions
related to determining safety integrity levels (SILs).

Functional safety standards

Functional safety refers to the ability of safety-relevant electronic devices to respond reliably
and verifiably to signals that they receive. Industry experts have addressed functional safety
and formalized an approach for reducing risk in process plants through the development of
industry consensus standards. Those most relevant for the CPI include IEC 61508, IEC
61511, and ANSI/ISA 84, developed by the International Electrotechnical Commission (IEC;
Geneva, Switzerland; www.iec.ch) and the International Society of Automation (Research
Triangle Park, N.C.; www.isa.org). IEC says the aim of functional safety is to reduce safety
risks to tolerable levels and reduce the negative impacts of safety failures. The standards
mentioned here emphasize quantitative risk reduction, lifecycle considerations and general
practices, while acknowledging that a system with zero risk is not possible. Functional safety
is measured by assessing how likely it is that a particular adverse safety-risk event will occur
and how severe it would be (how much harm it could cause).
SIF, SIS and SIL
A safety instrumented function (SIF) refers to the means by which the risk of a particular
safety hazard is reduced automatically by the sensors, logic solvers and final elements (for
example, safety relief valve) that are used. A safety instrumented system (SIS) is the safety
system used to implement a SIF. The safety integrity level (SIL) is a measure of safety
system performance, in terms of the probability of failure on demand (PFD). SIL is intended
as a shorthand indicator for quantifying the risk-reduction capacity of a safety system. The
SIL category of a system is generated by combining the likelihood of a safety failure with the
consequences of a failure. There are four discrete integrity levels associated with SIL: SIL 1,
SIL 2, SIL 3 and SIL 4. The higher the SIL level, the higher the associated safety level, and
the lower probability that a system will fail to perform properly. As the SIL increases,
typically the installation and maintenance costs increase, as does the complexity of the
system.

To determine SIL categories, a risk matrix is constructed that matches likelihood of

occurrence against the consequences of the event. The likelihood ranges from frequent to
incredible, and the consequences range from negligible consequences to catastrophic. The
four SIL categories are shown in Tables 1 and 2. For systems that operate intermittently, PFD
is used, while probability of failure per hour (PFH) is used for continuously operating
systems.
End-user responsibility
A SIL rating applies to SIFs and SISs, and is not assigned to individual products or
components. Rather, products and components are said to be suitable for use within a given
SIL environment. The end user of the sensors, logic solvers and final elements are
responsible for implementing the safety system correctly, so that it achieves the risk reduction
that is sought. Having components that are suitable for SIL 3, for example, does not, on its
own, ensure that the system will achieve SIL 3.

Risk tolerance is subjective and site-specific. Each owner/operator needs to determine the
acceptable level of risk to personnel and capital assets based on company philosophy,
insurance requirements, budgets, and a variety of other factors. A risk level that one owner
determines is tolerable may be unacceptable to another owner.

When determining which SIL is needed for a given system, the first step is often conducting a
process hazard analysis (PHA). This will assist in determining the functional safety need and
in identifying the tolerable risk level. The degree of risk reduction and mitigation due to the
basic process control system (BPCS) and other layers of protection are taken into account.
Then, plant operators compare the residual risk against their risk tolerance. If the risk level
remains unacceptably high, a risk-reduction factor (RRF) is determined and a SIS/SIL
requirement is calculated (RRF is the inverse of the PFD for the SIF/SIS).

References
1. McIntyre, C. and Hedrick, N., Managing SIS Process Measurement Risk and Cost, Chem.
Eng., August 2016, pp. 51–57.

2. Klein, M., The Value of Safety Instrumented Systems, Chem. Eng., March 2019, pp. 50–
51.

3. International Electrotechnical Commission (IEC), Functional Safety, IEC Brochure, IEC,

Geneva, Switzerland, www.iec.ch, 2015.
4. General Monitors Inc., SIL Information, published
at: www.gmigasandflame.com/sil_info_101.html, 2008.

5. Pierce, S., United Electric Controls, Introduction to Safety Instrumented Systems, Webinar
Slides, 2014.