Safety Instrumented Systems (SIS) are crucial in modern industry, especially in high-risk sectors such as chemical, power, and petrochemical industries. Safety Integrity Level (SIL) is a key indicator for measuring the safety and reliability of SIS.
As SIL 3 has become a frequently discussed topic in safety-critical systems, it is particularly important to understand the definition, levels, and applications of SIL, as well as the specific meaning and applicable scenarios of SIL 3. This article will help you fully grasp the relationship between SIS and SIL, with a focus on the importance of SIL 3, aiming to assist you in making appropriate choices in practical applications.
A Safety Instrumented System (SIS) is a system designed to implement one or more Safety Instrumented Functions (SIFs).
Composed of measuring instruments, logic controllers, actuators, final control elements, and related application software, the main task of SIS is to monitor process operations and take timely measures to prevent accidents when hazards occur.
A Safety Instrumented Function (SIF) is a specific safety function performed by an SIS. It is used to monitor unsafe conditions in the process and take corresponding control measures, such as emergency shutdown, power cutoff, and activation of pressure relief devices.
In the above definitions, we encounter a certain degree of "circular definition"—a safety instrumented function is implemented by a safety instrumented system, and a safety instrumented system is used to implement safety instrumented functions. This circular definition points to the interdependent relationship between the system and its functions. However, this way of defining helps us understand the close connection and implementation path between the system and its functions.
Safety Integrity Level (SIL) is a measure of the ability of a Safety Instrumented Function (SIF) to reduce specific risks.
There are four SIL levels, ranging from SIL 1 to SIL 4, with SIL 4 being the highest level, indicating the lowest failure probability and the highest system reliability. The higher the SIL level, the higher the safety requirements for the system, enabling it to operate in more complex and hazardous environments.
SIL levels are typically associated with PFDavg (Average Probability of Dangerous Failure on Demand) and PFH (Frequency of Dangerous Failure per Hour). Each SIL level has corresponding standard requirements, as follows:
These levels assist design teams in evaluating the reliability requirements and required safety levels of the system.
Difference between SlL, SlF& SlS
| TERMS | SIL | SIF | SIS |
|---|---|---|---|
| Definition | Safety Integrity Level (SIL) is a measure of how reliable a safety function needs to be in preventing failures and reducing risks. | A Safety Instrumented Function (SIF) is a specific action performed by a Safety Instrumented System (SIS) to keep a process safe. | A Safety Instrumented System (SIS) is a system with multiple safety functions (SIFs) to monitor and control processes for safety. |
| Levels/ Components | SIL has four levels (SIL 1 to SIL 4), with SIL 4 being the highest safety level and SIL 1 the lowest. | A SIF uses sensors to detect hazards, a logic solver to make decisions, and final elements like valves to ensure safety. | An SIS includes all the hardware and software, like sensors and actuators, needed to perform safety functions. |
| Purpose/ Example | SIL levels specify the required performance for a SIF to reduce risk. | Examples of SIFs include emergency shutdown functions, fire suppression activation, or pressure relief systems. | The SIS is designed to prevent hazardous impacts through installation, operation, and maintenance. |
| Relationship | Measure of the required reliability and performance of a SIF. | Specific function performed by an SIS to ensure safety. | The complete system that encompasses multiple SIFs. |
| Key Role | Determine the level of safety required. | Execute specific safety actions to mitigate hazards. | Implement and manage safety functions. |
According to IEC 61511 and VDI/VDE 2180-1 standards, there are some Low Integrity Safety Functions (LIFs) that do not require high-integrity protection. These functions have a Risk Reduction Factor (RRF) of less than 10 and typically do not need to be implemented in safety systems.
Although these safety functions do not require complex SIS protection layers, they still assume certain basic safety responsibilities. In SIL analysis, functions rated as SIL-a, SIL-0, and SIL-1 are generally considered low-risk scenarios. In these scenarios, functions such as tripping and shutdown can be completed through existing control systems without the support of high-integrity safety systems.
The design and application of these low-integrity safety functions are reasonable, especially considering the potential "overload" issue that high-integrity systems may face. In some cases, performing these functions with sufficient reliability through control systems can not only meet risk acceptance criteria but also avoid excessive investment.
The IEC standard defines SIL-a and SIL-0, while VDI/VDE provides alternatives for SIL-0 and SIL-1#. Although there are differences in terminology between the two, they are essentially low-integrity safety functions, requiring a low Risk Reduction Factor (< 10) and not needing to be implemented in safety systems.
SIL 3 is one of the safety integrity levels defined in the IEC 61508 standard. It requires a Risk Reduction Factor of 1,000 - 10,000 for on-demand failures and a failure probability of 10⁻⁸ - 10⁻⁷ per hour. SIL 3 is typically applied in high-risk environments such as petrochemical, chemical processing, and power plants. The importance of SIL 3 lies in its ability to effectively reduce risks associated with specific hazards to an acceptable level.
Although SIL 3 equipment may seem redundant, especially in low-risk environments, using SIL 3 equipment can bring significant safety improvements in certain cases. For example, it can extend the T-proof test interval (test verification time), thereby improving the efficiency of detecting hidden failures.
SIL 3 is not rated for individual equipment but for the functions performed by the equipment, ensuring that it can provide sufficient safety guarantees in high-risk environments. For equipment selection, SIL 3 implies higher reliability requirements and redundant design, and the equipment is usually more expensive. However, this is a necessary investment for critical applications.
Implementing and maintaining SIL 3 requires additional investment. In addition to the initial equipment procurement costs, SIL 3 also requires the operation team to possess specific skills, which means additional costs for training and personnel management. Furthermore, SIL 3 equipment typically has higher design and testing requirements, so its cost is higher than that of conventional equipment.
However, the cost of SIL 3 is worthwhile compared to potential risks and possible losses. Especially in high-risk environments, the cost of not implementing SIL 3 may far exceed the cost of implementation. SIL 3 can not only improve system safety but also reduce the likelihood of accidents, ensuring the safety of personnel, equipment, and the environment during the production process.
SIL grading is not only a technical issue but also a comprehensive risk management process. By using methods such as HAZOP (Hazard and Operability Study) and LOPA (Layer of Protection Analysis), potential hazards in the process can be systematically analyzed, and the required SIL level can be determined. The selection of SIL level needs to consider the type of risk, probability of occurrence, consequences of accidents, and required risk reduction levels.
When designing an SIS, it is crucial to distinguish between safety-critical and non-safety-critical components. Safety-critical components refer to those measurement variables and actions that are essential for safety, such as temperature and pressure sensors and emergency shutdown systems. Non-safety-critical components, on the other hand, are those that do not directly affect system safety and have no direct impact on the safety of the process.
Standards such as GB/T 21109.1-2022 detail the framework and requirements for SIS design, helping enterprises follow scientific and systematic design specifications when implementing SIS to ensure that SIL level and functional requirements are met.
SIL levels, especially SIL 3, can effectively improve system safety when applied in high-risk environments. Although the implementation cost of SIL 3 is relatively high, it is crucial for preventing safety accidents, reducing risks, and ensuring production safety in specific scenarios.
When deciding whether to adopt SIL 3, enterprises should comprehensively consider risk assessment, cost-benefit analysis, and long-term safety guarantees. With the development of industrial technology, the application of SIL will be promoted in more fields, and new technologies and methods will further improve the effectiveness and reliability of safety instrumented systems.
