SIL in Process Industry
Published on : Sunday 04-07-2021
Rasikendra Chauhan discusses the basic safety and SIL requirement and their definitions to design and optimise process safety.
With the increased risk of Hydrocarbon and Toxic Hazards, Focus on Safety and Environment protection, it became a necessity and mandatory to have some trusted methods which can be implemented to make the overall process reliable, robust and safe while taking the overall costing also into consideration.
Safety and reliability are implemented using the corporate standards and as defined in the IEC and IS standards, identified elsewhere in this paper. Well-designed instrumented systems used for safety or critical control applications seek the balance of safety and reliability by considering appropriate voting, high self-diagnostic coverage in field sensors, logic solvers, and final elements.
In this paper we will discuss the basic safety and SIL requirement and their definitions, which will be helpful to design and optimise process safety and offer some guidance in the selection process.
We will start with the basics of SIL followed by definition and some examples of hazards.
Why SIL in the process industry?
The process industry involves the following, which makes it unsafe if left unchecked:
1. High temperature, high pressure.
2. Explosive atmosphere due to presence of hydrocarbons and other toxic gases or liquids.
3. Irradiated locations.
4. Because basic control is used for controlling process variables.
5. Alarm although an integral part of the basic control system is a reactive event.
6. Hence, the basic control system maintains a PV within specified limits but is not sufficient to maintain safety.
What steps are required to take action to control?
1. We need to know the danger
2. We need to know the probability
3. We need to know the risks involved
4. We analyse that data, and
5. We finally come up with conditions that can maintain safety.
Methodologies used for determining SILs include, but are not limited to:
a. Consequence only
b. Risk Graph
c. Layered Risk Matrix
d. Risk matrix
e. Layer of protection, and
f. Fault tree analysis.
SIL (Safety Integrity Level)
SIL stands for Safety Integrity Level. A SIL is a measure of safety system performance, or Probability of Failure on Demand (PFD) for a SIF or SIS.
There are four discrete integrity levels associated with SIL. The higher the SIL level, the lower the PFD for the safety system and the better the system performance. It is important to also note that as the SIL level increases, typically the cost and complexity of the system also increase.
A SIL level applies to an entire system not to Individual products or components.
Safety integrity
Average probability of a SIS satisfactorily performing the required safety functions under all the stated conditions within a stated period of time.
Safety Instrumented System (SIS)
Instrumented system used to implement one or more safety instrumented functions (SIF). A SIS is composed of any combination of sensor(s), logic solver(s) and final element(s). The definition is used in ANSI/ISA84.0S1 and IEC61511, and it is equivalent to the IEC61508 “E/E/PE Safety Related System”.
Safety Instrumented Function (SIF)
Safety function with a specified safety integrity level which is necessary to achieve functional safety and which can be either a safety instrumented protection function or a safety instrumented control function. A function comprises one or more initiators, a logic solver and one or more final elements.
Safety Integrity Level (SIL)
Discrete level (from one to four) for specifying the safety integrity requirements of the safety instrumented functions to be allocated to the safety instrumented systems. Safety integrity level 4 has the highest level of safety integrity; SIL1 has the lowest.
SIL: A way to indicate the tolerable failure rate of a particular safety function. It is defined as four discrete levels of safety (1-4). Each level represents an order of magnitude of risk reduction.
The higher the SIL level, the greater the impact of a failure and the lower the failure rate that is acceptable. SIL values are related to PFD and SFF. The claimed SIL is limited by the calculated PFD and SFF.
PFD (Probability of Failure on Demand): the probability a device will fail to perform its required function when it is called upon to do so. The average PFD (PFDavg – failure rate of all elements within a Safety Instrumented Function) is used for SIL evaluation.
SFF (Safe Failure Fraction): A number that shows the percentage of possible failures that are self-identified by the device or are safe and have no effect. The key number in this calculation is Dangerous Undetected failures – those that are not identified and do have an effect.
SIL levels, PFD and associated RRF
RRF is Risk Reduction Factor and PFD is Probability of Failure on Demand when required.
1. SIL levels are used when implementing a SIF that must reduce an existing intolerable process risk level to a tolerable risk range which is also called ALARP (As Low As Reasonably Possible).
2. The acceptance of a SIL 1 SIS means that the level of hazard or economic risk is sufficiently low and that a SIS with an availability of 90% (or 10% chance of failure) is acceptable.
For example, consider the installation of a SIL 1 SIS for a high level trip in a liquid tank. The availability of 90% would mean that, out of every 10 times that the level reached the high level trip point, there would be one predicted failure of the SIS and subsequent overflow of the tank. This may be the acceptable risk for some applications hence does not require any complexity.
3. What does SIL mean? It should be understood that SIL and availability are simply statistical representations of the integrity of the SIS when a process demand occurs
Why are Safety Integrity Levels (SILs) important?
A. Business benefits can be obtained through the use of Safety Integrity Level (SIL) Assessments; they reduce the number of false and unnecessary alarms and nuisance trips.
B. SIL’s allow the declassification of some trips and the lengthening of test intervals in others, this in turn reduces the cost associated with trip testing. Additionally Legal and statutory compliances require the process to be inherently safe.
What are the benefits of functional safety and SIL determination?
1. Demonstrates compliance with regulations.
2. Proven to reduce the number of false and unnecessary alarms and nuisance trips.
3. Helps protect your license to operate.
4. Helps develop safer processes.
5. Reduces operating costs, thereby increasing efficiency and profitability.
6. Helps raise stakeholder and public confidence.
What is a SIF?
SIF stands for Safety Instrumented Function. A SIF is designed to prevent or mitigate a hazardous event by taking a process to a tolerable risk level. A SIF is composed of a combination of logic solver(s), sensor(s), and final element(s). A SIF has an assigned SIL level depending on the amount of risk that needs to be reduced. One or more SIFs comprise a SIS.
One loop within the SIS which is designed to achieve or maintain a safe state. A SIF’s sensors, logic solver, and final control elements act in concert to detect a hazard and bring the process to a safe state. What devices are used in the SIF are based on their required SIL.
How do we analyse process risk?
Hazards Analysis: The levels of protective layers required is determined by conducting an analysis of a process’s hazards and risks known as a Process Hazards Analysis (PHA).
Depending upon the complexity of the process operations and the severity of its inherent risks, such an analysis may range from a simplified screening to a rigorous Hazard and Operability (HAZOP) engineering study, including reviewing process, electrical, mechanical, safety, instrumental and managerial factors.
Once risks and hazards have been assessed, it can be determined whether they are below acceptable levels. If the study concludes that existing protection is insufficient, a Safety Instrumented System (SIS) will be required
The philosophy of the standards suggests that a SIS or SIF should be implemented only if there is no other non-instrumented way of adequately eliminating or mitigating process risk.
Specifically, the (IEC 61511 Mod) recommends a multi-disciplined team conducts a process hazard analysis, designs a variety of layers of protection (i.e., LOPA), and finally implements a SIS when a hazardous event cannot be prevented or mitigated with something other than instrumentation.
Safety integrity levels are assigned after the process hazards analysis (PHA) has concluded that a safety instrumented system is required. A PHA is performed to identify potential hazards in the operation of a refining, chemical, or petrochemical process. PHAs range from the very simple screening analysis to the complex Hazard and Operability Study (HAZOP).
When do I need a SIF or a SIS?
The philosophy of the standards suggests that a SIS or SIF should be implemented only if there is no other non-instrumented way of adequately eliminating or mitigating process risk.
Specifically, the ANSI/ISA-84.00.01-2004 (IEC 61511 Mod) recommends a multi-disciplined team approach that follows the Safety Lifecycle, conducts a process hazard analysis, designs a variety of layers of protection (i.e., LOPA), and finally implements a SIS when a hazardous event cannot be prevented or mitigated with something other than instrumentation.
SIL (Safety Integrity Level) and SFF (Safe Failure Fraction) are two of the key values that customers can use as an objective comparison of instrument reliability from various supplier
Conclusion
This paper has attempted to guide the reader through the basic steps of Functional Safety and SIL for designing critical control or safety systems for safety AND reliability.
The most efficient way to accomplish this task is:
a. To utilise a method of identifying the failures in the system
b. By examining voting schemes for sensors, Logic solver and final elements and applying them, and
c. Examine field device MTBF and testing intervals as methods to improve system performance.
Rasikendra Chauhan is Associate Chief Engineer, Instrumentation Control & Telecom at Technip Energies. A B.Tech in Instrumentation & Control, he has around 22 years of experience in Offshore/Onshore – Oil and Gas, Refineries, Petro Chemicals and Fine Chemicals Industries, having worked with ABB, Tecnimont and SK Engg. Rasikendra has worked on control systems of different vendors (ABB/Yokogawa/Honeywell/Emerson/Siemens/Schneider Electric); emergency shut down system, distributed control system and fire and gas system; HIPPS – High Integrity Pressure Protection system, complex multi-tier SCADA and various telecom systems for onshore/offshore.
