Machine Safety Integrity Level SIL
A quick google search tells us that Sil level is about probability of failure but what does it mean in terms of process engineering? I have written this brief article focusing on how expression SIL and IEC 61508 applies to our field of work.
What is SIS
If an instrument is SIS rated i.e. Safety Instrumented System, then it is used to secure a hazardous process and reduce his of accident. Such instrumentation include transducers, actuators as well as controller. In order to assess SIL level for machine, whole process needs to be evaluated. This includes all sensors, controllers, motor and actuator that are involved in the machine.
What is SIL
SIL stands for Safety Integrity Level SIL, the higher the number, the higher the reduction of the vis. SIL is relative measure of probability that machine can correctly provide required safety functions for a specific period. IEC 61508 defines four level of SIL- SIL1, SIL2,SIL3,SIL4 – and various quantitative as well as qualitative methods to determine level of SIL required for machine and safety system. Evaluation of risk is based on extent of damage – light injury to death of many person – and frequency and probability of occurrence.
Example Scenario
For a large production facility to operate safely and legally, it has to carryout complete risk analysis as well as HAZOP (hazard and operability study) by team of expert health and safety experts and process engineers. Gigantic press machines, die carts, robots, material processing via chemical reactions are only fewer of the elements of a production facility. Undoubtedly, such facility an post a risk to people and environment. Hazop analysis could involve detecting ‘Fault’, finding ‘Cause’ of fault, studying ‘Effect’ following fault and then introducing ‘Countermeasures’ to prevent fault happening. For instance, if fault is power failure due to electrical defect(Cause). Hazop team studies effects and found plant loses pressure control and consequently pressure pipe burst as a result(Effects). Possible Countermeasures could be to ensure all instruments and control enter the Safety Mode. You can guess where I am going with it now! Design engineers have to ensure safety valves are in place. Control software is written to detect change in power cutout and respond immediately to the fault occurrence. Do we have a fast controller? Have we enclosed facility within appropriate guarding system to ensure no access. Have we installed safety rated instrumentation to detect change in pressure? Is environment need to be ATEX rated. Could we get away putting a reasonable size UPS system to gracefully shutdown plant prior losing power.
“Redundant SIl 2 controller would only result in sil 3 if the whole safety instrumented system sis (sensors, controller, actuators, and all other components including software) is studied during sil analysis”
Introducing the above countermeasures, plant could easily be put down as SIL3 if not SIL4. It is also worth mentioning that some process industries request redundant instrumentation and controller in place to take over in the event primary fails. Such countermeasures are taken to increase SIL level and prevent potential accidents.
Until next time …