classic | mobile


SA Instrumentation & Control Buyers' Guide

Technews Industry Guide - IIoT 2018

Technews Industry Guide - Maintenance, Reliability & Asset Optimisation


Safety instrumented systems: shedding light on SIL
May 2008, System Integration & Control Systems Design

Safety engineering principles have evolved over the past decade or so from employing a relatively formulaic and prescriptive philosophy to one which involves risk assessment and risk reduction. This risk-based approach places far more responsibility on control system engineers. They cannot simply refer to a handbook or catalogue to select a solution.

Safety engineering is non-trivial

The need to perform risk analysis and risk assessment as part of systems engineering means that there needs to be more interaction with team members from other disciplines.

Present standards such as IEC 62061 also require that design takes into account the full system lifecycle from design strategy and initial requirements analysis through commissioning, change management and maintenance to final decommissioning.

In simple electro-mechanical or electro-pneumatic systems it was relatively easy to assess failure modes. As systems have become more complex with the pervasive application of electronic devices employing complex components, ICs and programmability, and the incorporation of wired and wireless networks it has become practically impossible for a control systems engineer to fully determine and evaluate every possible failure mode.

Evolution of standards

Between 1998 and 2000 the IEC introduced parts 1 through 7 of IEC 61508, Functional safety of electrical/electronic/programmable electronic safety-related systems. As a result of feedback from the process industries certain sections of IEC 61508 were extracted and reworded, to allow the process industries more flexibility in how they implement safety related systems, whilst still ensuring overall compliance with IEC 61508. This process industry standard is IEC 61511, Functional safety – Safety instrumented systems for the process industry sector was introduced in 2003.

The result of this development is that within the process industries there are certain engineering tasks that fall under IEC 61508 and others which fall under the ambit of IEC 61511. For instance IEC 61508 is applicable when developing embedded software for process industries, whereas IEC 61511 is the applicable standard when developing application software using limited variability languages or fixed programs.

IEC 62061, Safety of machinery – Functional safety of safety-related electrical, electronic and programmable electronic control systems applies to the use of safety-related electrical, electronic and programmable control systems (SRECS) for non-portable machinery. It is a sector-specific standard that falls within the scope of IEC 61508 for the application area of machines and specifies the safety-related performance of safety-related electrical control systems that are required for risk reduction.

From safety to safety integrity

The IEC defines safety as the freedom from unacceptable risk of physical injury or of damage to the health of people, either directly or indirectly as a result of damage to property or to the environment. It defines functional safety as that part of the overall safety that depends on a system or equipment operating correctly in response to its inputs.

It is important to differentiate between safety and functional safety. An electric motor can be made safer by using winding insulation that can withstand higher temperatures. Worded differently, it can be said that the risk of the motor igniting under extreme overload conditions can be reduced by using insulation that has a higher ignition point. However, this is not functional safety since there is no system involved which responds to inputs. A system comprising a thermal sensor in a circuit that disconnects the motor on high winding temperature would represent an instance of functional safety.

A safety related system is one which is required to perform safety functions – ie, functions which mitigate risk. And so we arrive at the concept of safety integrity, which is the likelihood of the safety function being performed satisfactorily when called upon to do so.

From risk to target SIL

Before a target safety integrity level (SIL) can be determined, the level of risk before application of an SIS or safety function needs to be determined.

Hazard analysis determines any required safety functions. Risk assessment then evaluates the performance requirements for each required safety function. Aspects covered during risk assessment include the seriousness of the possible harm or injury, the frequency and duration of such exposure, the probability of the occurrence of the hazardous incident and the possibility of preventing or limiting the harm.

Based on the outcome of the risk assessment the target SIL, which represents a required level of risk reduction, can be determined using quantitative or qualitative methods. Different standards offer different methodologies for this SIL determination. These methodologies include safety layer matrices, calibrated risk graphs, risk graphs and layer of protection analysis (LOPA).

Determining a target SIL means making decisions about reducing risk to an acceptable level, and deciding, inter alia, on acceptable levels of probability for injury or death.

In IEC 61508 SIL values range from 1 to 4, where SIL 1 represents a lower level of risk reduction and SIL 4 the highest level of risk reduction.

SIL and failure on demand

If a safety related system fails to perform when called upon, the consequences can be extreme. Some of the greatest process plant disasters of the last 20 years have been traced back to such failures. In both the BP Texas City, USA disaster and the Buncefield, UK disaster independent safety related instrument systems failed on demand, leading to loss of containment and subsequent ignition of petrochemicals.

Table 1 shows the correlation between SIL and the probability that a safety related system will fail to operate when required. This latter is also known as probability of failure on demand (PFD).

Test frequency impacts SIL

Safety instrumented systems to meet high target SILs can become extremely complex and costly. One of the ways of reducing the target SIL is to increase the frequency of testing of safety functions that have low demand rates – ie, those that are rarely called upon to operate, like the loops that failed at Texas City and Buncefield.

For functions with a low demand rate, the accident rate is a combination of the frequency of demands, and the probability that the function fails on demand (PFD). Provided the function is proof-tested at a frequency which is greater than the demand rate, the PFD is calculated as:

PFD = T/(2 X MTTF)


T = Proof test interval

MTTF = Mean time to failure

From this equation it can be seen that for a constant MTTF the probability of failure of a loop reduces as the proof test interval decreases (ie, as the frequency of testing increases). This is the rationale behind practices such as partial valve stroking of valves in safety instrumented systems.

To significantly reduce the accident rate in low demand safety functions the test frequency should be at least two and preferably five or more times the demand frequency. However, there may be other considerations that require more frequent operation. For instance an ESD valve with a Teflon seat may need stroking more frequently to prevent jamming.

SIL is not for sale

Having determined the target SIL for a system, system designers then need to design systems to meet the target SIL. Devices of themselves cannot be described as having a particular SIL. For instance, applying the term 'Rated to SIL 3' to a level transmitter is meaningless. Only the safety instrumented system or sub-system (the loop) can be described as meeting a particular SIL. So while the PFDs of each loop element (including power supplies) ultimately determine the SIL of the loop, no single piece of equipment can lay claim to its own SIL.

About the author

Andrew Ashton has electrical, mechanical and business qualifications and has been active in automation and process control since the early 1980s. Since 1991 he has headed up a company that has developed formulation management systems for the food, pharmaceutical and chemical manufacturing industries and manufacturing solutions involving the integration of various communication technologies and databases. Developed systems address issues around traceability, systems integration, manufacturing efficiency and effectiveness. Andrew is features editor for S A Instrumentation and Control and editor of Motion Control in Southern Africa.

Supplied By: Technews Publishing (SA Instrumentation & Control)
Tel: +27 11 543 5800
Fax: +27 11 787 8052
Share via email     Share via LinkedIn   Print this page

Further reading:

  • From the editor’s desk: Fresh start bridges the gap to optimism
    December 2018, Technews Publishing (SA Instrumentation & Control), News
    At last South Africans have something to celebrate as we head into the end-of-year holiday season. Our troubles are far from over of course, but the recent changes in government leadership have given ...
  • PSY extends its offerings
    December 2018, PSY International, System Integration & Control Systems Design
    PSY International, a recognised systems integrator for a number of well-known international brands, was recently appointed as an integrator for AC/DC. Paul Young, a director of PSY International, explains ...
  • EtherCAT roadshow in South Africa
    December 2018, Technews Publishing (SA Instrumentation & Control), News
    Together with the EtherCAT Technology Group (ETG), Technews Publishing recently organised a series of breakfast seminars at venues across the country, in Cape Town, Port Elizabeth, Durban and Johannesburg. ...
  • Craft breweries benefit from digitalisation with modular Siemens automation
    December 2018, Siemens Digital Factory & Process Indust. & Drives, System Integration & Control Systems Design
    Deutsche Beverage Technology (Deutsche Beverage) supplies turnkey engineering solutions for breweries, with its main customer base in the high-growth craft beer sector.
  • PC-based control simplifies building revitalisation
    December 2018, Beckhoff Automation, System Integration & Control Systems Design
    PC-based building automation from Beckhoff is characterised by its openness, reliability, ease of use and long-term product availability. In the revitalisation of the Eurotheum high-rise building in Frankfurt, ...
  • Yokogawa’s Centum VP R6 upgrade at ArcelorMittal South Africa
    December 2018, Yokogawa South Africa, System Integration & Control Systems Design
    ArcelorMittal South Africa’s Vanderbijlpark facility is one of the world’s largest inland steel works. Cold Annealing Plant Nr.2 (CAPL#2), has been running on a Yokogawa COPSV CFCD distributed control ...
  • From the Editor's desk: Digitalisation in the mining industry
    November 2018, Technews Publishing (SA Instrumentation & Control), News
    With South Africa now in recession, and the unemployment rate rising to over 27%, the government’s focus has quite rightly shifted to the issues of job creation and economic stimulus. This has put critical ...
  • End-to-end system integration from Hybrid Automation
    November 2018, Hybrid Automation, System Integration & Control Systems Design
    Hybrid Automation, an engineering solutions company, was started in October 2005 by member Sachin Singh in response to the need for a Siemens systems integrator. The company’s workshop and office is situated ...
  • Flexible tower light from Rockwell Automation
    November 2018, Rockwell Automation, System Integration & Control Systems Design
    Rockwell Automation has introduced the Allen-Bradley ControlTower 856T 70 mm Tower Light system to market. This new system incorporates brighter LED illumination and a broad offering of visual and sound ...
  • Continuous baggage tracking
    November 2018, SICK Automation Southern Africa, System Integration & Control Systems Design
    Delayed, damaged or lost baggage reduces customer satisfaction and generates additional costs. International Air Transport Association (IATA) Resolution 753 on baggage tracking is intended to encourage ...
  • From the editor’s desk: Digital transformation includes people, and services
    October 2018, Technews Publishing (SA Instrumentation & Control), News
    Digital transformation, according to Microsoft, is about reimagining how we bring together people, data and processes to create value for customers and maintain a competitive advantage in a digital-first ...
  • Veolia completes landmark project for Umgeni Water
    October 2018, System Integration & Control Systems Design
    Part of the Lower Thukela Bulk Water Supply Scheme (LTBWSS), the plant, constructed at a cost of R1,4 billion and funded by Umgeni Water and the Department of Water and Sanitation, will eventually supply ...

Technews Publishing (Pty) Ltd
1st Floor, Stabilitas House
265 Kent Ave, Randburg, 2194
South Africa
Publications by Technews
Dataweek Electronics & Communications Technology
Electronic Buyers Guide (EBG)

Hi-Tech Security Solutions
Hi-Tech Security Business Directory

Motion Control in Southern Africa
Motion Control Buyers’ Guide (MCBG)

South African Instrumentation & Control
South African Instrumentation & Control Buyers’ Guide (IBG)
Terms & conditions of use, including privacy policy
PAIA Manual


    classic | mobile

Copyright © Technews Publishing (Pty) Ltd. All rights reserved.