SIL

IEC 61508:2010

SIL
IEC 61508:2010

SIL
IEC 61508:2010

SIL
IEC 61508:2010

IEC 61508 & SAFETY LIFECYCLE

WHAT IS FUNCTIONAL SAfETY?
In the process industries, safety can be dened as being protected from unacceptable risk of injury or damage to people, property or the environment. Functional Safety relates to the part of overall safety that depends upon the correct operation of an electrical/electronic/programmable electronic safety instrumented system, SIS. The requirements for such a SIS are dened in the IEC 61508 group of standards.
IEC 61508 Functional safety of E/E/PE safety-related systems

CASS SCHEME
Overall framework of the IEC 61508 series
Technical Requirements
Part 0 Functional safety and IEC 61508

Overall safety lifecycle

1
Other Requirements
Part 5 Example of methods for the determination of safety integrity levels Part 4 Denitions & abbreviations

Concept

2 3 4 5
Overall planning Overall 6 operation and maintenance planning

CASS is a scheme for assessing the compliance of safety related systems with the requirements of IEC 61508 and associated standards. It provides a systematic approach to be used by certication bodies and others when assessing compliance at all stages from the specication of safety requirements through the design, development and manufacture of system components to integration, commissioning, operation and maintenance.
Accredited Certication for Safety Systems... to IEC 61508 and related standards
The CASS Scheme Ltd

Overall scope denition

Relationship between CASS assessment types

Part 1 Development of the overall safety requirements (concept, scope, denition, hazard and risk analysis)
7.1 to 7.5

Hazard and risk analysis

Overall safety requirements

Feedback

UKAS

Functional Safety Management (FSM)

Component Assessment Clients Sub-system Assessment Integrated System Assessment Safety Requirements Assessment

T5

Part 1 Allocation of the safety requirements to the E/E/PE safety-related systems

7.6

IEC 61508

IEC 61511 Process industry sector

IEC 61513 Nuclear power plants

IEC 62061 Safety of machinery E/E/PES

ISO 13849 Safety of simple machinery

IEC 61800-5-2 Power Drives

Part 1 Specication of the system safety requirements for the E/E/PE safety-related systems
7.10

Part 1 Documentation Clause 5 & Annex A

Overall safety requirements allocation

Members Technical Design Authority

EN45011
Certication Bodies

9 10

E/E/PE system safety requirements specication

11

Governing Body

Operations and Maintenance Assessment

RULES

Other risk reduction measures Specication and Realisation

Part 6 Guidelines for the application of Parts 2&3

Technical Committees E/E/PE safety-related systems Test Houses

T1
Component Supplier

T2
Sub-system Supplier

T2a
Engineering Function/System Integrator

T4
End user/ Operator

T3

Part 2 Realisation phase for E/E/PE safetyrelated systems

Part 3 Realisation phase for safety-related software Part 7 Overview of techniques and measures

Part 1 Management of functional safety Clause 6

Overall safety validation planning Overall 8 installation and

(see E/E/PE system safety lifecycle)

Realisation

IEC 61508 aims to:

IEC 61508
Functional Safety Management

release the potential of E/E/PE technology to improve both safety and economic performance; enable technological developments to take place within an overall safety framework; provide a technically sound, system based approach, with sufcient exibility for the future; provide a risk-based approach for determining the required performance of safety-related systems; provide requirements based on common underlying principles to facilitate: - improved efciencies in the supply chain for suppliers of subsystems and components to various sectors - improvements in communication and requirements (i.e. to increase clarity of what needs to be specied), - the development of techniques and measures that could be used across all sectors, increasing available resources, - the development of conformity assessment services if required.

Part 1 Installation, commissioning & safety validation of E/E/PE safetyrelated systems

7.13 - 7.14

commissioning planning

12 13 14 16

Overall installation and commissioning

TERMINOLOGIES & ABBREVIATIONS

Back to appropriate overall safety lifecycle phase

Part 1 Functional safety assessment Clause 8

Overall safety validation

Part 1 Operation, maintenance, repair, modication and retrot, decommissioning or disposal of E/E/PE safety-related systems
7.15 - 7.17

Overall operation, maintenance and repair

15

Overall modication and retrot

Denitions and abbreviations Abbreviation Full expression AC/DC Alternating current/direct current AIChE American institute of chemical engineers

Abbreviation LVL MooN

Decommissioning or disposal

E/E/PE system safety lifecycle (in realisation phase)

Box 10 in Overall Safety Lifecycle E/E/PE safety-related systems

Relationship between & scope of IEC 61508-2 & IEC 61508-3

10

A basic requirement of the standards is that all aspects of the safety lifecycle activities demonstrate Functional Safety Management. As well as concerns for equipment, this includes management of personnel competency, covering the end-user, contractors, suppliers and sub-contractors.
(In the UK see also guidance from HSE Managing competence for safety-related systems.)
10.2
E/E/PE system safety validation planning

(see E/E/PE system safety lifecycle)

Realisation

E/E/PE system design requirements specication

E/E/PE system architecture

Scope of IEC 61508-2

10.1

E/E/PE system design requirements specication Scope of IEC 61508-3

Hardware safety requirements specication Software safety requirements Programmable electronic hardware Non-programmable hardware

10.3

E/E/PE system design & development including ASICs & software

ALARP ANSI ASIC BPCS CCF CPLD CCPS DC (E)EPLD E/E/PE E/E/PE (system) EEPROM EPROM EMC EUC FAT FPGA FPL FSA FTA FVL GAL H&RA HFT IEC IEV ISA ISO

10.4
One E/E/PE safety lifecycle for each E/E/PE safetyrelated system

E/E/PE system integration

Software design & development

Programmable electronics design & development

Non-programmable hardware design & development

10.5
Functional Safety

E/E/PE system installation, commissioning, operation & maintenance procedures To Box 14 in Overall Safety Lifecycle

10.6

E/E/PE system safety validation

Programmable electronics integration (hardware & software)

E/E/PE system integration

C E RT I F I C AT I O N S E RV I C E

011

Approved Company

Certicate No. CASS 00015/01

To Box 12 in Overall Safety Lifecycle

SAFETY INTEGRITY LEVELS

DEFINITION
Safety integrity is the ability of the SIS to perform the required safety function as and when required. Four levels of safety integrity are dened, each corresponding to a range of target likelihood of failures of a safety function. Safety integrity level 4 (SIL4) is the highest level of safety integrity and safety integrity level 1 (SIL1) is the lowest level.
Systematic safety integrity; that part of safety integrity relating to
systematic failures in a dangerous mode of failure. Techniques such as redundant channels of identical hardware, which are very effective at controlling random hardware failures, are of little use in reducing systematic failures such as software errors. Devices, elements and systems may be Type A or Type B. Type A is when the components required to perform a specied function meet all of the following: a) The failure modes of all components are well dened; and b) The behaviour of the device under fault conditions can be completely determined; and IEC 61508:2010 IEC 61508:2010 c) There is sufcient dependable failure data to show that the claimed failure rates for detected and undetected dangerous failures are met. Type B is simply when one or more of the components required to perform a specied function is not Type A.

SIL for High Demand Mode

Safety Integrity Level (SIL) 4 3 2 1 Average frequency of a dangerous failure of the safety function [h-1] (PFH) 10-9 to < 10-8 10-8 to < 10-7 10-7 to < 10-6 10-6 to < 10-5

SIL
IEC 61508:2010

Note that a safety integrity level is a property of a safety function rather than of a system or any part of a system.
Safety integrity is considered to be composed of the following two elements: Hardware safety integrity; that part of safety integrity relating to random hardware
failures in a dangerous mode of failure. It may be necessary to use redundant architectures to achieve adequate hardware safety integrity.
IEC 61508:2010

SIL
2

SIL
3

SIL
4

SIL for Low Demand Mode

Safety Integrity Level (SIL) 4 3 2 1 Average probability of a dangerous failure on demand of the safety function (PFDavg) 10-5 to < 10-4 10-4 to < 10-3 10-3 to < 10-2 10-2 to < 10-1

While every effort has been made to ensure that the information contained within this document is accurate and up to date, MTL Instruments makes no warranty, representation or undertaking whether expressed or implied, nor does it assume legal liability, whether direct or indirect, or responsibility for the accuracy, completeness, or usefulness of any information.

A B

Type A Safety System

Safe failure fraction of an element < 60 % 60 % - < 90 % 90 % - < 99 % 99 % Hardware fault tolerance 0 SIL 1 SIL 2 SIL 3 SIL 3 1 SIL 2 SIL 3 SIL 4 SIL 4 2 SIL 3 SIL 4 SIL 4 SIL 4

Type B Safety System

Safe failure fraction of an element < 60 % 60 % - < 90 % 90 % - < 99 % 99 % Hardware fault tolerance 0 Not Allowed SIL 1 SIL 2 SIL 3 1 SIL 1 SIL 2 SIL 3 SIL 4 2 SIL 2 SIL 3 SIL 4 SIL 4

As Low As Reasonably Practicable American National Standards Institute Application Specic Integrated Circuit Basic process control system Common Cause Failure Complex Programmable Logic Device Center for chemical process safety Diagnostic Coverage (Electrically) Erasable Programmable Logic Device Electrical/Electronic/Programmable Electronic Electrical/Electronic/Programmable Electronic System Electrically Erasable Programmable ReadOnly Memory Erasable Programmable Read-Only Memory Electro-magnetic compatibility Equipment Under Control Factory acceptance testing Field Programmable Gate Array Fixed program language Functional safety assessment Fault tree analysis Full variability language Generic Array Logic Hazard & risk assessment

MooND MTBF MTTR MRT NP PAL PE PES PFD PFDavg PFH PLA

Full expression Limited variability language M out of N channel architecture (for example 1oo2 is 1 out of 2 architecture, where either of the two channels can perform the safety function) M out of N channel architecture with Diagnostics Mean Time Between Failures Mean Time To Repair Mean Repair Time Non-programmable Programmable Array Logic Programmable Electronic Programmable electronic system Probability of Dangerous Failure on Demand Average Probability of dangerous Failure on Demand Average frequency of dangerous failure [h-1] Programmable Logic Array Programmable logic controller Site acceptance test Systematic capability Safe failure fraction Safety instrumented function Safety integrity level Safety instrumented system Safety requirement specication Unless otherwise noted Failure rate of all safe failures Failure rate of all dangerous failures Failure rate of all dangerous detected failures Failure rate of all dangerous undetected failures Failure rate of all safe undetected failures Failure rate of all safe detected failures

PLC SAT SC SFF SIF SIL SIS SRS UON ls or lsafe ld or ldangerous Hardware Fault Tolerance ldd International Electrotechnical Commission ldu International Electrotechnical Vocabulary lsu Instrumentation, Systems & Automation Society lsd International Organization for Standardization

www.mtl-inst.com enquiry@mtl-inst.com
ZL-P-FSM-EN-1112

Australia
Tel: +61 1300 308 374 Fax: +61 1300 308 463

France
Tel: +33 (0)4 37 46 16 70 Fax: +33 (0)4 37 46 17 20

India
Tel: + 91 (0)44 24501660 Fax: + 91 (0)44 24501463

Japan
Tel: +81 (0)3 6430 3128 Fax: +81 (0)3 6430 3129

Singapore
Tel: +65 6 645 9888 Fax: +65 6 487 7997

United Arab Emirates

Tel: +971 2 446 6840 Fax: +971 2 446 6841

Americas
Tel: +1 281 571 8065 Fax: +1 281 571 8069

China
Tel: +86 10 5980 0231 Fax: +86 10 8562 5725

Germany
Tel: +49 (0)2131 718930 Fax: +49 (0)2131 7189333

Italy
Tel: +39 (0)2 61802011 Fax: +39 (0)2 61294560

Netherlands
Tel: +31 (0) 76 7505360 Fax: +31 (0) 76 7505370

South Korea
Tel: +82 2 538 3481 Fax: +82 2 538 3505

UK
Tel: +44 (0)1582 723633 Fax: +44 (0)1582 422283

For technical advice or further information call:

+44 (0) 1582 723633

www.61508.org www.iec.ch/functionalsafety www.cass.uk.net www.hse.gov.uk