SAFETY integrity level (SIL) is a measure of potential risk to people, environment or processes in the case of a malfunction. Traditionally SIL classifying safety instrumented systems (SISs) has been the post-installation responsibility of the plant engineer.
The IEC 61508 standard for functional safety has provided clear guidelines for the decision-making process and empowered instrument manufacturers to design SIL-compliant products. Engineers no longer need take sole responsibility for the SIL classification of new devices.
IEC 61508 provides a coherent framework that integrates all previous safety regulations into a systematic approach to process safety. It has been developed by the International Electrotechnical Commission (IEC).
IEC 61508 applies wherever electrical, electronic or programmable electronic systems are used to perform safety functions including complete loop/safety systems, measuring points (sensors), control units (PLCs) and actuators (valves). SISs are used across a range of industries, and in the chemical industry account for approximately 3%-5% of all measuring points.
The new standard defines safety by the potential degree of damage and the probability of a risk-critical situation occurring in the given application. All relevant parameters are organised in a single risk graph with axes labelled degree of damage and probability of occurrence. The central degree of damage parameters are further analysed according to length of time and avoidance of damage. The risk graph provides clear, step-by-step pathways for systematically carrying out a risk evaluation of any given SIS and arriving at a SIL classification. While IEC 61508 determines the SIL level applicable for the SIS, the SIL level itself also defines limit values that must be applied when designing the safety loop, such as probability of failure on demand (PFD).
Previously it was the duty of the operator to keep a record of the instrument's suitability for the SIL-classified application. It became the engineer's task to carry out time-consuming field tests and make statistical evaluations. On the basis of these evaluations a device could be declared proven in use and thus qualify for a SIL. Now that IEC 61508 allows the manufacturer to declare instruments suitable for a particular SIL level and offer them ready for use, this duty is eliminated and the engineer is relieved of the burden of proof.
There are two ways in which the instrument manufacturer can examine and declare devices suitable for a SIL level. For existing devices, the supplier takes over the proven in use procedure, in which the instruments are tested and described according to IEC 61508/61511. For newly developed devices, the supplier makes a direct declaration to IEC 61508 which can also address any relevant internal design procedures. This declaration comprises an evaluation of the hardware and software of the device based partly on a failure, modes, effects and diagnostics analysis (FMEDA) and partly on an assessment of the proven-in-use documentation.
A range of devices certified to SIL 2 is offered by Endress + Hauser . A complete list is available at www.endress.com. The range covers important safety-related parameters including flow, interfaces, level, limit, power pack, pressure and temperature. It also includes the world's first flowmeter certified to SIL 2, PROline Promass 80/83. The company produces only SIL 2 devices on the basis that this is the rating required for most applications in the chemical industry.
A uniform, compact safety manual is included with each instrument to facilitate transparency and safety in planning, commissioning and performance checks of SIS protection systems. Customers also benefit from safety-related evaluation of software updates to the existing standard according to IEC 61508.