Difference between revisions of "SIL"
(→Sill Selection Matrices) |
Jumpboy11j (talk | contribs) |
||
| (9 intermediate revisions by one other user not shown) | |||
| Line 1: | Line 1: | ||
== Introduction == | == Introduction == | ||
| − | Safety Integrity Level (SIL) is defined as a relative level of risk-reduction provided by a safety function, or to specify a target level of risk reduction. In simple terms, SIL is a measurement of performance required for a Safety Instrumented Function (SIF). | + | Safety Integrity Level (SIL) is defined as a relative level of risk-reduction provided by a safety function, or to specify a target level of risk reduction. In simple terms, SIL is a measurement of performance required for a Safety Instrumented Function (SIF). Bellow shows a table [1] which gives, the SILL level, PDF (probability of failure on demand) and the RDF (risk reduction factor). |
| Line 30: | Line 30: | ||
There are many methods to select the safety Integrity Level, these include, Risk Matrix, Risk Graph, Layers of Protection Analysis (LOPA). With regards to LOC NASA has considerably lower levels of safety then in comparison to industry because, the crew are not considered civilians, and the gains of space exploration to be with the risk at least in terms of LOC. | There are many methods to select the safety Integrity Level, these include, Risk Matrix, Risk Graph, Layers of Protection Analysis (LOPA). With regards to LOC NASA has considerably lower levels of safety then in comparison to industry because, the crew are not considered civilians, and the gains of space exploration to be with the risk at least in terms of LOC. | ||
| − | Bellow is what is a graph of what is considered acceptable and intolerable in terms of fatalities by (HSE Books 2001)[ | + | Bellow is what is a graph of what is considered acceptable and intolerable in terms of fatalities by (HSE Books 2001)[2]. Of course these graphs would very depending on the size of the population and the significance of the endeavor. |
| − | [[Image:Fatality_graph.JPG]] | + | [[Image:Fatality_graph.JPG]] |
== Sill Selection Matrices == | == Sill Selection Matrices == | ||
| − | A SIL matrix tells us how reliable a safety function must be given the likely hood and the severity of an event. Bellow a 3D sill selection matrix is shown. If you can achieve the desired safety levels independently of the other layers then a 3D sill section matrix may not be necessary. However, there may be a maximum amount of reliability we can achieve from a given safety function and therefore we must consider how each layer of protection contributes to the reliability of the overall system. For instance, it was suggested in the Augastine commission that an abort system only reduces your LOC (Loss of crew) by about a factor of 10. If this does not give the required reliability in terms of loss of crew, then we must consider the reliability of the other layers of the system. | + | A SIL matrix tells us how reliable a safety function must be given the likely hood and the severity of an event. Bellow a 3D sill selection matrix is shown [3]. If you can achieve the desired safety levels independently of the other layers then a 3D sill section matrix may not be necessary. However, there may be a maximum amount of reliability we can achieve from a given safety function and therefore we must consider how each layer of protection contributes to the reliability of the overall system. For instance, it was suggested in the Augastine commission that an abort system only reduces your LOC (Loss of crew) by about a factor of 10. If this does not give the required reliability in terms of loss of crew, then we must consider the reliability of the other layers of the system. |
[[Image:SILL_Matrix.JPG]] | [[Image:SILL_Matrix.JPG]] | ||
| Line 42: | Line 42: | ||
Generally a separate SIL selection matrix is done for each type of consequence, these can include, Loss of mission, Loss of Crew, Environmental impact and Damage to the reputation of the organization. Generally each type of consequence is considered separately and it is the type of consequence which requires the greatest level of safety which drives the design. | Generally a separate SIL selection matrix is done for each type of consequence, these can include, Loss of mission, Loss of Crew, Environmental impact and Damage to the reputation of the organization. Generally each type of consequence is considered separately and it is the type of consequence which requires the greatest level of safety which drives the design. | ||
| − | == LOPA (Layers of Protection Analysis == | + | == LOPA (Layers of Protection Analysis) == |
== Risk Graphs == | == Risk Graphs == | ||
| − | |||
| − | |||
| − | [1] - http://4-sightconsulting.co.uk/Current_Papers/Determining_SILs/Methods_of_Determining_Safety_Integrity_Level.pdf - Methods of Determining Safety Integrity Level (SIL) | + | [[Image:Risk_Graph.JPG]] |
| + | |||
| + | Figure from: | ||
| + | |||
| + | Different SIL (Safety Integrity Level) Selection Techniques | ||
| + | Can Yield Significantly Different Answers | ||
| + | By Paul Gruhn, PE, CFSE | ||
| + | President | ||
| + | L&M Engineering | ||
| + | Houston, TX | ||
| + | [3] | ||
| + | |||
| + | == Nuclear Power and Space == | ||
| + | |||
| + | In order to reduce the consequences of a failure, NASA uses hard ceramics, to minimize the environmental impact of launch failure. With regards to nuclear propulsion, it is general considered a much greater environmental risk if the reactor is turned on before the rocket reaches a stable orbit, then if it is turned on after it reaches a stable orbit. The required reliability necessary for such a consequence is a matter of debate but no doubt the necessary safeguards to prevent this incident will likely add significantly to the weight and reliability of the overall rocket. | ||
| + | |||
| + | == References == | ||
| + | |||
| + | [1] http://en.wikipedia.org/wiki/Safety_Integrity_Level | ||
| + | |||
| + | [2] - http://4-sightconsulting.co.uk/Current_Papers/Determining_SILs/Methods_of_Determining_Safety_Integrity_Level.pdf - Methods of Determining Safety Integrity Level (SIL) | ||
Requirements - Pros and Cons | Requirements - Pros and Cons | ||
by W G Gulland (4-sight Consulting) | by W G Gulland (4-sight Consulting) | ||
| − | [ | + | [3] http://www.isa.org/Content/Microsites838/Safety_Division/Home818/ISA_2004_Safety_Papers/Different_SIL_Selection_Techniques_Can_Yield_Different_Answers.pdf |
| + | |||
| + | |||
| + | [4] http://www.iceweb.com.au/sis/target_sis.htm - Techniques for Assigning A Target Safety Integrity Level Angela E. Summers, Ph.D. This paper was published in ISA Transactions 37 (1998) 95-104. | ||
Latest revision as of 12:23, 15 August 2009
Contents
Introduction
Safety Integrity Level (SIL) is defined as a relative level of risk-reduction provided by a safety function, or to specify a target level of risk reduction. In simple terms, SIL is a measurement of performance required for a Safety Instrumented Function (SIF). Bellow shows a table [1] which gives, the SILL level, PDF (probability of failure on demand) and the RDF (risk reduction factor).
| SIL | PFD | RRF |
|---|---|---|
| 1 | 0.1-0.01 | 10-100 |
| 2 | 0.01-0.001 | 100-1000 |
| 3 | 0.001-0.0001 | 1000-10,000 |
| 4 | 0.0001-0.00001 | 10,000-100,000 |
Selection of SIL
There are many methods to select the safety Integrity Level, these include, Risk Matrix, Risk Graph, Layers of Protection Analysis (LOPA). With regards to LOC NASA has considerably lower levels of safety then in comparison to industry because, the crew are not considered civilians, and the gains of space exploration to be with the risk at least in terms of LOC.
Bellow is what is a graph of what is considered acceptable and intolerable in terms of fatalities by (HSE Books 2001)[2]. Of course these graphs would very depending on the size of the population and the significance of the endeavor.
Sill Selection Matrices
A SIL matrix tells us how reliable a safety function must be given the likely hood and the severity of an event. Bellow a 3D sill selection matrix is shown [3]. If you can achieve the desired safety levels independently of the other layers then a 3D sill section matrix may not be necessary. However, there may be a maximum amount of reliability we can achieve from a given safety function and therefore we must consider how each layer of protection contributes to the reliability of the overall system. For instance, it was suggested in the Augastine commission that an abort system only reduces your LOC (Loss of crew) by about a factor of 10. If this does not give the required reliability in terms of loss of crew, then we must consider the reliability of the other layers of the system.
Generally a separate SIL selection matrix is done for each type of consequence, these can include, Loss of mission, Loss of Crew, Environmental impact and Damage to the reputation of the organization. Generally each type of consequence is considered separately and it is the type of consequence which requires the greatest level of safety which drives the design.
LOPA (Layers of Protection Analysis)
Risk Graphs
Figure from:
Different SIL (Safety Integrity Level) Selection Techniques Can Yield Significantly Different Answers By Paul Gruhn, PE, CFSE President L&M Engineering Houston, TX [3]
Nuclear Power and Space
In order to reduce the consequences of a failure, NASA uses hard ceramics, to minimize the environmental impact of launch failure. With regards to nuclear propulsion, it is general considered a much greater environmental risk if the reactor is turned on before the rocket reaches a stable orbit, then if it is turned on after it reaches a stable orbit. The required reliability necessary for such a consequence is a matter of debate but no doubt the necessary safeguards to prevent this incident will likely add significantly to the weight and reliability of the overall rocket.
References
[1] http://en.wikipedia.org/wiki/Safety_Integrity_Level
[2] - http://4-sightconsulting.co.uk/Current_Papers/Determining_SILs/Methods_of_Determining_Safety_Integrity_Level.pdf - Methods of Determining Safety Integrity Level (SIL) Requirements - Pros and Cons by W G Gulland (4-sight Consulting)
[4] http://www.iceweb.com.au/sis/target_sis.htm - Techniques for Assigning A Target Safety Integrity Level Angela E. Summers, Ph.D. This paper was published in ISA Transactions 37 (1998) 95-104.
