SIL

From NewMarsWiki
Revision as of 13:32, 14 August 2009 by John Creighton (talk | contribs) (Risk Graphs)
Jump to: navigation, search

Introduction

Safety Integrity Level (SIL) is defined as a relative level of risk-reduction provided by a safety function, or to specify a target level of risk reduction. In simple terms, SIL is a measurement of performance required for a Safety Instrumented Function (SIF).


SIL PFD RRF
1 0.1-0.01 10-100
2 0.01-0.001 100-1000
3 0.001-0.0001 1000-10,000
4 0.0001-0.00001 10,000-100,000

Selection of SIL

There are many methods to select the safety Integrity Level, these include, Risk Matrix, Risk Graph, Layers of Protection Analysis (LOPA). With regards to LOC NASA has considerably lower levels of safety then in comparison to industry because, the crew are not considered civilians, and the gains of space exploration to be with the risk at least in terms of LOC.

Bellow is what is a graph of what is considered acceptable and intolerable in terms of fatalities by (HSE Books 2001)[1]. Of course these graphs would very depending on the size of the population and the significance of the endeavor.

Fatality graph.JPG

Sill Selection Matrices

A SIL matrix tells us how reliable a safety function must be given the likely hood and the severity of an event. Bellow a 3D sill selection matrix is shown. If you can achieve the desired safety levels independently of the other layers then a 3D sill section matrix may not be necessary. However, there may be a maximum amount of reliability we can achieve from a given safety function and therefore we must consider how each layer of protection contributes to the reliability of the overall system. For instance, it was suggested in the Augastine commission that an abort system only reduces your LOC (Loss of crew) by about a factor of 10. If this does not give the required reliability in terms of loss of crew, then we must consider the reliability of the other layers of the system.

SILL Matrix.JPG

Generally a separate SIL selection matrix is done for each type of consequence, these can include, Loss of mission, Loss of Crew, Environmental impact and Damage to the reputation of the organization. Generally each type of consequence is considered separately and it is the type of consequence which requires the greatest level of safety which drives the design.

LOPA (Layers of Protection Analysis

Risk Graphs

Risk Graph.JPG

Figure from:

Different SIL (Safety Integrity Level) Selection Techniques Can Yield Significantly Different Answers By Paul Gruhn, PE, CFSE President L&M Engineering Houston, TX [3]

Refferences

[1] http://en.wikipedia.org/wiki/Safety_Integrity_Level

[2] - http://4-sightconsulting.co.uk/Current_Papers/Determining_SILs/Methods_of_Determining_Safety_Integrity_Level.pdf - Methods of Determining Safety Integrity Level (SIL) Requirements - Pros and Cons by W G Gulland (4-sight Consulting)

[3] http://www.isa.org/Content/Microsites838/Safety_Division/Home818/ISA_2004_Safety_Papers/Different_SIL_Selection_Techniques_Can_Yield_Different_Answers.pdf


[4] http://www.iceweb.com.au/sis/target_sis.htm - Techniques for Assigning A Target Safety Integrity Level Angela E. Summers, Ph.D. This paper was published in ISA Transactions 37 (1998) 95-104.