SIL – „Safety Integrity Level“
Basis informations about SIL
1. Functional Safety
The safety integrity level (SIL) allows to determine the potential risk for people, systems, devices and processes in case of a malfunction. Basis for the specification,
design, and operation of safety instrumented systems is IEC standard 61508.
The goal is to assess the risk and to reduce it by use of suitable measures
2. Standard
Standard 61508 defines safety depending on the level of integrity and the probability… 61508 encompasses its own risk assessment with which the safety integrity levels for the safety related devices and systems can be determined. The standard knows four levels, SIL 1 to SIL 4, characterizing safety levels for electrical and electronic devices. The SIL level is a measure for the safety function in case of a fault and answers the question: What is the probability of the system still functioning correctly in case of a fault?
3. Specific values
PFD = Probability of failure on demand
PFDav directly describes the probability that the system will malfunction on demand, i.e. when a service request is made or during a continuous temperature measuring. The standard defines different levels of demand and high demand is, as the name implies, when safety related functions are required in a continuous mode of operation. Low demand is where the frequency of demands for operation made on a safety-related system is no greater than one per year. The differences are reflected in the mathematical treatment. High demand looks at failure probability per hour versus low demand at probability of failure per demand.
SIL – PFDav – PFH – modes of operation
| Safety Integrity Level (SIL) | Low demand mode operation | High demand mode operation |
|---|---|---|
| SIL4 | ≥ 10-5 to < 10-4 | ≥ 10-9 to < 10-8 |
| SIL3 | ≥ 10-4 to < 10-3 | ≥ 10-8 to < 10-7 |
| SIL2 | ≥ 10-3 to < 10-2 | ≥ 10-7 to < 10-6 |
| SIL1 | ≥ 10-2 to < 10-1 | ≥ 10-6 to < 10-5 |
MTBF = Mean Time Between Failure
MTBF is applicable only to repairable devices or systems and time between failures assumes that the device has been repaired after a failure. MTBF can be used to estimate failures per time interval. That allows to calculate the probability of a device failure during its life span (for example 10 years for Schischek actuators). MTBF for a given device can be estimated in life cycle tests. Those tests can be conducted under increased stress conditions of a highly accelerated life test, such as radiation, humidity, vibration, high temperatures etc.
Another way to determine MTBF is the reliability prediction, often used in early design stages where devices and systems are not yet available. That allows to evaluate if the target reliability can be achieved but, it requires detailed knowledge of the construction of a device and its components. Failure rates are available for many components and published in manuals. Values given in FIT, which stands for failure in time and is a unite defined as 1 FIT = 109 per hour.
MTBF is the reciprocal of the calculated failure rate of the component, which in turn is the sum of the application condition dependent failure rates of the individual components. When used in MTBF calculations FIT is usually used without the unit "failures in 109 hours." If, for example, MTBF for a repairable device is affected by a component for which FIT is known, then MTBF can be calculated based on the following formula:
Formula:
MTBF = 114.000 years : FIT
Example:
for a FIT of 1140 follows MTBF = 100 years
MTTF = Mean Time To Failure
also used as average mean time to failure MTTFd. The importance of MTTF has been increased by the European Norm EN ISO 13849-1 in connection with machine safety.
MTTF is a statistical quantity based on test results or empirical data and does not constitute a guaranteed life cycle or failure free operating time.
MTTF is based on the reliability function R(t) and is valid under the assumption that that the device in consideration is "as new" after a repair.
MTTR = Mean Time To Repair
is a measure of how long it takes on average to repair a device after failure and is therefore important in conjuction with system availability.
MTTR also encompasses work and material planning and should be kept as short as possible.
λ = Failure Rate
The failure is the reciprocal of MTBF. (λ = 1 / MTBF)
µ = Repair Rate
The repair rate is the reciprocal of MTTR. (λ = 1 / MTTR)
SFF = Safe Failure Fraction
SFF is the proportion of safe errors (λsafe) in relation to dangerous errors (λdangerous). The higher SFF the lower the probabilty of failure.
λtotal = λS + λD
SFF = 1-λDU / λtotal
λS = safe
λSD = safe detectable
λSU = safe undetectable
λD = dangerous
λDD = dangerous detectable
λDU = dangerous undetectable
HFT = Hardware Failure Tolerance
The hardware failure tolerance HFT together with the safe failure fraction SFF determines the safety integrity level SIL. HFT categorizes the amount of faults a system can endure without failing as a system. The higher HFT the higher is the system availability.
- HFT = 0: no redundancy, a single fault can result in loss of safety
- HFT = 1: "simple" redundancy, at least two faults are necessary to cause a safety failure
- HFT = 2: double redundancy, at least 3 faults are necessary to result in a loss of safety
Since the safety function of all individual parts has to be taken into consideration a fully redundant architecture may be necessary depending on the required SIL level.
SFF – HFT – SIL – Type A, Type B
| Safe Failure Fraction (SFF) | Hardware Fault Tolerance (Type A – simple subsystem) |
Hardware Fault Tolerance (Type B – complex subsystem) |
||||
|---|---|---|---|---|---|---|
| SIL4 | 0 | 1 | 2 | 0 | 1 (0*) | 2 (1*) |
| < 60% | SIL1 | SIL2 | SIL3 | – | SIL1 | SIL2 |
| 60%… <90% | SIL2 | SIL3 | SIL4 | SIL1 | SIL2 | SIL3 |
| 90%… <99% | SIL3 | SIL4 | SIL4 | SIL2 | SIL3 | SIL4 |
| ≥ 99% | SIL3 | SIL4 | SIL4 | SIL3 | SIL4 | SIL4 |
| * With proven-in-use demonstration acc. to IEC 61511 (only for SIL < 4) | ||||||
Safety Lifecycle
Needed documents for certification:
- Product Specification
- Functional Specification
- Safety Requirement Specification
- Development plan
- Verification and Valdiation Plan
- Hardware development documents
- Software development documents
- Construction drawings
- Hardware Verification- and Testplans
- Hardware Test results
- Software Verifications and Testplans
- Software Test results
- Failure Mode and Effects Analysis (FMEA)
- Quantitativ verification of safety
- Technical customer documentation
