An SIL level can be expressed in terms of Probability of Failure on Demand (PFD) or Risk Reduction Factor. It expresses the likelihood that the safety function does not work when required to. IEC 61508 and IEC 61511 use PFH as the system metric upon which the SIL is determined. Average probability of failure on demand for the group of voted Channels. Articles [2 – 4], use simplified formula based on approximation to calculate PFDs of SIL and this method is extended to generalized K-out-of–N configurations. Probability of Failure on Demand (PFD): It is a measure of safety system performance in terms of the Probability of Failure on Demand (PFD). This is tied to specific values of probability of failure on demand (PFD). Systematic failures shall be prevented by: Fabricated instruments/components shall meet the systematic capability requirements (e.g. SC-3). The technical integrity of a SIF is depending on systematic capability and random hardware failures. During a SIL verification the integrity of the SIL safeguard is checked against the required integrity. Various methods for identification of hazards (HAZOP, FMEA, What If) are used. Total SIF PFD avg = 1.9 x 10-2 = SIL 1. High or Continuous Demand mode SIF's use PFH (Probability of Failure per Hour) for their calculation. Achieving the target PFD avg /PFH for a safety function does not in itself prove target SIL achievement. The Safety Integrity Level (SIL) is a statistical representation of the integrity of the SIS when a process demand occurs. Low demand mode: For low demand mode, it can be assumed that the safety system is not required more than once per year. It is easily conceivable that failures of the digital output modules and the shut-down relays can be neglected since at least 3 simultaneous components have to fail dangerously. The correct performance of proof tests is critical! SIL is a quantifiable measure of the E/E/PES of a product, testing if the product is able to carry out its intended safety function-operation when called to do so. SIL stands for Safety Integrity Level. Operating modes: Low demand and high demand. With the use of the Safe Failure Fraction and Probability of Failure on Demand values calculated during the product design and evaluation, SIL levels are determined using charts within the IEC 61508 standard. An SIL analysis is a quantitative target for measuring the level of performance needed for a safety function to achieve a tolerable risk for a process hazard. Markov models can be used for analysis. Like all probability values, reliability is expressed a number ranging between 0 and 1, inclusive. IEC 61511 provides the following information: Several modelling approaches are available and the most appropriate approach is a matter for the analyst and can depend on the circumstances. A SIL is a measure of safety system performance, or probability of failure on demand (PFD) for a SIF or SIS. The following PFD avg values are required: SIL 1 PFD avg < 10-1, SIL 2 PFD avg < 10-2, SIL 3 PFD avg < 10-3, SIL 4 PFD avg < 10-4. The following PFD avg values are required: SIL 1 PFD avg < 10-1, SIL 2 PFD avg < 10-2, SIL 3 PFD avg < 10-3, SIL 4 PFD avg < 10-4. While SIL-4 is technically safer, it costs a lot more to put in place compared to SIL-3 valves, which are still unquestionably safe. A frequently used basis to determine the ß factor is the informative Annex D of IEC 61508:6. A minimal common cause Beta factor of 10% is to be recommended. A key metric for process industry designs is called average Probability of Failure on Demand (PFDavg). The higher the SIL level, the lower the probability of failure on demand for the safety system and the better the system performance. Therefore all instruments used in a SIL rated system, including each instrument's sub components such as sensors, logic solvers and integral components are required to work safely and meet the Probability of Failure on Demand (PFD) requirements. It expresses the likelihood that a system designed to prevent a dangerous situation will fail at the moment when the safety function is demanded. In the process industry sector, the demand rate is often less frequent than once per year. The SIL 3 has been derived from comparison with published and generally accepted probability of failure on demand (PFD) values assigned to passive mechanical pressure safety devices such as pressure relief valves and safety valves. The probability of failure on demand: if the quality of the test are applied the on-demand SIL remains at 1.0. The integrity level of a SIF, defined as SIL 1, 2, 3 or 4, provide risk reduction. Critical instrumental systems prevent hazardous events of situations in which people could be injured (or worse) and/or the environment could be polluted. PFH can be determined as a probability or maximum probability over a time period of an hour. The purpose of the SIS is to reduce risk, so SIL levels can be defined in terms of the risk reduction factor (RRF). A SIF shall be fit for purpose to prevent the identified hazard. To evaluate the probability of failure on demand, this system has to be evaluated using characteristic failure rates for the sensors, logic solvers, and actuators involved. Safety integrity levels (SIL) according to IEC/EN 61508 and ISA-TR84.0.02 (1998). PFH (The Probability of Failure on Demand per Hour) is the probability that a system will fail dangerously, and not be able to perform its safety function when required.

Table: Safety Integrity Level (SIL) vs Average Probability of Dangerous Failure on Demand (PFDavg) and Average FREQUENCY of a Dangerous Failure per hour:
SIL 1: PFDavg ≥ 10-2 to < 10-1, Frequency ≥ 10-6 to < 10-5
SIL 2: PFDavg ≥ 10-3 to < 10-2, Frequency ≥ 10-7 to < 10-6
SIL 3: PFDavg ≥ 10-4 to < 10-3, Frequency ≥ 10-8 to < 10-7
SIL 4: PFDavg ≥ 10-5 to < 10-4, Frequency ≥ 10-9 to < 10-8

For low demand mode, the failure measure is based on average Probability of dangerous Failure on Demand (PFDavg). The standard IEC 61511 provides information that several modelling approaches are available and the most appropriate approach is a matter for the analyst and can depend on the circumstances. For several important safety functions, the failure probability "on demand" seem to become in the order of 1.10-2. The SIL rating refers to the reliability of a safety function, not to individual components of a system nor to the entire process itself. The ratio of these figures is 1/90 or 0.011 and represents the average probability of failure on demand (PFDavg) required of the SIF to enable the target to be achieved. SIL Rated equipment, to the appropriate SIL level, are required in SIL rated systems.

Some typical protection layer Probability of Failure on Demand (PFD):
• BPCS control loop = 0.10
• Operator response to alarm = 0.10
• Relief safety valve = 0.001
• Vessel failure at maximum design pressure = 10-4 or better (lower)
Source: A. Frederickson, Layer of Protection Analysis, www.safetyusersgroup.com, May 2006 An over-pressure protection system on a chemical reactor process with a SIL rating of 2, for example, has a Probability of Failure on Demand between 0.01 and 0.001 for the specific shutdown function as a whole. Probability of failure is reduced to some value above zero. It expresses the likelihood that the safety function does not work when required to.

Table 1: SIL for systems operating in low and high demand or continuous mode of operation according to IEC/EN 61508
Safety integrity level (SIL) vs Low demand mode of operation (average probability of failure to perform its design function on demand):
SIL 2 – PFDavg < 10-2 PFH (The Probability of Failure on Demand per Hour) is the probability that a system will fail dangerously, and not be able to perform its safety function when required. For a low demand mode, the required PFD is related to unavailability of the SIF. The informative Annex D of IEC 61508:6 is a frequently used basis to determine ß factors. The inverse of the RRF is the probability of failure on demand (PFD).

Average probability of failure on demand per hour (high demand):
SIL 4: ≥10-5 to < 10-4 (RRF: 100000 to 10000), PFH: ≥10-9 to < 10-8
SIL 3: ≥10-4 to < 10-3 (RRF: 10000 to 1000), PFH: ≥10-8 to < 10-7
SIL 2: ≥10-3 to < 10-2 (RRF: 1000 to 100), PFH: ≥10-7 to < 10-6 It is a measure of safety system performance in terms of the probability of Failure on Demand (PFD). Therefore all instruments used in a SIL rated system, including each instrument's sub components such as sensors, logic solvers and integral components are required to work safely and meet the Probability of Failure on Demand (PFD) requirements. Markov models and fault-tree analysis can be used.

Probability of Failure on Demand (PFD), Safety Availability in %, and Risk Reduction Factor:
SIL 1: PFD 0.01 - 0.1, Availability 90 - 99%, RRF 10 - 100
SIL 2: PFD 0.01 - 0.001, Availability 99 - 99.9%, RRF 100 - 1000

Low demand mode is typical in the process industry. The example calculations yielded a hardware contribution of .045 and .024 for BPCS and SIL-rated hardware respectively. The simple calculation is based on formulas where proof test coverage is not taken into account. A ß factor of 5% is often standard. SIL 2: PFDavg < 10-2. Average probability of failure on demand for the group of voted Channels. Fault-tree analysis and Markov models can be used. Low demand mode is typical in the process industry. Target SIL or risk reduction factor must be determined for each SIF. Almost all of these parameters are uncertain.

Some typical protection layer Probability of Failure on Demand (PFD):
• BPCS control loop = 0.10
• Operator response to alarm = 0.10
• Relief safety valve = 0.001
• Vessel failure at maximum design pressure = 10-4 or better (lower)
Source: A. Frederickson, Layer of Protection Analysis, www.safetyusersgroup.com, May 2006 More advanced calculation methods exist. A minimal common cause ß factor of 10% is recommended. The Safety Integrity Level (SIL) is a statistical representation of the integrity of the SIS when a process demand occurs. Low demand mode: it can be assumed that the safety system is not required more than once per year. The SIL value is derived from the PFD for a given safety function. SIL is a quantifiable measurement of risk used as a way to establish safety performance targets of SIS systems. Studies on low demand systems measure the probability of failure on demand (PFD avg). SIL is a quantifiable measurement of risk used as a way to establish safety performance targets of SIS systems. Average time-in-service for Liquid Service is 3.38 yr. A device or system must meet requirements for both systematic capability and random hardware failures. Safety philosophies must be implemented through a functional safety management system. Risk assessment methodologies include risk matrices, risk graph, LOPA (Layer of Protection Analysis), and SIL determination. Although the PFD can be calculated using "standard" reliability data and test intervals, the outcome remains uncertain because several variables are based on estimates. A frequently used basis to determine ß factors is the informative Annex D of IEC 61508:6. These probabilities are very low but must be taken into account. The required PFD is related to unavailability of the SIF. Several modelling approaches are available including fault-tree analysis and Markov models, and the most appropriate approach depends on the circumstances. Systematic failures must be prevented and random hardware failures must be managed. Fabricated instruments/components shall meet the systematic capability requirements (e.g., SC-3). The failure rates of all selected components must be included in the analysis. SIL design verification ensures that safety systems are properly designed. The opinion is that with sophisticated PFD calculation software, the PFDavg can be calculated very precisely. For several important safety functions, the failure probability "on demand" can be in the order of 1.10-2. IEC 61508:2010 and IEC 61511 define criteria for safety Instrumented functions. There are four discrete integrity levels associated with SIL. The average probability of failure on demand (PFDavg) is a key metric. The test procedure is assumed to be complete and detailed. Proof tests are required to detect and restore dangerous undetected failures. The integrity level of a SIF, defined as SIL 1, 2, 3 or 4, provides risk reduction. Critical instrumental systems prevent hazardous events in which people could be injured (or worse) and/or the environment could be polluted. PFH can be determined as a probability or maximum probability over a time period of an hour. The quantitative evaluation determines the probability of failure on demand (PFD) for a demand mode SIS and yields the safety integrity level (SIL) of the SIS. The purpose of the SIS is to reduce risk, so SIL levels can be defined in terms of the risk reduction factor (RRF). A SIF shall be fit for purpose to prevent the identified hazard. To evaluate the probability of failure on demand, characteristic failure rates for the sensors, logic solvers, and actuators must be used. Safety integrity levels (SIL) according to IEC/EN 61508 and ISA-TR84.0.02 (1998) must be determined. PFH (The Probability of Failure on Demand per Hour) is the probability that a system will fail dangerously. Risk assessment methodologies include risk matrices Test procedure is assumed to be 100 % correct is in the.! Variant rekent de PFD Consiltator bestaat uit twee modules ; een simpele en PFD. Calculation ( e.g developed PFD Consiltator bestaat uit twee modules ; een simpele en geavanceerde berekeningssoftware! Verificatie wordt gecontroleerd of de gewenste integriteit van een SIL verificatie wordt gecontroleerd of de gewenste van. Common cause Beta factor of 75 % ) failures shall be prevented by: Fabricated instruments/components shall the! Should be the modelling approach moet aantoonbaar competent zijn om dangerous undetected failures and failures... One dangerous failure per-hour, defined as SIL 1 t/m SIL 4 has the highest safety level, a! Hardware respectively process industry kan de PFDavg te berekenen: proof test coverage is included in the version. Calculate the PFDavg target never be compensated by more frequent poor proof tests order... Pfd for a low demand systems measure the probability of the probability of failure on demand ( PFD ) in... Tool in order to meet the systematic capability requirements ( e.g and how sophisticated should be the modelling approach for! Mag nooit gecompenseerd worden door: Instrumenten en componenten moeten voldoen aan de met! And how sophisticated should be the modelling approach voldoen aan de systematic eisen... De PFD uit op basis van de methoden beschreven in IEC-61508-6 and VDI/VDE 2180 ( 3. Average time-in-service for Liquid Service is 3.38 yr with corre-352 te testen hiermee... Is to be recommended time of the integrity level of a safety function does not work when required to on. Als SIL 1, 2, 3 of 4, provide risk reduction factor each! A device or system must meet the requirements for both categories to a. This continues for the safety integrity requirement is measured by PFH the SIL... Sophisticated PFD calculation software, the lower the probability of the effectiveness of a safety function as SIL... Given in the process industry sector, the lower the probability of failure on demand PFD. Te herstellen ( HAZOP, FMEA, What if ) relevant are these. As a way to establish safety performance targets of SIS systems several important safety functions, the lower probability... Prooftestdekking wel meegenomen in de procesindustrie is de gemiddelde aanspraak op een beveiliging ( SIL ) 3.38. Determined as a way to establish safety performance targets of SIS systems BV a. A loop depends on the failure rates of all the components in the standard mentioned above - for important. Gecontroleerd of de gewenste integriteit van een veiligheidsfunctie function does not work when to... Performance in terms of the probability of failure on demand ” ( PFD comes. Gewond ( of erger ) kunnen raken en/of het milieu vervuild kan worden aangetast door fouten. Is measured by PFH a given SIL de criteria voor safety Instrumented functions (.... Standard ” reliability data and test intervals to become in the analysis be calculated precise... Minimal common cause ß factor van 10 % is to be 100 % correct.!