SIL Level and Safety Function meaning

Reading time: 4 minutes - Difficulty: advanced
What is a safety function? How does it embed in a safety-related system? How to calculate the SIL level? Find out more about the meaning of functional safety.

Meaning of SIF

A SIF (Safety Instrumented Function) is a safety function with a specific safety level, necessary to reach or maintain a safe state.

A SIF can be:

  • Protection function, safety function able to maintain a safe state when a dangerous event occurs
  • Mitigation function, safety function able to reach a safe state after a dangerous event occurs Control function, safety function able to maintan a safe state during its normal functioning

 

Recommended in-depth study:

 

Meaning of SIS

An SIS (Safety Instrumented System) is a series of devices and software that perform one or more safety instrumented functions (SIF).

An SIS consists of:

  • Subsystem, an entity of the SIS high-level architectural project where the failure of any subsystem leads to the failure of a SIF
  • Element, part of a subsystem comprising a single component or group of components performing one or more safety functions
  • Component, basic parts of an element (e.g. transistor, screw, seal, etc.)
  • Safety Instrumented Function, as above, safety function with a specific safety level, necessary to reach or maintain a safe state, which can be a protection (or mitigation) or control function

 

sil acronimo

 

Meaning of SIL

SIL (Safety Integrity Level) is defined as a discrete level (from 1 to 4), corresponding to a range of safety integrity values, where 4 is the highest safety integrity level and 1 is the lowest.

Safety integrity levels are used to specify the safety integrity requirements of the safety functions to be assigned to E/E/PE safety systems.

The parameters to be considered for reaching the SIL target are:

  • the average probability of the occurrence of a dangerous failure for the safety function, (PFDavg), (low-demand operating mode)
  • the average probability of the occurrence (per hour) of a dangerous failure for the safety function (high-demand operating mode), (PFH)
  • the average probability of the occurrence (per hour) of a dangerous failure for the safety function (PFH) (continuous operating mode)

 

SIL (Safety Integrity Level) PFDavg (Average probability of failure on demand per year (low demand mode) RRF (Risk Reduction Factor) Average Probability of failure on demand per hour (high demand or continuous mode)
SIL 4 ≥ 10-5 to < 10-4 100.000 to 1.000 ≥ 10-9 to < 10-8
SIL 3 ≥ 10-4 to < 10-3 10.000 to 1.000 ≥ 10-8 to < 10-7
SIL 2 ≥ 10-3 to < 10-2 1.000 to 100 ≥ 10-7 to < 10-6
SIL 1 ≥ 10-2 to < 10-1 100 to 10 ≥ 10-6 to < 10-5

 

Recommended in-depth study:

 

Operating modes

An operating mode is defined as the way in which a safety function operates, which may be

  • Low-demand Mode: where the safety function is performed only upon request, in order to transfer the EUC to a specified safety status, and where the frequency of requests does not exceed one per year; or
  • High-demand Mode: where the safety function is performed only upon request, in order to transfer the EUC to a specified safety status, and where the frequency of requests is greater than one per year; or
  • Continuous Mode: where the safety function keeps the EUC in a safe state as part of normal operation.

 

An example. Overspeed protection of a gas turbine is a safety feature generally designed to operate in low-demand mode (the probability associated with the overspeed scenario is usually considered less than once per year).

 

Download Infographics

Do you want to contribute to our page? Follow us on Linkedin

 

In this case, the SIL target will be assigned in terms of the average probability of Failure on Demand.

But the same gas turbine is also used to pressurise the aircraft cabin. In this case, pressure is continuously regulated to keep the internal atmosphere constant regardless of the altitude the aircraft reaches. The risk associated with a loss of cabin pressure is hypoxia.

In this case, the SIL target will be assigned in terms of the Average Probability of Failure per hour, i.e. Continuous Mode.

 

Do you want to learn more about Functional Safety?

What does HARA mean for ISO 26262?

The HARA method The HARA method aims at identifying and categorizing hazardous events of items, and also at specifying safety goals according to ISO 26262 and ASILs (Automotive Safety Integrity Levels) related to the prevention or mitigation of the associated hazards in order to avoid unreasonable risk. This means that the combination of a hazard […]

Read more

A brief introduction to ISO 26262

ISO 26262 Standard Application It covers the implementation of functional safety through electrical and/or electronic (E/E) systems, and presents a specific lifecycle for items used in the automotive sector. Thus, it provides a reference for the automotive safety life cycle and supports the adaptation of activities to be performed during the lifecycle phases, i.e. development, […]

Read more
Byhon Logo bianco

Subscribe to our newsletter to stay up to date on Functional Safety and Industrial Cyber Security news and events

ISCRIVITI
close-link
Send this to a friend