SIL Frequently Asked Questions / FAQs

1 de 6

http://www.gmsystemsgroup.com/sil/sil_faqs.html

07/05/2016 03:25 p.m.

SIL Frequently Asked Questions / FAQs

2 de 6

http://www.gmsystemsgroup.com/sil/sil_faqs.html

SIL References

Quick References

Resource Center
SIL Statement

About Us
Solutions

Click on a FAQ Topic Below

SIL Suitable Products

Applications
What is a SIS?

SIL Information
SIL FAQs

What is a SIF?
What is SIL?

Common SIL Myths

What does functional safety mean?

Useful SIL Links

Why were the ANSI/ISA 84, IEC

61508, and IEC 61511 standards
developed?
When do I need a SIF or a SIS?
What is a proof-test interval?
What is a Process Hazard Analysis
(PHA) and who conducts this?
What voting configurations are
required for each SIL level?
Will a SIL rated system require
increased maintenance?
Can a F&G system be a SIF or SIS?
What is SIL 4?
Can an individual product be
SIL rated?

What type of communication buses

or protocols are applicable for SIL 2
or SIL 3 systems?

SIL Resource Center

For General Monitors, how can I

access the PFD and MTBF data for
the product?

FAQs

Can a manufacturer state their

products are SIL X certified rather
than suitable for use in a SIL X
system?
Can a manufacturer state their
products meet all parts of the
requirements of IEC 61508 parts
1 to 7?
What does "SIL X suitable" mean, is
this a valid statement as per the
standard IEC 61508 or can other
wording be used?

Articles

Library
Home

Contact Us
Locations
Ask a Question
Request a Quote
Rep QuickFind
Feedback

1. What is a SIS?
A SIS is a Safety Instrumented System. It is designed to prevent or mitigate
hazardous events by taking the process to a safe state when predetermined
conditions are violated. A SIS is composed of a combination of logic solver(s),
sensor(s), and final element(s). Other common terms for SISs are safety
interlock systems, emergency shutdown systems (ESD), and safety shutdown
systems (SSD). A SIS can be one or more Safety Instrumented Functions
(SIF).
2. What is a SIF?
SIF stands for Safety Instrumented Function. A SIF is designed to prevent or
mitigate a hazardous event by taking a process to a tolerable risk level. A SIF
is composed of a combination of logic solver(s), sensor(s), and final
element(s). A SIF has an assigned SIL level depending on the amount of risk
that needs to be reduced. One or more SIFs comprise a SIS.
3. What is SIL?
SIL stands for Safety Integrity Level. A SIL is a measure of safety system
performance, or probability of failure on demand (PFD) for a SIF or SIS. There
are four discrete integrity levels associated with SIL. The higher the SIL level,
the lower the probability of failure on demand for the safety system and the
better the system performance. It is important to also note that as the SIL level
increases, typically the cost and complexity of the system also increase.
A SIL level applies to an entire system. Individual products or components do
not have SIL ratings. SIL levels are used when implementing a SIF that must
reduce an existing intolerable process risk level to a tolerable risk range.
4. What does functional safety mean?
Functional safety is a term used to describe the safety system that is
dependent on the correct functioning of the logic solver, sensors, and final
elements to achieve the desired risk reduction level. Functional safety is
achieved when every SIF is successfully carried out and the process risk is
reduced to the desired level.
5. Why were the ANSI/ISA 84, IEC 61508, and IEC 61511
standards developed?
The standards were a natural evolution for the need to reduce process risk and
improve safety through a more formalized and quantifiable methodology.

07/05/2016 03:25 p.m.

SIL Frequently Asked Questions / FAQs

3 de 6

http://www.gmsystemsgroup.com/sil/sil_faqs.html

Additionally, and specifically for IEC 61508, as the application and usage of
software has evolved and proliferated, there was an increased need to develop
a standard to guide system / product designers and developers in what they
needed to do to ensure and claim that their systems / products were
acceptably safe for their intended uses.
Click here for additional information on Standards.
6. When do I need a SIF or a SIS?
The philosophy of the standards suggests that a SIS or SIF should be
implemented only if there is no other non-instrumented way of adequately
eliminating or mitigating process risk. Specifically, the ANSI/ISA-84.00.01-2004
(IEC 61511 Mod) recommends a multi-disciplined team approach that follows
the Safety Lifecycle, conducts a process hazard analysis, designs a variety of
layers of protection (i.e., LOPA), and finally implements a SIS when a
hazardous event cannot be prevented or mitigated with something other than
instrumentation.
7. What is a proof-test interval?
Proof testing is a requirement of safety instrumented systems to ensure that
everything is working and performing as expected. Testing must include the
verification of the entire system, logic solver, sensors, and final elements. The
interval is the period of time that the testing occurs. The testing frequency
varies for each SIS and is dependent on the technology, system architecture,
and target SIL level. The proof-test interval is an important component of the
probability of failure on demand calculation for the system.
8. What is a Process Hazard Analysis (PHA) and who
conducts this?
A PHA is an OSHA directive that identifies safety problems and risks within a
process, develops corrective actions to respond to safety issues, and preplans
alternative emergency actions if safety systems fail. The PHA must be
conducted by a diverse team that has specific expertise in the process being
analyzed. There are many consulting and engineering firms that also provide
PHA services. PHA methodologies can include a What-If Analysis, Hazard and
Operability Study (HAZOP), Failure Mode and Effects Analysis (FEMA), and a
Fault Tree Analysis.
9. What voting configurations are required for each SIL level?
Obtaining a desired SIL level is dependent on a multitude of factors. The type
of technology employed, the number of system components, the probability of
failure on demand (PFD) numbers for each component, the system
architecture (e.g., redundancy, voting), and the proof testing intervals all play a
significant role in the determination of a SIL level. There is not a standard
answer for what voting configurations are required for each SIL level. The
voting architecture must be analyzed in the context of all the factors noted
above.
10. Will a SIL rated system require increased maintenance?
SIL solutions are certainly not always the most cost-effective solutions for
decreasing process risk. Many times, implementing a SIL solution will require
increased equipment, which inevitably will require increased maintenance.
Additionally, it is likely that the higher the SIL level, the more frequent the proof
testing interval will be, which may ultimately increase the amount of system
maintenance that is required. This is why the standards recommend a SIL
based solution only when process risk cannot be reduced by other methods, as
determined by LOPA.
11. Can a F&G system be a SIF or SIS?
A Fire and Gas (F&G) system that automatically initiates process actions to
prevent or mitigate a hazardous event and subsequently takes the process to a
safe state can be considered a Safety Instrumented Function / Safety
Instrumented System.
However, it is absolutely critical in a F&G system to ensure optimal sensor
placement. If there is incorrect placement of the gas / flame detectors and
hazardous gases and flames are not adequately detected, then the SIF / SIS
will not be effective.

07/05/2016 03:25 p.m.

SIL Frequently Asked Questions / FAQs

4 de 6

http://www.gmsystemsgroup.com/sil/sil_faqs.html

Correct sensor placement is more important than deciding whether a F&G SIF
/ SIS should be SIL 2 or SIL 3.
12. What is SIL 4?
SIL 4 is the highest level of risk reduction that can be obtained through a
Safety Instrumented System. However, in the process industry this is not a
realistic level and currently there are few, if any, products / systems that
support this safety integrity level.
SIL 4 systems are typically so complex and costly that they are not
economically beneficial to implement. Additionally, if a process includes so
much risk that a SIL 4 system is required to bring it to a safe state, then
fundamentally there is a problem in the process design which needs to be
addressed by a process change or other non-instrumented method.
13. Can an individual product be SIL rated?
No. Individual products are only suitable for use in a SIL environment. A SIL
level applies to a Safety Instrumented Function / Safety Instrumented System.
14. What type of communication buses or protocols are
applicable for SIL 2 or SIL 3 systems?
The type of communication protocol that is suitable for a SIL 2 or SIL 3 system
is really dependent on the type of platform that is being used. Options include,
but are not limited to: 4-20 mA output signal, ControlNet (Allen Bradley),
DeviceNet Safety (Allen Bradley), SafetyNet (MTL), and PROFIsafe. Currently,
the ISA SP84 committee is working on developing guidelines for a safety bus,
to make sure that the foundations comply with IEC 61508, and IEC 61511
standards. The first devices with a safety bus should be available by 2008. The
Fieldbus Foundation is actively involved in the committee and working on
establishing Foundation Fieldbus Safety Instrumented Systems (FFSIS) project
to work with vendors and end users to develop safety bus specifications.
15. For General Monitors, how can I access the PFD and MTBF
data for the products?
The General Monitors SIL certificates have the PFD, SFF, and SIL numbers
that correspond to each product. MTBF data can be provided by request.
16. Can a manufacturer state their products are SIL X
certified rather than suitable for use in a SIL X system?
Individual products are only suitable for use in a SIL environment. A SIL level
applies to a Safety Instrumented Function / Safety Instrumented System.
Product certificates are issued either by the manufacturer (self-certification), or
other independent agency to show that the appropriate process is followed,
calculations have been performed, and analysis has been completed on the
individual products to indicate that they are compatible for use within a system
of a given SIL level.
Full IEC 61508 certification can apply to a manufacturers processes. Full
certification implies that a manufacturers product development process meets
the standards set forth in the appropriate parts of sections 2 3 of IEC 61508
(including hardware / system and software). Receiving full certification from an
accredited notifying body gives the end user confidence that the
manufacturers engineering process has been reviewed and its products
electrical content, firmware and logic have been assessed and conform to the
guidelines set forth in the standard.
There are very few nationally accredited bodies that can issue nationally
accredited certifications. Other consulting firms issue certificates that indicate
that the product and / or process has been reviewed by an independent third
party.

17. Can a manufacturer state their products meet all parts of

the requirements of IEC 61508 parts 1 to 7?
IEC 61508 consists of the following parts, under the general title Functional

07/05/2016 03:25 p.m.

SIL Frequently Asked Questions / FAQs

5 de 6

http://www.gmsystemsgroup.com/sil/sil_faqs.html

Safety of electrical/electronic/programmable electronic safety-related systems:

Part 1: General requirements
Part 2: Requirements for electrical / electronic/programmable electronic
safety-related systems
Part 3: Software requirements
Part 4: Definitions and abbreviations
Part 5: Examples of methods for the determination of safety integrity levels
Part 6: Guidelines on the application of parts 2 and 3
Part 7: Overview of techniques and measures
To be in compliance with the standard, it is necessary to conform to Parts 1
3. Parts 4 8 are informative only and can be useful in understanding and
applying the standard, but do not have requirements for conformance.
Manufacturers of products generally meet Section 2 requirements to determine
through a FMEDA analysis that their products are suitable for use within a
given SIL level.
Companies choosing to certify their engineering processes and receive full IEC
61508 certification will also comply with Section 3 as it relates to software
development.

18. What does SIL X suitable mean, is this a valid statement as

per the standard IEC 61508 or can any other wording be used?
SIL stands for Safety Integrity Level. A SIL is a measure of safety system
performance, or probability of failure on demand (PFD) for a SIF or SIS. There
are four discrete integrity levels associated with SIL. The higher the SIL level,
the lower the probability of failure on demand for the safety system and the
better the system performance. It is important to also note that as the SIL level
increases, typically the cost and complexity of the system also increase.
A SIL level applies to an entire system if it reduces the risk in the amount
corresponding to an appropriate SIL level. Individual products or components
do not have SIL ratings. SIL levels are used when implementing a SIF that
must reduce an existing intolerable process risk level to a tolerable risk range.
To be compliant with the standards. It is up to the user to ensure that
procedures have been followed properly, the proof testing is conducted
correctly, and suitable documentation of the design, process, and procedures
exists. The equipment or system must be used in the manner in which it was
intended in order to successfully obtain the desired risk reduction level. Just
buying SIL 2 or SIL 3 suitable components does not ensure a SIL 2 or SIL 3
system.

P hone + 1- 949-699-4464 | Email us he r e | 26806 Vist a Te r r ace | Lake For e st, C alif or nia 92630 U SA

07/05/2016 03:25 p.m.

SIL Frequently Asked Questions / FAQs

6 de 6

http://www.gmsystemsgroup.com/sil/sil_faqs.html

07/05/2016 03:25 p.m.