SIL 3 is a topic that routinely comes up in discussions related to the development of safety-critical systems. Do I need SIL 3 capabilities? How do I know? What will it cost?
These are questions that everyone involved in safety-critical applications is confronted with and correct answers are critical to maximizing the efficiency and reliability of a process plant.
Let’s take a look at the most important aspects of SIL 3 and find out exactly what they mean for your organization.
Safety Integrity Levels (SILs) are a measure of the impact that a Safety Instrumented Function (SIF) has over the risk associated with a specific hazard. The higher the SIL level is, the more efficient that function will be at reducing the risk it mitigates.
SIL 3 is one of the safety integrity levels defined by the IEC 61508 standard. It is defined by a risk reduction factor of 1.000 – 10.000 of failure on demand and 10-8 – 10-7 for probability of failure per hour. It is a quantitative assessment of the acceptable failure level for a security function and it is therefore representative for its safety and reliability.
IEC 61508 defines 4 safety integrity levels, labeled from SIL 1 to SIL 4. SIL 3 is the highest safety integrity level that is economically feasible for most industrial operations.
The safety integrity level (SIL) of a Safety Instrumented Function (SIF) in a Safety Instrumented System (SIS) is not chosen at random, or on a best-effort basis. Instead, the appropriate SIL level is determined, based on a number of methods such as Safety Layer Matrix (SLM), Layer of Protection Analysis (LOPA) or Fault Tree Analysis (FTA).
These methods take into account the types of accident that can occur within your organization, their probability, the way they are related and their consequences in terms of cost. The SIL level that they recommend is therefore the level appropriate for the risks that your organization faces.
In other words, any given safety integrity level (including SIL 3) is not just a metric that you should aspire to, but a direct reflection of the risk that your organization faces. Within the framework of IEC 61508, risk is defined in terms of cost per time unit.
If SIL 3 is determined as the appropriate SIL, it means that SIL 3 is the minimum integrity level that can reduce the risk (that is, the cost per unit of time) associated with a particular hazard to an acceptable level.
SIL 3 is not the rating of a device, but of the function that a device (or a set of devices) performs. That being said, only certain devices can be used to implement a given safety integrity level. For SIL 3 functions, only devices that are rated for SIL 3 operation can be used or redundance devices with lower SIL.
Evaluating the cost of a safety function is a difficult task, because what you need to consider is not just the upfront cost of implementing it, but also the cost associated with the risk that it mitigates. However, the former is an immediate cost, whereas the latter is essentially a potential cost.
SIL 3 is more expensive than either SIL 1 or SIL 2. Implementing and maintaining it incurs additional operating costs, requires a specific set of knowledge, skills and processes to be developed within the operating team and devices rated for SIL 3 use can be more expensive.
Consequently, SIL 3 is only recommended under critical and specific circumstances. However, the cost of not implementing the appropriate SIL significantly outweighs the cost of implementing it.
SIL 3 is a high safety integrity level that is recommended only under special circumstances. However, where it is deemed appropriate, SIL 3 is critical to ensuring the adequate safety of an operation.