Servomex 2223A, Functional Safety Manual, Page: 9 / 17

2223A Oxygen Transmitter Functional Safety Manual
02223006A / Revision 0 5
2.12 Safety integrity level (SIL)
The international standard IEC 61508 defines four Safety Integrity Levels from SIL1 to
SIL4. Each of these corresponds to a range of probabilities that the safety function will fail.
The higher the SIL the greater the probability that the safety function will work when
required to do so.
The achievable SIL is determined by a number of factors that include the safety
management procedures and lifecycle activities carried out during the development of a
product or system. This manual only considers product hardware failures and so covers the
following characteristics:-
•
Product type (A or B)
•
Hardware fault tolerance
•
Safe failure fraction
•
Average probability of a dangerous failure of the safety function on demand
(PFD
AVG
) and associated proof test interval
The following table shows the relationship between hardware fault tolerance and safe
failure fraction for a Type B subsystem (see IEC 61508 Section 2).
HFT
SFF
0 1 2
<60% Not allowed SIL1 SIL2
60 to 90% SIL1 SIL2 SIL3
90 to 99% SIL2 SIL3 SIL4
>99% SIL3 SIL4 SIL4
The following table shows the dependency of the SIL on the probability of failure on
demand (PFD
AVG
) for low demand mode of operation.
Safety Integrity
Level
Low Demand Mode of Operation
Average Probability of Failure to Perform
Safety Function on Demand
4
≥
10
-5
to 10
-4
3
≥
10
-4
to 10
-3
2
≥
10
-3
to 10
-2
1
≥
10
-2
to 10
-1