Functional safety
8.1 General safety notes
SIPART PS2 with PROFIBUS communication
Operating Instructions, 09/2007, A5E00127926-07
109
8.1.2
Safety Integrity Level (SIL)
Definition: SIL
The international standard IEC 61508 defines four discrete Safety Integrity Levels (SIL) from
SIL 1 to SIL 4. Each level corresponds to the probability range for the failure of a safety
function. The higher the SIL of the safety-instrumented system, the higher probability that the
required safety function will work.
The achievable SIL is determined by the following safety characteristics:
●
Average probability of dangerous failure of a safety function in case of demand (PFD
AVG
)
●
Hardware fault tolerance (HFT)
●
Safe failure fractions (SFF)
Description
The following table shows the dependency of the SIL on the average probability of
dangerous failures of a safety function of the entire safety-instrumented system" (PFD
AVG
)
The table deals with "Low demand mode", i.e. the safety function is required a maximum of
once per year on average.
Table 8-1
Safety Integrity Level
SIL
PFD
AVG
4
≥ 10
-5
...< 10
-4
3
≥ 10
-4
...< 10
-3
2
≥ 10
-3
...< 10
-2
1
≥ 10
-2
...< 10
-1
The "average probability of dangerous failures of the entire safety-instrumented system"
(PFD
AVG
) is normally split between the three sub-systems in the following figure.
6HQVRU
HJSUHVVXUH
WHPSHUDWXUHHWF
&RQWUROV\VWHP
RUORJLFXQLW
HJ
3/&
3)'
$9*
FRPSRQHQW
)LQDOFRQWUROOLQJ
HOHPHQW
HJYDOYHZLWKDFWXDWRU
DQGSRVLWLRQHU
Figure 8-2
PFD distribution
The following table shows the achievable Safety Integrity Level (SIL) for the entire safety-
instrumented system for type A sub-systems depending on the proportion of safe failures
(SFF) and the hardware fault tolerance (HFT). Type A sub-systems include analog
transmitters and shut-off valves without complex components, e.g. microprocessors (see
also IEC 61508, Section 2).