In my last Blog I posed the question “What are Safety Integrity levels?”.
A safety integrity level according to IEC 61508 is “discrete level (one out of a possible four), corresponding to a range of safety integrity values, where….”. Actually, the definition is not very useful as an introduction so I cut it short.
The abbreviation for Safety Integrity level is SIL. A SIL is a way of quantifying the level of safety that is either expected or required. There are 4 levels and they are roughly an order of magnitude apart so that for many process control applications a SIL 1 safety function will give a risk reduction of 10, SIL 2 100, SIL 3 1000 and SIL 4 10000.
A hazard analysis as shown below is used to determine what safety functions are required and a risk assessment then determines the required SIL. The risk assessment typically considers things like the number of people who might get hurt, the severity of the injuries and how often someone is exposed to that risk.
It should be remembered that a piece of equipment may be SIL certified as being suitable for use in a safety function with a given SIL but the SIL is attached to a safety function rather than a piece of equipment. In fact a single system can have many safety functions and each of the safety functions could have a different SIL.
When designing a safety function, higher SILs require more measures to be taken to prevent the introduction of errors. This might include better requirements management, more design reviews, the use of coding standards or even the restricted use of certain language features such as pointers or interrupts.
Other safety standards have different forms of SIL:
- Automotive has ASILs which stands for Automotive Safety Integrity Level and in order of increasing safety they are A,B,C and D
- The machinery safety standard ISO 13849 has performance levels a,b,c,d and e
- Avionics has design assurance levels E,D,C,B and A where A offers the most safety and E the least
To me the fact that there are 4 SIL levels also says that you can put a price on safety. Otherwise there would only be one SIL level namely SIL 4. However if everything had to be developed to SIL 4 the products would be so expensive that nobody could afford to buy or use them which wouldn’t increase overall safety.
In the past safety standards have had up to 7 levels. Today some people advocate that SIL 1 and SIL 2 should be combined along with SIL 3 and SIL 4 leaving just two safety levels. For now these people are in the minority and to most experts four safety levels seems about right especially for a basic safety standard such as IEC 61508.
The fact that the levels are an order of magnitude apart also says that when doing a functional safety analysis you shouldn’t be too fussy about getting the numbers correct to 3 decimal places.
Video of the day: https://www.youtube.com/watch?v=75XXvV0oJfg (another tenuous link to the topic under discussion but if nothing else highlights the risks people will take and functional safety is meant to cover foreseeable misuse).
For next time: What are the 3 key requirements for a given SIL?
Enjoying this blog? Read more Safety Matters blogs here.