SIL Myth
Transcript of SIL Myth
-
8/3/2019 SIL Myth
1/2
CommonSILMyths
--------------------------------------------------------------------------------
1.UsingaSIL3logicsolvermeansthatIhaveaSIL3system.No.WhenusingaSIL3logicsolver,itiscriticalthattheentiresystemisde
signedtoconformtoSIL3requirements.ThePFDfortheentiresystemisimportant.IfauserinstallsaSIL3logicsolverbutdoesnotemployappropriateredundancyordoesnotincorporatecomponentsintothesystemwithcorrectPFDcalculations,thentheentiresystemmaynotcomplywithaSIL3level.Achainisonlyasstrongasitsweakestlink.
2.SIL3suitableproductsarebetterthanSIL1orSIL2suitableproducts.Thisisnotnecessarilytrue.WhileahigherSILlevelcorrespondstoalowerprobabilityoffailureondemand,aSIL2suitableproductmaybeperfectlyacceptableforuseinaSIL3environmentif,forexample,theprooftestingintervalisincreasedorifredundancyisused.Itisveryimportantforanend-usertounderstandtheoperatingrequirementsoftheproductswithinagivenSILenvironm
enttoensurethatonceinstalled,theproductsmaintaintheirSILsuitabilitylevels.Incorrectinstallation,prooftesting,orconfigurationoftheproductscouldmaketheSILsuitabilitylevelinaccurate.
3.TherearemanyagenciesthatarecapableofissuingSILcertifications.Thereareveryfewnationallyaccreditedbodiesthatcanissuenationallyaccreditedcertifications,includingFM,TUV,andSira.Manyunaccreditedconsultingfirmsissuecertificatesthatindicatetheyhavereviewedtheproductand/orprocessforconformancetocertainpartsoftheIEC61508standard.Thestandarddoesnotmandatethatcertaincompaniesoragenciesareabletocertifyproductsandsystems.Rather,itissuggestedthatanalysisiseitherconductedorvalidatedbyanindependentthirdparty.
4.AvendorcandeterminewhetherasystemmeetstherequirementsofIEC61511.No.Onlytheendusercanensurethatthesafetysystemisimplementedtobecompliantwiththestandards.Itisuptotheusertoensurethatprocedureshavebeenfollowedproperly,theprooftestingisconductedcorrectly,andsuitabledocumentationofthedesign,process,andproceduresexists.Theequipmentorsystemmustbeusedinthemannerinwhichitwasintendedinordertosuccessfullyobtainthedesiredriskreductionlevel.JustbuyingSIL2orSIL3suitablecomponentsdoesnotensureaSIL2orSIL3system.
5.AcustomermustpurchaseacompleteSILbasedsolution,evenifsomefunctionsdonotrequireaSILlevel.FormostapplicationstherewillonlybeafewSIFfunctionsbeinghandledbyth
esystem,andthevastmajorityofthecircuitsmaynotneedtobeSILratedatall.IfthecustomerspecifiesSIL2orSIL3fortheentiresystemhemayaddconsiderablecostwithlittleornobenefitorimprovementinsafety.
6.SafetyandReliabilityarethesamething.No.Safetyandreliabilityareoftenlinkedbutarenotthesamething.SafetyisdefinedintheIEC61508standardsasfreedomfromunacceptablerisk.Asafesystemshouldprotectfromhazardswhetheritisperformingreliablyornot.Safetyengineeringassuresthatasafetysystemperformsasneeded,evenwhenpiecesfail.Infact,safetyengineersassumethatsystemswillfail,anddesignaccordingly.
Reliabilityisameasureofhowwellthesystemdoesexactlywhatitisintended
todowhenoperatedinaspecificmanner.Areliablesystemmaynotalwaysbeasafesystem.Thechallengeinfunctionalsafetyistoensurethatasystemisbothreliableandsafe.
-
8/3/2019 SIL Myth
2/2