S.I.L. DETERMINATION
CONTENTS
1.0 SCOPE
2.0 CODES STANDARDS AND REFERENCES
3.0 OUTLINE OF METHOD
4.0 DETAILED PROCEDURE
5.0 TABLES OF INDICES
- SCOPE
-
- This process engineering design guideline provides a qualitative method for assigning the Safety Integrity Level (S.I.L.) to instrumentation related to safety
- The procedure requires that the process engineer determines the required SIL which is to be approved by the project safety representative as well as the client before adoption as the design criterion for instrumentation.
- CODES STANDARDS AND REFERENCES
-
- I.E.C. 61508 is the governing standard in which all matters related to S.I.L. are given. It has the status of an international standard and has superseded I.S.A.-S84.01-1996.
- Reference should also be made to the Departmental Operating Procedures on HAZOP studies
- When working on projects for Shell refer to Shell DEP 32.80.10.10-Gen
- "Process Equipment Reliability Data", Center for Chemical Process Safety, AICE, 1989
- "OREDA - Offshore Reliability Data", Oreda Participants, Pennwell Publishing, Norway, 1984
- EPRI AP2071, Component Failure and Repair Data for Coal-fired Power Plants, EPRI, Palo Alto, California
- EPRI AP2205, Component Failure and Repair Data: Gasification - Combined Cycle Power Generation Units, EPRI, Palo Alto, California, 1982
- ICI (Imperial Chemical Industries) Data Book.
- A Measure of Refinery Reliability, J.R. McIntire, Mobil Oil Corporation
- OUTLINE OF METHOD
- In recognition that accidents happen, society is tolerant of a small risk of death through accident at work. All references on Quantitative Risk Assessment quote tables of Fatal Accident Rates (FAR) due to various activities. Present statistical evidence supports a value of 1 death per 104 years, as tolerable for workers in the chemical industry. As a reference point, for dangerous sporting activities such as rock climbing and hang gliding the participants seem to tolerate a higher FAR than is tolerable in the working environments.
- Suppose an event were to occur in which there was a potential to kill 100 (102) workers (i.e. a death potential of 102). If this event were likely to happen every 10 years ( i.e. a frequency of 10-1 per year). Then a system of recognizing the event and stopping it from happening in 99,999 times out of every 100 000 would be required to reduce the fatal accident rate to the tolerable level arrived at above ( i.e. with a probability of failure on demand of 10-5). The probability of failure on demand is related to the Safety Integrity Level by the following table (Table 2 in part 1 of I.E.C.61508)
|
TABLE 2: from part 1 of I.E.C.61508
SAFETY INTEGRITY LEVELS: TARGET FAILURE
MEASURES
|
|
SAFETY INTEGRITY LEVEL
|
DEMAND MODE OF OPERATION
(Probability of failure to perform its design function on demand)
|
CONTINUOUS/HIGH DEMAND MODE OF OPERATION
(Probability of a dangerous failure per year)
|
|
4
|
³10-5 to <10-4
|
³10-5 to <10-4
|
|
3
|
³10-4 to <10-3
|
³10-4 to <10-3
|
|
2
|
³10-3 to <10-2
|
³10-3 to <10-2
|
|
1
|
³10-2 to <10-1
|
³10-2 to <10-1
|
It will be seen that the SIL is numerically equal to the power to which 10 has been raised at the upper limit of the probability of failure on demand but opposite in sign. This gives the clue to the method contained herein. in the example above, the calculation is:
T = C X F x M X S
where :- T is the tolerable death rate due to accident
C is the potential number of deaths in the postulated event
F is the likely frequency of the event
M is the probability of failure of the normal process controls
S is the required probability of failure of the safety related instrumentation to achieve the tolerable death rate.
If all the above factors are expressed as powers of 10 then the multiplication may be made by adding the indices and since the SIL is numerically equal to the index of S. The above equation when re written in terms of the indices to base 10 becomes:
T = C + F + M + S
In solving for (-S) the equation becomes:
Safety Integrity Level (S.I.L.) = (-S) = C + F + M - T
- DETAILED PROCEDURE
- Call a meeting to identify and agree the hazardous situations which require safety related instrumentation systems and ensure that judgments made regarding consequences and frequency of hazard are made by properly qualified people. As well as the client, who may appoint a safety specialist, the assigned project safety manager or his appointed deputy should be present
- Use a HAZOP style of procedure to identify those events which result in a hazard. If a safety study of any type has already been performed, the results of that study should be used to take a first pass at identifying the hazards.
- In discussing the consequences of deviations from normal processing conditions use the tables in the following section to assign the indices representing severity of consequences, frequency of occurrence and efficacy of mitigation due to normal process controls.
- The indices of consequence, frequency, and mitigation by existing instrumentation agreed should be recorded in the record of the meeting.
- The client should indicate his agreement to the indices assigned by his signature on the study report.
- An icon has been placed at the end of this section in the electronic version of this procedure. Double clicking will launch a Lotus 123 spreadsheet which can be used to record the indices agreed during the SIL assessment meeting. The spreadsheet has an inbuilt calculating ability which converts these indices into the required S.I.L.
| 