Using valves or actuators in SIL applications
Author - Paul Reeve
The subject of Safety Integrity Levels (SILs) can seem complex to many who are not routinely dealing with automated process safety systems. These articles aim to present the subject in a straightforward way for those who need to know or be reminded of the basics. For a more in-depth treatment, specifically with valves and actuators in mind, consider attending the BVAA oneday SILs course (there’s usually one coming up soon in Banbury!).
Part 1: A basic introduction to Safety Integrity Levels
Introduction
The process industry often involves the control of potentially hazardous processes. The drive for lower operating costs and greater use of automated technology has led to the increased use of safety instrumented systems (SIS) where hazards are involved. This first article in the series looks at the background and derivation of a safety integrity level (SIL). The subsequent articles in future VU Magazines will explain the implications for valve and actuator manufacturers and how their devices can be qualified for use in SIL applications.
The risk reduction model
Determining the reliability requirements of safety instrumented systems needs to be established during the hazard and risk assessment stage. It’s intuitive that hazards with greater potential to inflict harm will require more rigorous protection measures in place to prevent the hazard from occurring. These measures may comprise good mechanical and process plant design, process control systems, relief devices, procedures, alarm response, training, and the like. Ultimately, a plant owner is required to demonstrate that the quantified level of risk to people (workers on-site and the local public) at least meets a tolerable risk target. The actual target figure will depend on a number of factors and will vary according to the possible consequence and frequency of the hazard. For example, in the case of a fatality it might be in the region of 10-6 per year, per individual. (For comparison, that’s similar to the risk of death to an individual by natural disasters in the UK).
Sometimes, the plant hazard & risk assessment might indicate that the more conventional protection measures listed above are not sufficient to achieve the tolerable risk target. (This assessment is not typically something that BVAA manufacturers get involved with). In that case it may be possible to specify the use of a safety instrumented function (SIF) which, as determined by the risk assessment, is allocated a more significant level of risk reduction with respect to a specific hazard.
Figure 1 shows the concept of evaluating the conventional (non-SIF) protection measures to quantify any risk reduction ‘gap’ that could be assigned to a SIF in order to achieve the tolerable risk target. A maximum of only 10-fold risk reduction from each independent measure is permitted [NOTE 1]. On the other hand, the purpose of a SIF is to provide a specified risk reduction greater than 10-fold, 100- fold or even 1,000-fold.
It’s important that the existing measures (or ‘layers of protection’) are independent from each other for them to qualify in the risk reduction model, that is, a failure of one will not cause others to fail.
Risk reduction and SILs
So, what has the determination of the risk reduction ‘gap’ got to do with safety integrity levels? The all-industry functional safety standard BS EN 61508-1 (and its derivative for the process industry, BS EN 61511- 1).
It can be seen from the tables that there are 4 levels, each one corresponding to a decade in the respective numerical range. SILs 1 and 2 are the most common in the process industry, and occasionally SIL 3. (SIL 4 is not intended for the process industry and is certainly to be avoided).
Low and high demand SIFs
Most safety functions in the process industry are ‘low demand’ and hence are measured by their average probability of a dangerous failure on demand (PFDAVG) in accordance with Table 1.
A low demand SIF means it is monitoring the process all the time, but (according to the hazard & risk assessment) it is not expected to act more frequently than once a year. A high demand SIF assumes it receives a demand to act from the process more frequently than once a year. Generally, an action (or “trip”) of a low or high demand safety function requires the plant to be put into the defined safe state (for example, shut down).
The safety requirements specification
Once the need for a SIF is determined (both in terms of what it should do, and its SIL), it needs to be fully specified. This is called the safety requirements specification and is normally written for the whole safety instrumented system (SIS) that performs the function(s) as there is typically more than one function performed by the system. The specification should then be passed to those responsible for the design and engineering of the SIS, including where applicable, any bespoke actuated valve package that forms the final element(s).
Implications for elements
As you might expect, the safety integrity of a SIF has implications on all the devices (or ‘elements’) that are used to make up the entire control loop, such as the sensors, interfaces, trip amplifiers, logic solvers, actuators, valves, etc. Most process industry SIFs have actuated valves as the final element and the system integrity is only as good as the elements it is made of.
In the next article in this series we shall see what a SIL (1, 2, 3 or 4) means for the devices in the final element and what integrity-related properties need to be known about them before they can be used in safety applications. Stay tuned!
For further information about SIL-capable product design, refer to the BVAA ‘Guidelines for suppliers of SIL-capable products’: www. bvaa.org.uk/news/2056/new-guidelines-forsuppliers- of-sil-capable-products
Tel: 01244 457 671
Email: paul.reeve@silmetric.com
Web: www.silmetric.com
Telephone: | 01244 457671 |
Email: | infor@silmetric.com |
Website: | www.silmetric.com |
More information on the Silmetric Ltd BVAA Member Directory Page |
Search related articles: Silmetric LtdIssue 43TestingSILsStandardsTrainingMaster ClassTraining