Safety Integrity Level (SIL) is a measure of safety system performance - not a measure of process risk. The higher the level of risk, the greater the system performance required. Based on a hazard and risk analysis, each individual Safety Instrumented Function (SIF) is assigned a required performance level, or SIL. Safety Instrumented Systems may have different SILs for each of its individual SIFs.



Industrial plants require a multidiscipline team to evaluate and assign SIL performance levels for SIFs, not a specific person. Common departments assigned to the team are process, mechanical design, safety, operations and control systems. Quantitative or qualitative analysis is used to calculate the SIL of each SIF:

ALARP, Risk Matrix and Risk Graphs

ALARP (As Low As Reasonably Practicable), Risk Matrixes and Risk Graphs are qualitative methods of determining SIL. Qualitative data is faster and easier, but is also subjective and many engineers are not comfortable using this data to assign performance levels. Systems analyzed using qualitative data are often over designed, adding unnecessary costs.

LOPA (Layer of Protection Analysis)

LOPA is a quantitative method that identifies and analyzes the effects of independent layers of protection (IPL) - devices, systems or actions capable of preventing a hazardous event. LOPA are extremely detailed and require members of an organization to agree on risk tolerance levels. Quantitative analysis typically delivers lower levels of required performance, reducing safety system costs.


Layer of Protection Analysis

Once SILs are assigned using quantitative or qualitative analysis and independent protection layers considered, a Safety Requirement Specifications (SRS) is written to describe the functional and integrity requirements of the system. Functional requirements describe the system inputs, outputs and logic. Integrity requirements describe the performance needed for each function. Incomplete or incorrect specifications cause 44% of accidents in safety applications, stressing the importance of fully understanding the functional and integrity requirements of the system.

Device failure rates - dangerous detected (DD), dangerous undetected (DU), safe detected (SD) and safe undetected (SU) - are required to calculate SIL. Failures In Time (FITs) is the data owner/operators require to calculate of Probability of Failure on Demand (PFD), Safe Failure Fraction (SFF), Risk Reduction Factor (RRF), Safety Availability (SA) and Mean Time to Failure (MTTF). This FIT data makes calculating target SIL levels rather easy for simplex (1oo1) systems.

Dangerous failures occur if a component is unavailable when a demand is required. Device diagnostics greatly reduce the chance of dangerous failures. Safe failures, also known as nuisance /spurious trips, often lead to unplanned shutdowns. Sensor voting logic is commonly used to avoid nuisance trips and improve system performance.