A common way of ranking the dependability of a Safety Instrumented Function (SIF) is to use a simple numerical scale from one to four, with four being extremely dependable and one being only moderately dependable:
Safety Integrity Level (SIL)
The Required Safety Availability (RSA) value is synonymous with dependability: the probability (Note 1) that a Safety Instrumented Function will perform its duty when faced with a dangerous process condition.
Conversely, the Probability of Failure on Demand (PFD) is synonymous with undependability:
the mathematical complement of RSA (PFD = 1 − RSA),
expressing the probability that the SIF will fail to perform as needed, when needed.
Note 1: Probability is a quantitative measure of a particular outcome’s likelihood. A probability value of 1, or 100%, means the outcome in question is certain to happen. A probability value of 0 (0%) means the outcome is impossible. A probability value of 0.3 (30%) means it will happen an average of three times out of ten.
Conveniently, the SIL number matches the minimum number of “nines” in the Required Safety Availability (RSA) value.
For instance, a safety instrumented function with a Probability of Failure on Demand (PFD) of 0.00073, will have an RSA value of 99.927%, which equates to a SIL 3 rating.
It is important to understand what SIL is, and what SIL is not. The SIL rating refers to the reliability of a safety function, not to individual components of a system nor to the entire process itself.
An over-pressure protection system on a chemical reactor process with a SIL rating of 2, for example, has a Probability of Failure on Demand between 0.01 and 0.001 for the specific shutdown function as a whole.
This PFD value incorporates failure probabilities of the sensor(s), logic solver, final control element(s), and the process piping including the reactor vessel itself plus any relief valves and other auxiliary equipment.
If there arises a need to improve the PFD of this reactor’s over-pressure protection, safety engineers have a variety of options at their disposal for doing so.
The safety instruments themselves might be upgraded, a different redundancy strategy implemented, preventive maintenance schedules increased in frequency, or even process equipment changed to make an over-pressure event less likely.
SIL ratings do not apply to an entire process. It is quite possible that the chemical reactor mentioned in the previous paragraph with an over-pressure protection system SIL rating of 3 might have an over-temperature protection system SIL rating of only 2, due to differences in how the two different safety systems function.
Adding to this confusion is the fact that many instrument manufacturers rate their products as approved for use in certain SIL-rated applications.
It is easy to misunderstand these claims, thinking that a safety instrumented function will be rated at some SIL value simply because instruments rated for that SIL value are used to implement it.
In reality, the SIL value of any safety function is a much more complex determination.
It is possible, for instance, to purchase and install a pressure transmitter rated for use in SIL 2 applications, and have the safety function as a whole be less than 99% reliable (PFD greater than 0.01, or a SIL level no greater than 1) due to the effect of Lusser’s Law (Note 2).
Note 2 : Lusser’s Law of Reliability states that the total reliability of a system dependent on the function of several independent components is the mathematical product of those components’ individual reliabilities.
Example :
A system with three essential components, each of those components having an individual reliability value of 70%, will exhibit a reliability of only 34.3% because 0.7×0.7×0.7 = 0.343.
This is why a safety function may utilize a pressure transmitter rated for use in SIL-3 applications, but exhibit a much lower total SIL rating due to the use of an ordinary final control element.
As with so many other complex calculations in instrumentation engineering, there exist software packages with all the necessary formulae pre-programmed for engineers and technicians alike to use for calculating SIL ratings of safety instrumented functions.
These software tools not only factor in the inherent reliability ratings of different system components, but also correct for preventive maintenance schedules and proof testing intervals so the user may determine the proper maintenance attention required to achieve a given SIL rating.
