SIL 103: SIL Certification Demystified
The Initial Steps
First, to understand the SIL concept and its application, we must answer a basic and fundamental question. Why is SIL important? SIL is one means of reducing risk and improving safety. In its most simplistic form, a Safety Integrity Level (SIL) is a measure of safety system performance. A SIL is often implemented when a facility chooses to measurably reduce the risk of a certain process or function. It can be expressed either as a failure rate (in the case of a continuously hazardous failure) or as an amount of risk reduction (in the case of protection systems). In a risk reduction application, a SIL rating corresponds to the probability of failure on demand (PFD) for a Safety Instrumented Function (SIF) or Safety Instrumented System (SIS). The higher the SIL target, the lower the probability of failure on demand for the safety system and the better the system performance. The Risk Reduction Factor (RRF) is the amount of risk that can be reduced by implementing the corresponding SIL system.
Second we must answer, what does a SIL rating mean? A SIL rating measures the ability of a system – comprised of a sensor(s), logic solver(s), and final element(s) – to reduce the overall level of process risk when the system is used as specified and in its intended applications. Individual products or components do not have SIL ratings. Rather, products are suitable for use within a specified risk reduction level. An entire system, not just an individual product, must reduce the risk to the specific level. The SIL suitability of the individual components is immaterial if the combined SIL rating of the entire system is not adequate.
What is Being Certified?
Now, we must identify what it means to claim a functional safety certification expressed as a SIL. Both products and processes can receive such a certification. Product certificates are most common and are issued either by the manufacturer (self-certification), or other independent agency to show that the appropriate calculations have been performed and analysis has been completed on a product to indicate that it is compatible for use within a system of a given SIL. A Failure Mode Effects and Diagnostic Analysis (FMEDA) is typically used to determine the safe / unsafe and detected / undetected failure modes of a product and is a key aspect of ultimately calculating the Safe Failure Fraction (SFF) and PFD of a device.
In addition, full IEC 61508 certification also involves a manufacturer’s design and quality processes. Full certification is less common and implies that a manufacturer’s product development process meets the standards set forth in IEC 61508. However, full certification does not ensure that the individual products are more reliable or have a higher degree of inherent safety. Rather, it adds credibility to the manufacturer’s products and processes.
Next, we need to clarify who the appropriate agencies are that can issue a SIL certificate. On this point, the standards are clear: there are no preferred agencies or companies that have the authority to issue SIL certifications. A variety of consulting firms and agencies provide SIL related services and in some cases generate certificates for work provided. This does not imply that an analysis must be conducted by either a private consulting firm or some other organization. Instead, this is simply an approach for complying with the functional safety standards, in the same way that a self-certification is perfectly acceptable if the manufacturer complies with the appropriate standards and can provide the relevant data to support the certification claims.
Does a Product Require Certification?
Now that we have identified the importance of SIL ratings, discussed basic concepts, and demystified the certification process, we can answer the final question. Does a product need to be SIL certified to be used in a SIL system? The answer is, no. Remember, the individual SIL suitability ratings for the product are only part of the solution. After all, it is the overall SIL of the entire SIF or SIS that is relevant. If the desired SIL target of the SIF or SIS can be achieved by using the PFD claims of a product that is not “certified”, the system may still be able to achieve the desired risk reduction level. In addition, it is entirely appropriate for the end-user to accept valid proven-in-use data to comply with a desired SIL level. A certification is simply a piece of paper that adds credibility to the analysis conducted and results obtained. The certification does not validate the numbers nor ensure that a product or system will provide the required level of safety. System performance depends on a multitude of factors including proper installation, correct maintenance, routine testing, and accurate placement and positioning of sensors. After all, it is important to remember that “you cannot buy safety out of a box.”
The General Monitors Approach
At General Monitors, we employ a SIL compliance approach that reflects our commitment to safety and independent validation. As such, for every product that is suitable for use in a SIL environment, we offer a company issued self-certification and a third-party certification. Some manufacturers prefer to outsource all of their SIL suitability analyses and documentation. While this method is perfectly acceptable, our philosophy is different. We feel that it is our duty as a manufacturer of safety devices to put our name on a certification to emphasize that we are 100% fully responsible for the performance of our products. We build safety into our design and are intimately involved in the reliability engineering and analysis of our products. If our customers have a question regarding the data behind our products, we feel confident that we can provide the answer, without relying on an outside consultant to supply us with information. However, to provide our customers with a heightened level of confidence in our own internal analysis, we ensure that all of our work is reviewed by an internationally recognized functional safety organization for accuracy, conservatism, and thoroughness. Only after our analyses and results are validated do we claim that our products are suitable for use within a specified SIL environment and provide both our own and an independent SIL suitability certification.
At General Monitors, safety is the foundation on which the company was built and has operated successfully for over 45 years. All of our design, manufacturing, and selling decisions are made with the customer’s safety as our ultimate priority. Our SIL philosophy continues to build on this foundation and places the interests of our customers first. Our goal is to take the confusion out of the SIL concepts and present a streamlined and cohesive functional safety approach to our customers.
For more information, please visit our online SIL Resource Center.
Copyright © 2008 General Monitors, Inc. All logos, brand and product names are registered trademarks of their perspective owners. All rights reserved. Questions or comments to email@example.com.