Using a SIL 3 logic solver means that I have a SIL 3 system.
No. When using a SIL 3 logic solver, it is critical that the entire system
is designed to conform to SIL 3 requirements. The PFD for the entire system
is important. If a user installs a SIL 3 logic solver but does not employ
appropriate redundancy or does not incorporate components into the system
with correct PFD calculations, then the entire system may not comply with
a SIL 3 level. “A chain is only as strong as its weakest link.”
2. SIL 3 suitable products are better than SIL 1 or SIL 2 suitable
This is not necessarily true. While a higher SIL level corresponds to
a lower probability of failure on demand, a SIL 2 suitable product may
be perfectly acceptable for use in a SIL 3 environment if, for example,
the proof testing interval is increased or if redundancy is used. It is
very important for an end-user to understand the operating requirements
of the products within a given SIL environment to ensure that once installed,
the products maintain their SIL suitability levels. Incorrect installation,
proof testing, or configuration of the products could make the SIL suitability
3. There are many agencies that are capable of issuing SIL certifications.
There are very few nationally accredited bodies that can issue nationally accredited certifications, including FM, TUV, and Sira. Many unaccredited consulting firms issue certificates that indicate they have reviewed the product and / or process for conformance to certain parts of the IEC 61508 standard. The standard does not mandate that certain companies or agencies are able to certify products and systems. Rather, it is suggested that analysis is either conducted or validated by an independent third party.
4. A vendor can determine whether a system meets the requirements
of IEC 61511.
No. Only the end user can ensure that the safety system is implemented
to be compliant with the standards. It is up to the user to ensure that
procedures have been followed properly, the proof testing is conducted
correctly, and suitable documentation of the design, process, and procedures
exists. The equipment or system must be used in the manner in which it
was intended in order to successfully obtain the desired risk reduction
level. Just buying SIL 2 or SIL 3 suitable components does not ensure
a SIL 2 or SIL 3 system.
5. A customer must purchase a complete SIL based solution, even
if some functions do not require a SIL level.
For most applications there will only be a few SIF functions being handled
by the system, and the vast majority of the circuits may not need to be
SIL rated at all. If the customer specifies SIL 2 or SIL 3 for the entire
system he may add considerable cost with little or no benefit or improvement
6. “Safety” and “Reliability” are the
No. Safety and reliability are often linked but are not the same thing.
Safety is defined in the IEC 61508 standards as “freedom from unacceptable
risk.” A safe system should protect from hazards whether it is performing
reliably or not. Safety engineering assures that a safety system performs
as needed, even when pieces fail. In fact, safety engineers assume that
systems will fail, and design accordingly.
Reliability is a measure of how well the system does exactly what it is
intended to do when operated in a specific manner. A reliable system may
not always be a safe system. The challenge in functional safety is to
ensure that a system is both reliable and safe.
Copyright ©2009 General Monitors, Inc. All logos, brand and product names
are registered trademarks of their perspective owners. All rights reserved.
Questions or comments to firstname.lastname@example.org