Search
-
Recent Posts
Recent Comments
- Gabi Spencer on The importance of Process Hazard Analysis studies
- Ephraim Gasitene Phonela on The importance of Process Hazard Analysis studies
- Gabi Spencer on ESC’s TÜV Rheinland Cyber Security Training Program
- David Dewdney on ESC’s TÜV Rheinland Cyber Security Training Program
- David Balfour on Functional Safety (FS) for Technicians – Proposed CompEx modules
Archives
- May 2022
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- January 2020
- July 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- November 2018
- August 2018
- April 2018
- March 2018
- February 2018
- November 2017
- May 2017
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- August 2015
- June 2015
- May 2015
- February 2015
- November 2014
- September 2014
- July 2014
- April 2014
Categories
SIL Determination Methods: Which is best for me?

With so many SIL Determination methods which is best for you? Risk Graph / Risk Matrix, Quantitative Assessment (ie FTA) or Layers of Protection Analysis (LOPA).
Key to achieving Functional Safety is a robust process for identifying required levels of risk reduction, expressed in IEC 61508 / IEC 61511 as Safety Integrity Levels: SIL.
Once each hazardous event and the requirements for additional risk reduction (in the form of Safety Instrumented Functions – SIFs) have been identified, the next step is to determine the required SILs: ‘SIL Determination’. There are several approaches to this, each with their own pros and cons. None of which would be considered a “one size fits all” approach; the most suitable method will depend on several factors[1]:
- The complexity of the scenario under consideration
- The severity of the consequences – clearly more attention, in terms of analysis, should be paid to higher consequence events
- The required risk reduction -the level of detail applied in the analysis should correspond to the size of the gap between the risk target and the estimated risk
- the information available on the parameters relevant to the risk.
SIL Determination methods
So with the many SIL Determination methods out there – all tried and tested, which is best for you?
Risk Graph / Risk Matrix
Risk Graphs/ Risk Matrices are widely used as screening tools and methods for prioritising process risks. The Risk Matrix is a fully qualitative technique where the SIL requirement for a SIF is embedded in the matrix and is selected based on the Hazardous Likelihood, Severity (normally based on the company specific risk criteria) and the number of protection layers.
The Risk Graph is a, generally speaking, slightly more detailed approach, where the SIL requirement of a SIF can be based on the Consequence, Occupancy, Probability of Avoiding the Hazard and Demand Rate.
These techniques tend to produce inherently conservative results which is why they are commonly used as screening tools, especially where there are a large number of SIFs to assess. A typical approach (as stated in IGEM/SR/15) would be to screen the SIFs, and those which have been identified as having a target of SIL 2 or greater would be subject to a more quantified approach such as Fault Tree Analysis (FTA) or LOPA.
These assessments rely heavily on the correct calibration of the matrix/graph, so it is essential that there is a record of all assumptions and information used in the decision-making process.
Quantitative Assessment (i.e. FTA)
A Fault Tree Analysis is a fully quantitative approach and tends to be the best method for complex scenarios or for higher integrity systems (i.e. SIL
3) where a linear approach such as a LOPA/Risk Graph may not be sufficient; think inter-twining scenarios where some Independent Protection Layers (IPLs) are only applicable to some initiating events. Perhaps you have conditional or common events; or maybe you have different SIFs mitigating against different initiating events for the same hazardous scenario.
A FTA, although more time consuming, provides the necessary level of detail for these more complex scenarios with a less conservative output compared to the Risk Graph technique.
LOPA
Layers of Protection Analysis (LOPA) is probably the most popular and commonly-used method for SIL Determination in the Process Sector.
Why? It’s what we would say is a good all-rounder (in terms of conservativism and time efficiency) which makes it the ‘go to’ method suitable for the majority of scenarios.
The key to a successful LOPA is in the preparation; an agreed Terms of Reference which pre-defines the Initiating Event Frequencies, Conditional Modifiers and IPLs’ figures.
The systematic approach provides a methodical structure to assess the layers of protection (think famous onion diagram!), which prevent the initiating events from occurring and resulting in the unwanted consequence.
Another advantage of this method is that since numerical risk targets are assigned to specific consequence severity levels, the user can assess if the residual risk meets the corporate criteria. In the cases where it doesn’t, the SIF is required to meet the identified target failure measure (i.e. the risk gap), expressed in terms of SIL.
SIL Determination Methods at ESC
ESC’s Consultants have the experience and expertise to facilitate SIL Determination studies using the technique most suitable for your application.
Why not download our ProSET Software for a free 14-day trial to see how it can help you with compliance with IEC 61508/IEC 61511?
[1] IEC 61511-3: Functional safety – Safety instrumented systems for the process industry sector