Wikipedia states that, “Safety integrity level (SIL) is defined as a relative level of risk-reduction provided by a safety function, or to specify a target level of risk reduction. In simple terms, SIL is a measurement of performance required for a safety instrumented function (SIF).”
A product’s capacity to enact its safety function when required has become increasingly vital as certification requirements for industrial fire and gas detection (particularly in Europe, with the introduction of the ATEX standard covering Safety Related Devices) now incorporate product measurement and physical performances.
The IEC 61508 standard (Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems) has developed a risk-based approach for calculating the SIL of safety instrumented functions with a comprehensive method for quantifying the safety performance of electrical control systems, including the design idea, the management of the design procedure, operations, and the upkeep of the system throughout its lifespan.
While IEC 61508 delivers the overall framework, the applicable standard for gas detection equipment is EN50402:2005+A1:2008 Electrical apparatus for the detection and measurement of combustible or toxic gases or vapors or of Oxygen. Requirements on the functional safety of fixed gas detection systems.
Why SIL?
Users can gain a number of advantages by employing sensors which are compliant with IEC 61508 and EN50402. They offer assurance to a supplier’s claim of SIL appropriateness, as only a limited number of non-biased, nationally accredited bodies can issue this kind of certification.
Furthermore, lead times for applying SIL-rated functions are lessened, since reliability calculations for end devices are already carried out and available to the user.
To meet IEC 61508 and EN50402, it is necessary to have an integrated system for developing products, evaluating functional safety, refining robustness, and validating performances – an organization-wide high level of quality in work and processes that is passed on to its products.
SIL Basics and Terminology
SIL determines the “Functional Safety” of a safety device, in terms of the probability of failure on demand (PFD). Essentially, it is easier to express the likelihood of failure, rather than that of proper performance (e.g., 1 in 100,000 vs. 99,999 in 100,000).
There are four distinct levels: SIL 1, SIL 2, SIL 3, and SIL 4. A higher SIL level denotes a higher level of associated safety, and a decreased likelihood that a system will fail to perform effectively.
The Risk Reduction Factor is the inverse of the Probability of Failure on Demand. The SIL level is equivalent to the number of zeros in the minimum RRF. To illustrate, with SIL 2, the minimum Risk Reduction Factor is 100 (see table below).
| Safety Integrity Level |
Probability of Failure on Demand |
Risk Reduction Factor |
| SIL 4 |
10-5 to 10-4 |
100,000 to 10,000 |
| SIL 3 |
10-4 to 10-3 |
10,000 to 1,000 |
| SIL 2 |
10-3 to 10-2 |
1,000 to 100 |
| SIL 1 |
10-2 to 10-1 |
100 to 10 |
IEC standard 61508 defines Functional Safety as the safety that control systems offer to an overall process or plant. Functional Safety defines the performance of a safety device (hardware and software) in the instance of an internal failure taking place. The aim is to reach a “safe” state, meaning that the safety device’s internal faults should be sensed by the device itself, and should be displayed with an alert given.
Typical Examples of SIL Levels
| . |
. |
| SIL1 |
A typical ATEX-certified gas detection device (system) complete with the functional approval according to IEC61779 and receiving regular maintenance. |
| SIL2 |
The step from SIL1 to SIL2 typically necessitates self-testing facilities for hardware components, lowered maintenance intervals for the sensors, stringent requirements during development and thoroughly documented software. |
| SIL3 |
As the key requirement is that a single failure shall not result in an unsafe state (fail-safe), the step from SIL2 to SIL3 is typically achieved with redundancy. For detectors and microprocessors, this is the only choice. |
| SIL4 |
Requires redundancy and, sometimes, triple redundancy, along with redundant self-testing and comparison between redundant lines of code. SIL4 is not generally necessary for gas detection. |
As reaching higher SIL levels incurs significantly higher costs, it is important to select the most suitable level carefully. Typically, the process industry companies accept designs up to SIL2, as beyond this point, the safety devices are likely to shut down the monitored production line, or even the entire plant, too frequently to comply with standards.
The Only Line of Gas Sensing Elements on the Market with SIL2 Capability
.jpg)
Every N.E.T. Infrared sensors have attained a safety integrity level of SIL2, as certified by the Functional Safety Assessment released by TUV Nord with Registration No. 17 16483.
In the assessment N.E.T.’s sensors have been tested in agreement with EN 61508:2010 (Parts 1, 2, 3, 4, 5, 6, 7) and EN50402:2017.
The testing showed the sensors to reach a SIL capability of hardware of 2 and SIL capability of software of 3. Two identical modules with SIL capability of 2, when used in redundancy, will reach with SIL capability of 3 if the software of this module already accomplishes SIL3 capability. In this manner, a design with redundant N.E.T. Infrared sensors will attain SIL3 capability.
As there is no other gas sensor available with a higher, certified SIL capacity, N.E.T.’s IR series is the perfect option for those designing gas detection systems and SIL-rated functions who which to achieve the highest levels of functional safety.
This information has been sourced, reviewed and adapted from materials provided by Nano Environment Technology (N.E.T).
For more information on this source, please visit Nano Environment Technology (N.E.T).