SIL Level and Safety Function meaning

What is a safety function? How does it embed in a safety-related system? How to calculate the SIL level? Find out more about the meaning of functional safety.

Meaning of SIF

A SIF (Safety Instrumented Function) is a safety function with a specific safety level, necessary to reach or maintain a safe state.

A SIF can be:

• Protection function, safety function able to maintain a safe state when a dangerous event occurs
• Mitigation function, safety function able to reach a safe state after a dangerous event occurs Control function, safety function able to maintan a safe state during its normal functioning

Meaning of SIS

An SIS (Safety Instrumented System) is a series of devices and software that perform one or more safety instrumented functions (SIF).

An SIS consists of:

• Subsystem, an entity of the SIS high-level architectural project where the failure of any subsystem leads to the failure of a SIF
• Element, part of a subsystem comprising a single component or group of components performing one or more safety functions
• Component, basic parts of an element (e.g. transistor, screw, seal, etc.)
• Safety Instrumented Function, as above, safety function with a specific safety level, necessary to reach or maintain a safe state, which can be a protection (or mitigation) or control function

Meaning of SIL

SIL (Safety Integrity Level) is defined as a discrete level (from 1 to 4), corresponding to a range of safety integrity values, where 4 is the highest safety integrity level and 1 is the lowest.

Safety integrity levels are used to specify the safety integrity requirements of the safety functions to be assigned to E/E/PE safety systems.

The parameters to be considered for reaching the SIL target are:

• the average probability of the occurrence of a dangerous failure for the safety function, (PFDavg), (low-demand operating mode)
• the average probability of the occurrence (per hour) of a dangerous failure for the safety function (high-demand operating mode), (PFH)
• the average probability of the occurrence (per hour) of a dangerous failure for the safety function (PFH) (continuous operating mode)

Operating modes

An operating mode is defined as the way in which a safety function operates, which may be

• Low-demand Mode: where the safety function is performed only upon request, in order to transfer the EUC to a specified safety status, and where the frequency of requests does not exceed one per year; or
• High-demand Mode: where the safety function is performed only upon request, in order to transfer the EUC to a specified safety status, and where the frequency of requests is greater than one per year; or
• Continuous Mode: where the safety function keeps the EUC in a safe state as part of normal operation.

An example. Overspeed protection of a gas turbine is a safety feature generally designed to operate in low-demand mode (the probability associated with the overspeed scenario is usually considered less than once per year).

In this case, the SIL target will be assigned in terms of the average probability of Failure on Demand.

But the same gas turbine is also used to pressurise the aircraft cabin. In this case, pressure is continuously regulated to keep the internal atmosphere constant regardless of the altitude the aircraft reaches. The risk associated with a loss of cabin pressure is hypoxia.

In this case, the SIL target will be assigned in terms of the Average Probability of Failure per hour, i.e. Continuous Mode.