How can you align the Safety Integrity Level (SIL) with the requirements of your machinery? Understanding standards like EN 62061 is crucial. This standard provides detailed guidelines for the functional safety of electrical, electronic, and programmable control systems. Harmonized with the machinery directive, it ensures compliance with European legal requirements.
This article will guide you through designing control systems in line with PN-EN 62061, assigning the appropriate SIL to safety functions, and ensuring compliance while minimizing risk and maintaining high reliability of machines.
What about the difference between SIL and Performance Level (PL)? In theory, it’s clear, but in production realities, it often raises more questions than answers. Which approach better protects your machines and employees? How can you effectively implement a safety system that won’t fail when needed?
Table of Contents
What is Safety Integrity Level (SIL)?
The Safety Integrity Level (SIL) measures the reliability of safety-related control systems. It sets standards for how effectively a system must operate to reduce risk to an acceptable level. For machinery, according to EN 62061, three SIL levels are defined: SIL 1 to SIL 3. SIL 4 exists in PN-EN 61508 but is not applicable in the machinery industry due to its stringent requirements, reserved for high-risk applications like nuclear, railway, or aerospace industries.
What determines the SIL level for a given safety function? The first step is risk assessment. The EN 62061 standard provides tools to evaluate hazards, potential failure consequences, and exposure frequency. This process aligns safety requirements with the specifics of a process, not a particular industry, but specific applications like controlling an industrial robot, pressure system monitoring, or preventing uncontrolled machine movements.
EN 62061 is harmonized with the machinery directive, ensuring presumed compliance with legal requirements. It offers precise guidelines for designing, testing, and implementing safety control systems. SIL is not just a formal requirement; it’s a practical tool ensuring systems match risk levels, guaranteeing reliability and protection for people and machines in real working conditions.
Designing safety-related control systems based on EN 62061 requires a detailed understanding of how to determine the Safety Integrity Level (SIL) and how to adapt the system to meet it. Here’s a step-by-step approach to tackling this issue in practice.
Safety Integrity Level (SIL) Methodology
1. Understanding Risk and Assigning Required SIL
Every engineer knows the first step is risk analysis. Imagine a machine that can cause harm; you need to assess the severity of potential failure consequences.
- Severity of Harm (Se): How severe could the injury be? Ranges from minor injuries to fatalities.
- Frequency of Exposure (Fr): How often is the operator or worker in the danger zone?
- Probability of Occurrence (Pr): How often does a situation arise that could lead to an accident?
- Possibility of Avoidance (Av): Does the operator have time to react, or are there other defensive mechanisms?
Convert these parameters into numerical values and input them into a risk matrix. Example:
- Se = 3 (severe injuries)
- Fr = 4 (frequent exposure)
- Pr = 3 (medium likelihood)
- Av = 2 (limited avoidance possibility)
Based on this, the standard provides a matrix assigning the required SIL level (e.g., SIL 2).
2. Designing a System Compliant with SIL
With the required SIL known, you can start designing the system. This is where key technical decisions begin.
- System Architecture:
- Choose a configuration (e.g., redundancy 1oo2, 2oo3). The more reliable the system, the easier it is to achieve a high SIL.
- Consider diagnostic coverage (DC), the system’s ability to detect errors. For example, a system with high DC can meet higher SIL requirements.
- Determining Reliability Indicators:
- PFHD (Probability of Dangerous Failure per Hour): This is the statistical probability of a dangerous system failure per hour. The standard indicates which PFHD corresponds to each SIL:
- SIL 1: PFHD from 10^-5 to 10^-6
- SIL 2: PFHD from 10^-6 to 10^-7
- SIL 3: PFHD from 10^-7 to 10^-8
- Use component manufacturers’ data (e.g., relays, controllers) to calculate the PFHD of the entire system.
- PFHD (Probability of Dangerous Failure per Hour): This is the statistical probability of a dangerous system failure per hour. The standard indicates which PFHD corresponds to each SIL:
- Architectural Constraints: Check if the chosen configuration meets the requirements. The standard’s tables provide maximum SIL values achievable with specific architecture and component reliability levels.
3. Validation and Testing
Ensuring the system operates as designed requires validation. Designing is not enough; you must prove it.
- Functional Tests: Does the system respond correctly to emergency situations? Example: opening a guard triggers a machine stop procedure (E-Stop).
- Error Simulation: Introduce controlled faults to see if the system detects and responds correctly.
- Documentation Validation: Ensure all design assumptions are met.
4. System Maintenance and Modifications
The standard requires the system to be maintained in compliance with the assigned SIL throughout its lifecycle.
- Regular reviews and proof tests are mandatory.
- Modifications must be assessed for their impact on the SIL level; each change requires re-validation.
Safety Integrity Level (SIL) vs. Performance Level (PL)
Historically, ISO 13849-1 was developed with machinery safety in mind, making it more commonly used for single machines or complex machine systems. In contrast, IEC 62061, as a sector-specific standard based on IEC 61508, is rooted in process engineering, emphasizing advanced risk and reliability analysis in process control systems. This historical difference is not a rigid division; both standards are compatible and interchangeable, especially since SIL 3 corresponds to PL e, allowing seamless transfer of assessment results between standards.
Main Applications:
- ISO 13849-1: Most commonly used in the machinery industry, where systems combine various technologies like mechanical, hydraulic, and electrical.
- IEC 62061: Preferred in the process industry and production lines, requiring more detailed reliability analyses and complex control systems with redundancy.
There is no obligation to use one standard for a specific system type; the choice depends on the designer’s preference and application specifics. The standards are fully compatible, and their practical application depends more on industry tradition than technical constraints.
Note: Achieving PL e level can sometimes be unattainable due to system architecture!
FAQ: Safety Integrity Level (SIL)
SIL (Safety Integrity Level) is a measure of safety integrity that defines how reliably a safety system can prevent failures leading to hazards. SIL’s importance stems from the need to minimize risk in industrial applications, especially in processes with high safety demands, such as chemical, energy, or machinery industries.
SIL is divided into four levels: SIL 1, SIL 2, SIL 3, and SIL 4. Each level corresponds to a specific range of probability of safety system failure per hour of operation. SIL 4 is the highest reliability level, but in the machinery industry, SIL 1–SIL 3 are most commonly used.
SIL is applied in projects requiring advanced risk analysis and precise safety system reliability assessment. Typical cases include control systems in the process industry, robotic production lines, and applications where failure could lead to severe consequences for life or property.
Yes, SIL levels from IEC 62061 and PL (Performance Level) levels from ISO 13849-1 are compatible. For instance, SIL 3 corresponds to PL e. Depending on the designer’s preference and system characteristics, both standards can be applied, adapting the choice to the application’s specifics.
The process involves risk analysis based on criteria such as hazard frequency, accident avoidance possibility, potential damage severity, and system reliability. Then, the required SIL level is determined, and a system compliant with this level is designed, considering architecture, diagnostics, and redundancy. Finally, validation is conducted to ensure the system meets the requirements.