United Kingdom | english

# Safety Integrity Level (SIL)

Functional safety in accordance with EN IEC 62061

EN/IEC 62061 represents a sector-specific standard under IEC 61508. It describes the implementation of safety-related electrical control systems on machinery and examines the overall lifecycle from the concept phase through to decommissioning.

In contrast to EN 61508, EN IEC is published in the Official Journal of the EU as a harmonised standard under the Machinery Directive. As such, presumption of conformity applies for this standard.

## Contents of EN/IEC 62061

EN 62061 addresses the issue of risk assessment using a risk graph, which in this case is in the form of a table. It also deals with the validation of safety functions based on structural and statistical methods.

As with EN 13849-1, the objective is to establish the suitability of safety measures to reduce risks. Even with this standard, extensive calculations are required. We can significantly reduce the work involved with our software package PAScal Safety Calculator. Simply download the calculation tool free of charge or use the Safety app PASmsi.

### What is risk assessment like in accordance with EN 62061?

Risk assessment is an iterative process. This means it may be necessary to go through the process more than once. The risk must be estimated and the SIL defined for each hazard on which the risk is to be reduced through control measures.

The risk is estimated in accordance with EN 62061, under consideration of the following points:

• Severity of injury (Se)
• Frequency and duration of exposure (Fr)
• Probability of occurrence of a hazardous event (Pr)
• Probability of avoiding or limiting harm (Av)

## SIL classification in accordance with EN 62061

Severity classification (Se)

Impact Severity (Se)
Irreversible: death, losing an eye or arm 4
Irreversible: broken limb(s), losing a finger(s) 3
Reversible: requiring attention from a medical practitioner 2
Reversible: requiring first aid 1

Frequency and duration of exposure classification (Fr)

Frequency of exposure Duration (Fr) > 10 m*
<= 1h 5
> 1 h to <= 1 day 5
> 1 day to <= 2 weeks 4
> 2 weeks to <= 1 year 3
> 1 year 2

* If the duration is less than 10 min, the value can be rounded down to the next level.

Probability classification (Pr)

Probability of occurrence Probability (Pr)
Very high 5
Likely 4
Possible 3
Rarely 2
Negligible 1

Probability of avoiding or limiting harm classification (Av)

Probability of avoiding or limiting harm Avoiding and limiting (Av)
Impossible 5
Rarely 3
Probable 1

SIL assignment matrix

The SIL is determined using the following table. The class (Cl) is calculated as follows Cl = Fr + Pr + Av.

Severity (Se)

Class (Cl)
3 - 4
Class (Cl)
5 - 7
Class (Cl)
8 - 10
Class (Cl)
11 - 13
Class (Cl)
14 - 15
4 SIL 2 SIL 2 SIL 2 SIL 3 SIL 3
3   (OM) * SIL 1 SIL 2 SIL 3
2     (OM) SIL 1 SIL 2
1       (OM) SIL 1

* AM = other measures

### Which requirements need to be considered?

The selection or design of the relevant safety function must always meet the following minimum requirements:

The hardware's safety integrity requirements, consisting of

• Architectural constraints for hardware safety integrity
• Requirements for the probability of dangerous random hardware failures
• Systematic safety integrity requirements (requirements for avoiding failures and requirements for controlling systematic faults)

Architectural constraints for hardware safety integrity

The SIL that is achieved by the SRECS (Safety-Related Electrical Control System) due to architectural constraints is less than or equal to the lowest SILCL of any system involved in performing the safety function. The architecture of the control system and the "safe failure fraction" (SFF) play an important role here.

Architectural constraints of subsystems:

Safe failure fraction
(SFF)
Hardware fault tolerance
HFT 0
Hardware fault tolerance
HFT 1
Hardware fault tolerance
HFT 2
< 60 % Not permitted SIL 1 SIL 2
60 % to < 90 % SIL 1 SIL 2 SIL 3
90 % to < 99 % SIL 2 SIL 3 SIL 3
>= 99 % SIL 3 SIL 3 SIL 3

HFT: Hardware fault tolerance
SFF: Safe failure fraction
SILCL: SILclaim (max. SIL that may be claimed for a subsystem)

### Requirements for the probability of dangerous random hardware failures

The probability of a dangerous failure of each safety-related control function (SRCF) as a result of dangerous random hardware failures shall be equal to or less than the failure threshold value defined in the specification of the safety requirements.

SIL level in accordance with EN 62061 Average probability of a dangerous failure per hour (PFHD) [1/h]
SIL 3 >= 10 E-8 to < 10 E-7
SIL 2 >= 10 E-7 to < 10 E-6
SIL 1 >= 10 E-6 to < 10 E-5

Why not try out our free calculation tool (PAScal), which you can use to determine the relevant characteristic values with ease.

### EN IEC 61511: Functional safety - Safety instrumented systems for the process industry sector

The standard EN IEC 61511 defines the minimum requirements of safety-related systems in the process industry. It is based on IEC 61508, but has been tailored to the process industry.

Part 1: Framework, definitions, system, hardware and software requirements
Part 2: Guidelines for the application of Part 1
Part 3: Guidance for the determination of the required safety integrity level

### Contents of EN IEC 61511

Safety-related systems have been used for safety-related functions within the process industry for many years. To use process control technology for safety functions effectively, it must fulfil certain minimum requirements and performance levels.

EN IEC 61511 requires that a hazard and risk analysis is carried out. The specification of safety-related systems is to be derived from this analysis. Other safety systems are only considered in terms of their contribution when examining the performance requirement of the safety-related systems. The safety system constitutes all components and subsystems necessary for carrying out safety-related functions, from sensors to actuators. The “safety life cycle” and the “safety integrity level” (SIL) form the basis for the application of this international standard.

The safety-related systems considered in the standard are based on electrical (E) /, electronic (E) / and programmable electronic (PE) technology. If other technologies are used to implement logic control systems, the fundamental principles of this standard should be applied accordingly. This standard also considers the sensors and actuators on safety-related systems, irrespective of the technology with which they are designed.

Within the scope of IEC 61508, the standard IEC 61511 is tailored exactly to the process industry.

Further information:

Contact

Pilz Automation Ltd
Pilz House, Little Colliers Field
Corby, Northants, NN18 8TJ
United Kingdom

Telephone: +44 1536 460766
E-Mail: sales@pilz.co.uk

Technical Support

Telephone: +44 1536 462203
E-Mail: techsupport@pilz.co.uk