Common SIL Myths

1. Using a SIL 3 logic solver means that I have a SIL 3 system.
No. When using a SIL 3 logic solver, it is critical that the entire system is designed to conform to SIL 3 requirements. The PFD for the entire system is important. If a user installs a SIL 3 logic solver but does not employ appropriate redundancy or does not incorporate components into the system with correct PFD calculations, then the entire system may not comply with a SIL 3 level. “A chain is only as strong as its weakest link.”

2. SIL 3 suitable products are better than SIL 1 or SIL 2 suitable products.
This is not necessarily true. While a higher SIL level corresponds to a lower probability of failure on demand, a SIL 2 suitable product may be perfectly acceptable for use in a SIL 3 environment if, for example, the proof testing interval is increased or if redundancy is used. It is very important for an end-user to understand the operating requirements of the products within a given SIL environment to ensure that once installed, the products maintain their SIL suitability levels. Incorrect installation, proof testing, or configuration of the products could make the SIL suitability level inaccurate.

3. There are many agencies that are capable of issuing SIL certifications.
There are very few nationally accredited bodies that can issue nationally accredited certifications. Other consulting firms issue certificates that indicate that the product and / or process has been reviewed by an independent third party. The standards do not mandate that certain agencies are able to certify products and systems. Rather, it is suggested that analysis is either conducted or validated by an independent third party. There are a variety of agencies that perform this service.

4. A vendor can determine whether a system meets the requirements of IEC 61511.
No. Only the end user can ensure that the safety system is implemented to be compliant with the standards. It is up to the user to ensure that procedures have been followed properly, the proof testing is conducted correctly, and suitable documentation of the design, process, and procedures exists. The equipment or system must be used in the manner in which it was intended in order to successfully obtain the desired risk reduction level. Just buying SIL 2 or SIL 3 suitable components does not ensure a SIL 2 or SIL 3 system.

5. A customer must purchase a complete SIL based solution, even if some functions do not require a SIL level.
For most applications there will only be a few SIF functions being handled by the system, and the vast majority of the circuits may not need to be SIL rated at all. If the customer specifies SIL 2 or SIL 3 for the entire system he may add considerable cost with little or no benefit or improvement in safety.

6. “Safety” and “Reliability” are the same thing.
No. Safety and reliability are often linked but are not the same thing. Safety is defined in the IEC 61508 standards as “freedom from unacceptable risk.” A safe system should protect from hazards whether it is performing reliably or not. Safety engineering assures that a safety system performs as needed, even when pieces fail. In fact, safety engineers assume that systems will fail, and design accordingly.

Reliability is a measure of how well the system does exactly what it is intended to do when operated in a specific manner. A reliable system may not always be a safe system. The challenge in functional safety is to ensure that a system is both reliable and safe.