Scan code consultation:
0755-2102 2109
Current location: Home Service SIL certification
Basic concepts and certification content involved in SIL certification

SINO Testing Services

| 2019-12-13|Return

1Concept of functional safety

What is functional safety? Functional safety is a component of overall safety related to EUC or EUC control systems, depending on electrical

Correct operation of gas/electronic/programmable electronic (E/E/PE) safety systems, other technical safety systems, and external risk reduction facilities


How to exercise it correctly? The main content includes two aspects: management and technology. Ensure that the E/E/PE safety system, other technical safety systems, and external risk reduction facilities can perform safety functions when needed, both technically and administratively.

In the field of process industry such as petrochemicals and chemical engineering, safety instrumented systems are used to describe safety related systems. SIS (Safe Instrumented Systems) is an instrument system used to implement one or several instrument safety functions, which can be composed of any combination of sensors, logic solvers, and terminal components

A Safety Instrumented Function is a safety function that has a specific SIL and is used to achieve functional safety. It can be a safety protection system or a safety control system

2SIS overall safety lifecycle

The overall safety lifecycle of a SIS includes concept, overall scope definition, hazard and risk analysis, overall safety requirements, safety requirement allocation, overall safety plan preparation (operation and maintenance plan, overall safety confirmation plan, overall installation and commissioning plan), implementation of E/E/PES safety related systems, implementation of other safety related systems, implementation of external hazard reduction facilities, overall installation and commissioning Overall safety confirmation, overall operation and maintenance, overall modification and modification, shutdown and handling.

Each stage of the overall safety lifecycle has its own related functional safety activities and requirements. The implementation of the E/E/PES safety related system includes two parts: hardware implementation and software implementation. This stage is achieved by designing to meet the SIL requirements of the system. So, we say that functional safety is designed.

The implementation phase of E/E/PES safety related systems includes safety requirement specifications (safety function requirement specifications and safety integrity requirement specifications), safety confirmation plans, design and development, integration, operation and maintenance procedures, and safety confirmation (IEC61508-2).

The software security lifecycle (implementation phase) includes: software security requirement specification (safety functional requirement specification and safety integrity requirement specification), software security confirmation plan, software design and development, PE integration (hardware and software), software operation and maintenance regulations, and software security confirmation (IEC61508-3).

3Evaluation of functional safety

The purpose of functional safety assessment is to investigate and determine the functional safety achieved by E/E/PE safety related systems. The functional safety assessment of SIS is conducted from two aspects. Firstly, evaluate whether the management activities necessary to ensure functional safety objectives are effective. Secondly, evaluate whether the safety instrument system or safety instrument meets the required SIL. How to confirm that the safety instruments designed and produced and the SIL of SIS meet the requirements? We can consider the following aspects:

(1) Establish a functional safety management system

The purpose of establishing a functional safety management system is to determine the management and technical activities of all stages of the overall, E/E/PES, and software safety lifecycle, which are necessary to meet the functional safety requirements of E/E/PE safety related systems; Determine the responsibilities of personnel, departments, and organizations for the overall, E/E/PES, and software security lifecycle activities at each stage or stage. Ensure the required security and integrity through a system.

(2) Establish files related to functional safety

The document should specify the necessary information to effectively execute the overall safety lifecycle, E/E/PES safety lifecycle, and software safety lifecycle stages; Specify the necessary information to effectively carry out activities such as functional safety management, verification, and functional safety assessment; In order to meet the requirements of IEC61508 for documentation, relevant documents must be provided for each activity in each stage of the overall safety lifecycle during the functional safety assessment of reports and records. The document examples required for functional safety assessment can be found in Appendix A of IEC61508.1.

(3) Determination of Safety Integrity and Safety Integrity Level

Safety integrity refers to the average probability of successfully achieving the required instrument safety functions under specified conditions and within a specified time.

The safety integrity level is a separation level used to specify the safety integrity requirements assigned to SIS safety functions, denoted as SIL, divided into four levels, with SIL4 being the highest level. IEC61508-1 specifies the target failure rate (Table 1).

When determining safety integrity, all failure factors that cause non safety states (hardware random failures and system failures) should be included.

The usage of safety related systems can be divided into low demand mode (≤ 1 time/year) and high demand or continuous mode (>1 time/year) according to the required frequency. The target failure rates for SIL in low demand mode and high demand mode are different, as shown in Table 1.

 Table 1 Safety Integrity Level: Target Failure Levels for SIL in Low Requirement Mode and High Requirement Mode


(4) Evaluation of Software and Hardware SIL

① Requirements for hardware fault margin

Hardware fault margin refers to the ability of functional units to continue performing required instrument safety functions in the event of one or more hardware failures in a component or subsystem. Hardware fault margin N means that N 1 fault will result in the loss of full functionality. For example, if the hardware fault margin is 1, it means that if there are two devices, their structure should ensure that the dangerous failure of one of the two components does not prevent safe actions from occurring. In order to mitigate potential defects in the design of instrument safety functions, Tables 5 and 6 of IEC61511-1 define the minimum hardware margin for sensors, logic solvers, and terminal components. For instrument safety functions, sensors, logic solvers, and final components should have the lowest hardware fault margin, which represents the lowest component or subsystem redundancy.

② Structural constraints on hardware security integrity

The highest level of safety integrity declared by a hardware security function is limited by the hardware fault margin and the Safety Failure Score (SFF) of the subsystem performing that security function. Tables 2 and 3 in IEC61508.2 refer to Class A and BStructural constraints of class related subsystems, representingThe relationship between SIL and the minimum hardware failure margin when the failure score (SFF) is determined.

When conducting SIL evaluation, we first need to distinguish whether hardware structural constraints belong to Class A or Class B based on whether the failure mode of the component or subsystem is known, whether the data is reliable, and whether the fault behavior is determined.

Then, perform SFF and PFDCalculation, correspondingAccording to Table 2 or Table 3 of IEC61508.1, the corresponding SIL can be obtained.Namely, components andThe security integrity level of the relevant subsystems.

When determining the maximum hardware security integrity level of a subsystem, system structural constraints must be considered, that is, the corresponding relationship between fault margin requirements and SIL, under the premise of SFF determination. Table 2 shows the structural constraints of Class B related subsystems.

Table 2 Safety Integrity Level: Structural Constraints for Class B Related Subsystems


7、 Conclusion of SIL certification

To meet the requirements of functional safety standards, it is necessary to demonstrate that all proposed requirements comply with the relevant functional safety standards

(such as safety integrity level) and has met the requirements of each chapter and article. However, for some systems and instruments, as long as there is reason to believe that they are unnecessary, these clauses in the standard requirements can be disregarded.

At the end of the functional safety assessment, there are only three conclusions, namely acceptance, conditional acceptance, or non acceptance.

8、 The Relationship between Functional Safety and EMC Environment

When an E/E/PES safety related system is performing safety functions, encountering electromagnetic interference may result in errors, malfunctions, and damage, leading to a decrease or failure in the performance of the safety related system, and even causing danger. Special emphasis is placed in the functional safety standards on evaluating the EMC characteristics of E/E/PES safety related systems to ensure the required failure rate specified by SIL. At present, relevant international organizations are working on researching and formulating electromagnetic compatibility requirements for safety related systems (equipment), which has formed a

IEC61326-3 (draft). IEC61326-3 (draft) specifies additional requirements for the immunity level of safety related system equipment. Moreover, the EMC performance criteria for safety related systems (equipment) are different from the performance criteria defined in general standards and IEC61326-1.

Therefore, during certification, the product must comply with electromagnetic compatibility requirements related to functional safety.

  9、 Conclusion

① Safety is the eternal theme of industrial production. Therefore, conducting SIL certification to ensure the safe use of domestic instruments and systems in various application fields has a positive effect on improving the market core competitiveness of domestic instruments and systems.

② Through SIL certification, domestic SIS users, design departments, integrators, equipment manufacturers, and suppliers can recognize and understand the concept of functional safety, and correctly apply relevant standards to achieve the required safety functions. By effectively managing and evaluating functional safety to meet relevant safety standards and contract requirements, we can enhance our competitiveness.

③ EMC of safety related systems (equipment)Requirements andEMC performance criteria have higher requirements than non safety related systems; Safety related systems (equipment), their SILThe higher the level, the more EMCThe higher the requirements, the higher.

 Service hotline: 18924609560 (same WeChat account)

Related Recommendations
Contact us
0755-2102 2109
Address: 1302-1, Building C, Kangjia Guangming Technology Center, No. 288 Xingxin Road, Guangming District, Shenzhen
Follow us
Copyright: Shenzhen Zhongnuo Testing Technology Co., Ltd. 粤ICP备18004888号
点击这里给我发消息 在线咨询
点击这里给我发消息 在线咨询