What is SIL

According to Wikipedia, “Safety integrity level (SIL) is defined as a relative level of risk-reduction provided by a safety function, or to specify a target level of risk reduction. In simple terms, SIL is a measurement of performance required for a safety instrumented function (SIF).”

With certification requirements for industrial fire and gas detection (especially in Europe with the introduction of the ATEX standard concerning Safety Related Devices) now including product measurement and physical performances, the ability of the product to carry out its safety function when called to do so is becoming increasingly important.

The IEC 61508 standard (Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems) has introduced a risk-based approach for determining the SIL of safety instrumented functions with a complete approach to quantifying the safety performance of electrical control systems, including the design concept, the management of the design process, operations, and the maintenance of the system throughout its lifecycle.

While IEC 61508 provides the general framework, for gas detection equipment the relevant standard is EN50402:2005+A1:2008 Electrical apparatus for the detection and measurement of combustible or toxic gases or vapours or of Oxygen. Requirements on the functional safety of fixed gas detection systems.

Why SIL

Sensors compliant with IEC 61508 and EN50402 offer several advantages to their users. As only a handful of impartial, nationally accredited bodies can issue this type of certification, this provides assurance about a supplier’s claim of SIL suitability. Additionally, reliability calculations for end devices are already performed and available to the user, reducing the lead times for implementing SIL-rated functions.

Obtaining IEC 61508 and EN50402 conformity requires an integrated system for designing products, assessing functional safety, improving robustness, and validating performances – an organization overall quality of work and processes that is passed on to its products.  

SIL basics and terminology

SIL is a measure “Functional Safety” on a safety device, in terms of probability of failure on demand (PFD). It is in effect easier to express the probability of failure, rather than that of correct performance (e.g., 1 in 100,000 vs. 99,999 in 100,000). There are four discrete levels: SIL 1, SIL 2, SIL 3, and SIL 4. The higher the SIL level, the higher the associated safety level, and the lower probability that a system will fail to perform properly.

The Risk Reduction Factor is the inverse of the Probability of Failure on Demand. The SIL level equals the number of zeros in the minimum RRF. With SIL 2, for example, the minimum Risk Reduction Factor is 100 (see table below).

 

Functional Safety is defined by IEC standard 61508 as the safety that control systems provide to an overall process or plant. Functional Safety describes the behavior of a safety device (hardware and software) in case of an internal failure occurring. The target is reaching a “safe” state – that means that internal faults in the safety device should be detected by the device itself and should be indicated and signaled.

Typical examples of SIL levels

SIL1        A typical ATEX-certified gas detection device (system) complete with the functional approval according to IEC61779 and receiving regular maintenance.

SIL2        The step from SIL1 to SIL2 normally requires self-testing facilities for hardware components, reduced maintenance intervals for the sensors, strict requirements during development and thoroughly documented software.

SIL3        As the main requirement is that one failure shall not cause an unsafe state (fail-safe), the step from SIL2 to SIL3 is normally reached with redundancy. For detectors and microprocessors, this is the only choice.

SIL4        Requires redundancy and, sometimes, triple redundancy, along with redundant self-testing and comparison between redundant lines of code. SIL4 is normally never required for gas detection.   

As costs increase significantly to achieve higher SIL levels, selecting the appropriate level must be done carefully. Normally, the process industry companies accept designs up to SIL2, as over this safety devices will likely shut down the monitored production line or the whole plant too often in order to comply with standards.

The only line of gas sensing elements on the market with SIL2 capability

All N.E.T. Infrared sensors have reached a safety integrity level of SIL2, as certified by the Functional Safety Assessment released by TUV Nord with Registration No. 17 16483. The document attests that our sensors have been tested in accordance with EN 61508:2010 (Parts 1, 2, 3, 4, 5, 6, 7) and EN50402:2017.

In the assessment, our sensors reached a SIL capability of hardware of 2 and SIL capability of software of 3. Two identical modules with SIL capability of 2, when used in redundancy, will reach with SIL capability of 3 if the software of this module already fulfills SIL3 capability. This means that a design with redundant N.E.T. Infrared sensors will reach SIL3 capability.

No other gas sensor on the market is provided with a higher, certified SIL capability, making our IR series the ideal choice for whoever is designing gas detection systems and SIL-rated functions aiming at the highest levels of functional safety.