Process hazard and risk

analysis
Risk graph matrix
SIL-assignment example
Version: 1.0

Process Industry
IEC 61511
Last Edited: 2005-10-27

This example is one of the results of the research project SafeProd supported by VINNOVA (Swedish
Agency for Innovation Systems). More information about the project could be found at
www.sp.se/safeprod.

SIL-assignment example using risk graph matrix

A pressure reduction flash vessel is designed as shown above. Pressurized hydrocarbons

flashes into the separation vessel. Pressure reduction is performed by a control loop (PC-1)
actuating the feed control valve. The vessel is protected to over pressures by a relief valve
(PSV-3). A safety instrumented function (PS-2) is considered for reducing the risk further.
The function shall close the high pressure feed in case of high pressure. Proper SIL of the
SIF should be determined using the risk graph matrix. Failure rate figures for the dangerous
failure fraction of installed components are also shown in the figure.
Risk assessment shows that a vessel rupture probably would lead to catastrophic health,
serious environmental and extensive financial consequences, as the liquefied explosive gas
is realised to the ambient. The consequence letters are filled in as shown:

www.sp.se/safeprod
-1-

Process hazard and risk

analysis
Risk graph matrix
SIL-assignment example
Version: 1.0

Process Industry
IEC 61511
Last Edited: 2005-10-27

Comments on this report are gratefully received by

Johan Hedberg
at SP Swedish National Testing and Research Institute
mailto:johan.hedberg@sp.se

Conseqence
Type

H
E
F

F
D
E

The dangerous area is normally occupied occasionally, but occupancy in the area is related
to process and control problems (the hazardous situation), while the occupancy parameter is
upgraded from occasionally to frequent. The hazardous event is developed to fast for
claiming any reduction due to probability of avoidance.
The exposure rate parameter for the health hazard is set to frequent and F=2 is chosen.
F

Exposure rate
FD
FC

Permanent
Frequent

FB
FA

Occasionally
Rare

=1
0.1-1

2
2

0.01-0.1
<0.01

1
0

Exposure rates are irrelevant for environmental and financial hazards. (F is predefined to 1).
Avoidance conditions are not fulfilled and P=1 is selected for all hazards (health,
environmental and financial).
Avoidance probability
PB
PA

Avoidence conditions not fulfilled

All avoidence conditions are fulfilled

P
1
0

The probability of a dangerous failure in the shown pressure control loop can be calculated
from the individual failure rates of the sensor, solver and valve components:
= 0.115+0.035+0.055-(0.115x0.035)-(0.115x0.055)-(0.035x0.055)+(0.115x0.045x0.055)
0.20 times / year

www.sp.se/safeprod
-2-

Process hazard and risk

analysis
Risk graph matrix
SIL-assignment example
Version: 1.0

Process Industry
IEC 61511
Last Edited: 2005-10-27

Layer of protection analysis LOPA is performed and reduces the demand rate of the safety
function, while the vessel is protected by an independent safety layer. A safety relief valve
with a failure probability of 0.01 is installed. The residual demand rate of the considered SIF
is reduced by the independent layer of protection:
= 0.20x0.01 0.002 / year
0.002 times / year equals 1 time / 500 years and W = 3 is selected.

W9
W8
W7

Demand rate
Often
> 1/ y
Frequent
1 / 1-3 y
Likely
1 / 3-10 y

W
9
8
7

W6
W5

Probable
Occational

1 / 10-30 y
1 / 30-100 y

6
5

W4
W3

Remote
Improbable

1 / 100-300 y
1 / 300-1000 y

4
3

W2
W1

Incredible
1 / 1000-10000 y
Inconceivable 1 / 10000-100000 y

2
1

The likelihood figures are filled in as shown below. The consequence letters and likelihood
figures are then combined in the risk graph matrix for the three different types of hazard:
Conseqence
Type

H
E
F

F
D
E

Influence
F
P
2

Demand Likelih.
Sum
W
6
3
5

1-2

Likelihood sum (F+P+W)

3-4
5-6
7-8
9-10

F
E

NR
NR

IL 1
NR

IL 2
IL 1

IL 3
IL 2

IL 4
IL 3

NO
IL 4

D
C

OK
OK

NR
OK

NR
NR

IL 1
NR

IL 2
IL 1

IL 3
IL 2

B
A

OK
OK

OK
OK

OK
OK

NR
OK

NR
NR

IL 1
NR

11-12

Combining a consequence letter and likelihood sum gives the integrity level due to the
specific hazard. Finally the overall Safety Integrity Level can be assigned by choosing the
maximum required integrity level found. In this case health consequences require the highest
integrity level (SIL 2) of the specific function.

www.sp.se/safeprod
-3-

Process hazard and risk

analysis
Risk graph matrix
SIL-assignment example
Version: 1.0

Process Industry
IEC 61511
Last Edited: 2005-10-27

Conseqence
Type

H
E
F

F
D
E

Influence
F
P
2

Demand Likelih. Integrity

W
Sum IL SIL
6
2
3
0
2
5
1

The safety instrumented pressure protection function PS-2 shall fulfil SIL2 requirements.

www.sp.se/safeprod
-4-