Functional safety Hazard graph according to IEC 61508

S = Extent of damage
W3 W2 W1

IEC 61508 / IEC 61511 (SIL)

S1 minor injury of a person
S1 S2 serious, irreversible injury
- - -
of one or more people or
G1 death of one person
A1 SIL 1 - -
S3 death of several people
G2 S4 disastrous effects with
S2 SIL 1 SIL 1 -
several dead
G1
Safety Instrumented System SIS (Safety Loop) A2 SIL 2 SIL 1 SIL 1
A = Likelihood of people being
Start G2
SIL 3 SIL 2 SIL 1 in the area
A1 rarely to slightly more often
Sensor Logic Actor A1
SIL 3 SIL 3 SIL 2 A2 frequently to continuously
S3
A2 G = Danger prevention
SIL 4 SIL 3 SIL 3
G1 possible under certain
S4 conditions
- SIL 4 SIL 3
G2 barely possible
Detecting Evaluating Alerting PLT protection devices W = Likelihood of occurrence
W1 very small
alone insufficient W2 small
W3 relatively high

Evaluation of the safety function

Process safety e.g. gas alarm Required safety related parameters

IEC 61508 Device type
Inlet air PFH/PFD -
Units with internal diagnosis safety control
Visual pre-alarm SIL
safety switch gears
- max. filling level T1
- slightly increased MTTFd DC, CCF, Without
LZV Tank inlet concentration of gas sensors,
006 (manual) λd subsystem Units omponents that are
- suction faulty λs type without subject to wear and tear signaling devices
Filling level measurement

internal

SIF
LZA+
003 B10d DC, CCF, diagnosis With
emergency shut-
LI
λd subsystem omponents that are
down, relay, switch
001 λs type, nop subject to wear and tear
SZA CCF: failure due to common cause
008 DC: Diagnostic coverage
LI Gas sensor
002 Main alarm
LZ- - dangerous con-
004 centration of gas
SZA
- evacuation of Calculation of an SIS with a SIL 2-actor
005
M
007 009 the area
Given values:

Flow sensor PFD Sensor A 1.5 * 10-3 (suitable for SIL 2)

PFD Control 1.3 * 10-4 (suitable for SIL 3)
Exhaust air
PFD Actor 1.1 * 10-3 (suitable for SIL 2)
Fan

Example for a 1oo1 Actor

(1 unit required for the functioning of 1 available unit)
Safety block diagram filling level / gas Sensor A Control (e.g. SPS) Actor
} }
SIL 2 SIL 3 SIL 3

Sensor 1
Warning signal PFDSys = PFDS + PFDL + PFDA
Filling level
P1
S1 PFDSys = 1.5 * 10 -3
+ 1.3 * 10 -4
+ 1.1 * 10-3

PFDSys = 2.73 * 10 (SIL 2)

-3

By using this component, the SIS reaches the PFD for SIL 2.
Sensor 2
Control unit Diagnosis unit
Concentration of
K1 G1
gas S2
Failure probability
S1 – Sensor 1 (filling level in the tank)
SIL Operating mode with low Operating mode with continual PL
S2 – Sensor 1 (concentration of gas in plant room)
requirement rate – PFD requirement rate – PFH
K1 – Control unit
(average failure probability of the (probability of a failure that brings
P1 – Visual and audible warning signal function in case of demand) dangerous risk per hour)
G1 – Diagnosis unit for signaling devices
SIL 4 ≥ 10-5 up to < 10-4 ≥ 10-9 up to < 10-8 –
SIL 3 ≥ 10-4 up to < 10-3 ≥ 10-8 up to < 10-7 e
SIL 2 ≥ 10-3 up to < 10-2 ≥ 10-7 up to < 10-6 d
Safety integrity (type B) according to IEC 61508 SIL/PL (ISO 13849) ≥ 10-6 up to 3 x 10-6 c
SIL 1 ≥ 10-2 up to < 10-1
HFT ≥ 3 x 10-6 up to < 10-5 b

SFF 0 1 2 SIL PL
< 60% – SIL 1 SIL 2 1 b, c
60% up to < 90% SIL 1 SIL 2 SIL 3 2 d
90% up to < 99% SIL 2 SIL 3 SIL 4 3 e
99% up to > 99% SIL 3 SIL 4 SIL 4 4 –

Requirement according to IEC 61508, type B (partially unknown failure conduct)

Compare SIL/PL (IEC 61508 / DIN EN ISO 13849)