(Based on IEC 61508 & IEC 61511)
Overview
Safety Integrity Level (SIL) certification is a critical process for ensuring functional safety in industrial automation systems, particularly Safety Instrumented Systems (SIS). To achieve compliance and minimize risk, the certification process must adhere to international standards (IEC 61508 for E/E/PE systems and IEC 61511 for process industry applications) while aligning with actual project conditions.
This guide outlines essential precautions across four stages: Preparation – Execution – Verification – Maintenance.
1. Preparation: Define Scope and Data Integrity
✔ Define Boundaries Clearly
Identify all components within the SIS:
Sensors (e.g., pressure transmitters, temperature switches)
Logic solvers (safety PLC or safety layer in DCS)
Final elements (e.g., ESD valves, safety valves)
Exclude non-safety devices to avoid skewed risk assessments.
Include redundant systems, power supplies, and communication links.
✔ Ensure Complete and Reliable Data
Device specifications: MTBF, MTTR, FMEA data
System architecture: redundancy configurations (1oo1, 1oo2, 2oo3)
Historical failure and maintenance records (3–5 years)
Safety Requirement Specification (SRS): define safety functions and target SIL
Use trusted databases (OREDA, Exida, SILsafe) for failure rate data.
✔ Select Accredited Assessment Body
Internal teams must hold IEC 61508/61511 Functional Safety certification (e.g., TÜV)
Third-party agencies should have CNAS or international accreditation (TÜV Rheinland, DNV).
2. Execution: Follow Standardized Procedures
✔ Risk Analysis and SIL Targeting
Use HAZOP and LOPA to determine required SIL based on real risk reduction needs.
Avoid arbitrary SIL assignment (e.g., “SIL2 by client request” without analysis).
✔ Failure Rate and Reliability Calculations
Differentiate safe vs dangerous failures.
Include common cause failures (CCF) using β-factor or Markov models.
Calculate PFDavg, SFF, and confirm compliance with target SIL.
✔ Hardware & Software Compliance
Hardware: Ensure components meet SIL certification (HFT, SFF criteria).
Software: Follow IEC 61508 development standards (V-model, static/dynamic testing).
3. Verification: Documentation and On-Site Testing
✔ Complete Documentation
Project scope, risk analysis records, SIL determination rationale.
FTA/RBD diagrams, failure data sources, calculation details.
Compliance certificates and test reports.
✔ Functional Testing
Simulate process hazards (e.g., overpressure) to verify system response.
Check redundancy switching and failure alarm functionality.
Ensure response time meets SIL requirement (e.g., ≤1s for SIL2).
4. Maintenance: Sustaining SIL Over Time
✔ Preventive Maintenance Plan
Regular calibration, actuator testing, and redundancy checks.
Maintenance intervals based on PFDavg trends.
✔ Change Management
Any hardware or software change requires SIL impact analysis before implementation.
Key Principle
“Risk-based, Standard-compliant, Fully Traceable, Continuously Maintained”
Failure to adhere to these principles can result in invalid SIL certification or severe safety hazards.