Probability of failure of a safety instrumented function under load

In order to prevent dangerous phenomena such as fires, explosions or the release of hazardous materials from causing damage to people, the environment or property, manufacturers are required to implement risk control measures (RCMs) whose role is to prevent the occurrence of such phenomena or to limit their consequences.

Among these layers of protection are safety instrumented systems (SIS), which enable the implementation of safety instrumented functions (SIF).

Different layers of protection can be implemented to reduce risks and make them acceptable. These different layers are evaluated during quantitative or semi-quantitative analyses carried out to determine the required SIL level of RIS (SIL review carried out using methods such as LOPA or the risk graph, for example).

Once the required SIL level is known, the analyst must demonstrate that the probability of failure allows verification of the required SIL level allocated during the SIL review. To do this, IEC 61508 and IEC 61511 can be used to :

• define the RIS architecture to meet a targeted SIL level;

• estimate the probability of RIS failure.

It is important to stress that the calculation formulas presented in Annex B of IEC 61508-6 are for information purposes only, and that other methods can be used to assess the probability of failure of a RIS.

After a few essential reminders of the IEC 61508 and 61511 standards, this article first gives an overview of the methods used to estimate the probability of failure of a RIS, and then reviews the architectural constraints introduced in the IEC 61508 and 61511 standards.