SIL – Safety Integrity Level

Functional Safety

in Fire Protection Systems

After the major accidents occurred in the Oil & Power industry in the last ten years, the technical community involved in the design of industrial processes has shown an increased and more intense interest in system reliability and availability. The attention is no longer limited to the core process but is also extending its boundaries to all those safety systems to which the monitoring and the mitigation effects are demanded.

If it is paramount that a process shall be designed with high reliability criteria, sometimes it is not fully understood that the process reliability cannot rule out the risk of an accident taking place. Engineering limitations also apply to a stressed safety oriented design approach and therefore, one way or another, systems are finalized and built accepting a certain level of residual risk.

If the risk of an accident cannot be lowered below a certain point, we should focus our attention on those systems designed to monitor the environment and provide mitigation effects. Those process sub-systems, such as Fire & Gas, deluge, monitors and gaseous based fire extinguishing systems, play a fundamental role in the safety of the plant and its occupants.

These systems are called into action when the residual risk of the hazard turns into an accident of major consequence, and their duty is to warn the occupants and the operators and mitigate the accident effects to the best of their capabilities. In this respect it is well known that a gas cloud detected and confined in time or a fire outbreak detected and extinguished by a deluge water spray system have the same objectives: saving lives, limiting the impact on the environment, reducing the production losses and safeguarding investments.

For the reasons above, functional safety is moving into Fire & Gas detection and suppression systems, with the objective of increasing the reliability and hence the performance of the safety functions used to monitor and mitigate the effects of a possible accident.

IEC 61508 and IEC 61511

Safety is the acceptable reduction of an unacceptable risk of physical injury to people or damage to the properties. Functional Safety is part of the overall safety that depends on a safety-related system operating correctly in response to its input.

The significant hazards for the system have to be identified via a hazard analysis. If the hazard analysis shows that functional safety is necessary, appropriate systems are required to perform specific Safety Functions to reduce the risk. These systems are called Safety-Related Systems or Safety Instrumented Systems (SIS).

Two types of requirements are necessary to achieve Functional Safety:

· Safety Function Requirements: the scope of the safety function, derived from the hazard analysis.
· Safety Integrity Requirements: the probability that the safety function will be performed satisfactorily, derived from the risk assessment.

The Standard IEC 61508 “Functional Safety of electrical / electronic / programmable electronic (E/E/PE) safety-related systems” covers the safety lifecycle of the product, from the initial concept through hazard analysis and risk assessment, development of safety requirements, specification, design and implementation, operation and maintenance. IEC 61508 contains requirements for preventing failures and controlling failures, ensuring safety even when faults are present. It specifies the techniques and measures to achieve the required Safety Integrity.

The Standard IEC 61511 “Functional Safety – Safety Instrumented Systems for the process industry sector” covers the safety lifecycle of the installation and contains the requirement for the correct selection of safety related equipment and the erection of Safety Instrumented Systems. IEC 61508 specifies alternative techniques to determine the Safety Integrity of the installation.

The Safety Integrity is the probability that the Safety Instrumented Systems will perform the required Safety Functions satisfactorily. IEC 61508 specifies four levels of safety performance for a safety function, called Safety Integrity Level (SIL): SIL1 is the lowest level and SIL4 the highest level. Each Safety Integrity Level is correlated with an increased Risk Reduction Factor (RRF).

IEC 61508 details the requirements necessary to achieve each Safety Integrity Level.

Safety Integrity Level (SIL)Average Probability of Failure on Demand (PFDavg)Risk Reduction Factor (RRF)
4≥ 10-5 to < 10-410.000… 100.000 
3≥ 10-4 to < 10-3 1.000… 10.000
2≥ 10-3 to < 10-2 100… 1.000
1≥ 10-2 to < 10-1 10… 100
0Basic Process Control Systems (BPCS)


The table provides the target failure measures for a safety function allocated to a SIS operating in low demand mode. Low demand mode means that the frequency of demands for operation of the SIS is not greater than once per year, and not greater than twice the proof-test frequency.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.