News & Events.

White Paper: 3 Important Factors in Evaluating your SIL Certified Device

  July 19, 2010

Today there is a growing trend by end-users to require equipment manufacturers to get their safety devices IEC 61508 (SIL) Certified. That is an excellent trend for a number of reasons. One reason is because in order to get a device SIL Certified, a company must first determine the device’s failure rates and failure modes. This is usually done by having a Failure Modes Effects and Diagnostic Analysis, (FMEDA) performed. Among other things, an FMEDA Report will detail the device’s Architectural Constraints and its ?DU (Dangerous Undetected Failure Rate). With any given values for maintenance parameters, (Test Interval, Test Coverage, and Repair Time), you can determine the device’s PFDavg (Average Probability of Failure on Demand ). Both the Architectural Constraints and the PFDavg of a device, together with its IEC 61508 Certification, are critical in evaluating whether or not a given device may be suitable for use in a Safety Function with a given SIL requirement. And both of these characteristics, together with IEC 61508 Certification, are what concern a Safety Engineer in his evaluation.

A device’s Architectural Constraints determine immediately which level of Redundancy (HFT) is appropriate for use in a Safety Function with a given SIL requirement. The interpretation of a device’s PFDavg is more complex. It does not determine the product’s Safety Integrity Level (SIL). It determines the device’s contribution to the PFDavg of the Safety Function. As such, the device’s PFDavg must be considered together with the PFDavg’s of other devices with which it will be used, to determine the SIL of the Safety Function. This article will address these two characteristics separately, but first we will state a more basic concept regarding what is and what is not SIL 3. It has become very convenient to refer to a device as a SIL 1 device, or a SIL 2 device, or a SIL 3 device. Unfortunately that is a dangerous simplification. In fact there is no such thing as a SIL 1 device, or SIL 2 device, or SIL 3 device. The only thing that can be truly classified as SIL 1 or SIL 2 or SIL 3 is a Safety Function. That is why certified devices are classified on their certificates as SIL 1 Capable, or SIL 2 Capable, or SIL 3 Capable. That is a distinction with a very real difference and that difference will become very clear as you read further.

Read the rest by clicking the link below.