Quant Sil

7/28/2019 Quant Sil

1/40

pyright 2002, exida.com

ida.comeexcellence in dependable-automation

Quantitative SIL Selection

On-line Lesson

Safety IntegrityLevel

SIL 4

SIL 3

SIL 2

SIL 1

Probability of failureon demand, average

(Low Demand mode of operation)

Risk ReductionFactor

>=10-5 to =10-4 to =10-3 to =10-2 to

7/28/2019 Quant Sil

2/40


2


Copyright 2002, exida.com

Prerequisite Lessons

Introduction to Safety InstrumentedSystems

The Safety Lifecycle

It is recommended that the exida on-line lessons Introduction to SafetyInstrumented Systems and The Safety Lifecycle be taken by anyone not wellversed in these topics before proceeding with this lesson.

7/28/2019 Quant Sil

3/40


3



Companion Lessons

Process Hazards Analysis

ALARP and Tolerable Risk

Consequence Analysis Overview

Introduction to Likelihood Analysis

Layer of Protection Analysis (LOPA)

Qualitative SIL Selection

Since Quantitaive SIL Selection encompasses so many different aspects, itis recommended that the following lessons on specific components of thelarger SIL selection process be used as a companion with this currentlesson to provide a more complete understanding of the overall process.

Process Hazards Analysis


Consequence Analysis Overview

Introduction to Likelihood Analysis

Layer of Protection Analysis

Qualitative SIL Selection

7/28/2019 Quant Sil

4/40


4



Quantitative SIL Selection Overview

Topics:

Risk and the Context of SIL Selection

Safety Instrumented Functions

Consequence

Likelihood

Risk integrals approach

Required risk reduction

leading to SIL assignment

Concept

Overall ScopeDefinition

Hazard & RiskAnalysis

Overall SafetyRequirements

Safety RequirementsAllocation

5

4

3

2

1

SLC

Analysis

Phase

The lesson starts with the safety lifecycle (SLC) context of SIL selection anda brief review of risk. The lesson continues with a brief description of thesafety instrumented functions (SIFs) to which the SILs are to be assigned.Next the lesson addresses the consequence and likelihood components ofrisk in more detail as they relate to identifying the existing level of risk in aprocess or piece of equipment, including how to determine a hazardsconsequence and how the likelihood of a hazard can be quantitativelydetermined. Then the lesson considers the combination of multipleoutcomes based on the risk integrals approach. Finally, based on thedifference between the existing risk and the the tolerable risk level identifiedand approved by the organization in question, the risk reduction requirementfor the specific SIF can be determined and the SIL assignment made.

7/28/2019 Quant Sil

5/40


5



Detailed

Safety

Lifecycle

ConceptualProcess Design

Develop non-SIS Layers

SISRequired?

No

IdentifyPotential Risks

Assess PotentialRisk Likelihood

Analyze PotentialRisk Magnitude

Process Information

Layer of ProtectionAnalysis

Potential Hazards

SIS Installation,Commissioning

and Pre-startupAcceptance Test

Yes

Validation:Pre-startup

Safety Review

ModifyDe-

commission

Hazard Frequencies

ConsequenceAnalysis

Hazard Consequences

Select TargetSIL

Target SILs

Develop SafetySpecification

Safety Requirements Specification

Functional Description of each SafetyInstrumented Function, Target SIL,Mitigated Hazards, Process parameters,Logic, Bypass/Maintenancerequirements, Response time, etc

SIS Conceptual

Design

SelectTechnology

SelectArchitecture

Determine TestPhilosophy

Reliability, SafetyEvaluation

SILs Achieved

SILAchieved?

No

Yes

SIS DetailedDesign

SIS startup,operation,

maintenance,Periodic

Functional Tests

Modify,

Decommission?

SISDecommissioning

Failure Data

Database

ManufacturersInstallation

Instructions

Safety

Requirements

Allocation

Exit

Operating andMaintenance

Planning

Installation& Commission

Planning

Event History

ConsequenceDatabase

Layers of Protection

Failure Probabilities

Tolerable Risk

Guidelines

HazardCharacteristics

Manufacturers

Failure Data

Detailed Design Documentation -Loop Diagrams, Wiring Diagrams, LogicDiagrams, Panel Layout, PLCProgramming, InstallationRequirements, CommissioningRequirements, etc.

ManufacturersSafety Manual

ValidationPlanning

ANALYSISPhase

(End User / Consultant)

REALIZATION

(Vendor / Contractor /

End User)

OPERATION(End User / Contractor)

This slide shows a more detailed drawing of the safety lifecycle. In theanalysis phase, hazards are identified and risk reduction targets areestablished for each hazard. For some hazards, a safety instrumentedfunction (SIF) is defined in order to reduce risk. In these cases, a SafetyIntegrity Level or SIL is selected for that SIF to achieve the required riskreduction.

7/28/2019 Quant Sil

6/40


6



How to Select a SIL

Determine tolerable risk Identify potential hazards

Identify prospective SIF to address thesespecific hazards

Identify existing unmitigated risk based onconsequence and likelihood analysis

Determine how much risk reduction is needed togive a tolerable risk Quantitative methods give specific numerical targets for

risk reduction Qualitative methods group numerical targets into more

broad categories of risk reduction

The SIL selection process is essentially a systematic approach used to:establish the difference between the existing level of risk and that which canbe tolerated; identify specific individual functions to address these risks; andassign the SIL to specify how robust these functions must be to actuallyachieve the required risk reduction.

The quantitative method shown in this lesson will help determine a specificnumerical target for the risk reduction.

NOTE: The qualitative methods introduced in the exida.com on-line lessonQualitative SIL Selection group numerical targets into more broad categoriesof risk reduction to achieve the same general purpose.

7/28/2019 Quant Sil

7/40


7



Risk receptors:

Personnel

Environment

Equipment/Property Damage

Business Interruption

What Is Risk?

Risk is a measure of the likelihood andconsequence of an adverse effect, i.e., how oftencan it happen and what will be the effects if it does?

Business Liability

Company Image

Lost Market Share

The definition of risk includes components of likelihood and consequence,which both contribute to the risk for each hazard. Hazardous events oftenhave consequences that cause harm in multiple areas to receptors such aspersonnel, environment, equipment, etc. These different hazardous eventsare identified and characterized as part of a Hazard and Risk Assessmentprocess described in detail as part of the exida Process Hazards Analysison-line lesson.

7/28/2019 Quant Sil

8/40


8




Negligible Risk

High Risk

10-3/yr(workers) 10-4/yr(public)

10-6/yr

Intolerable Region

ALARP or TolerableRegion

Broadly Acceptable

Region

Since risk is present in all human activities, some level of risk must betolerated in any system. The challenge is in determining what that level ofrisk is for a given organization. The general principle of tolerable risk putforward in the IEC standards is that some risks are completely intolerableand should not be undertaken, some risks are broadly acceptable andshould not be worried about, and some risks fall in the middle. Thesemiddle-level risks should be reduced to a level As Low as ReasonablyPracticable or ALARP. Specific values of these risk levels are often a pointof debate. The values noted in this slide are from the UK Health and SafetyExecutive, the originators of the ALARP concept, and are provided forinformation purposes, not as recommendations for any particular situation.

7/28/2019 Quant Sil

9/40


9



Paths to Risk Reduction

Increasing

Risk

Consequence

L

ik

ood

Final Riskafter

Mitigation

Risk after

SISMitigation

Inherent

Risk of theProcess(i.e., No

Mitigation)

AcceptableRisk Region

ALARP RiskRegion

UnacceptableRisk Region

Non-SISConsequencereduction, e.g.,containmentdikes

Non-SISlikelihood

reduction,e.g., reliefvalves

SIS RiskReduction

elih

non-

SIL 1

SIL 2

SIL 3

Risk reduction can be accomplished using different techniques, includingmethods to reduce both the consequences and likelihood of any harm. Onespecific method of risk reduction, primarily directed at the likelihood aspect,is through automatic protection systems called Safety InstrumentedSystems. These systems carry out specific functions to bring the process orequipment to a safe state. The ability of these systems to carry out each ofthese functions when required is measured by the corresponding safetyintegrity level (SIL). Thus the SIL corresponds to the level of risk reductionrequired to change the existing unmitigated risk enough to achieve a level ofrisk that can be tolerated by the organization in question.

7/28/2019 Quant Sil

10/40

pyright 2002, exida.com 1

10




Specific single set of actions and the correspondingequipment needed to identify a single emergencyand act to bring the system to a safe state.

SIL is assigned to each SIF based on requiredrisk reduction

Different from a SIS, which can encompass multiplefunctions and act in multiple ways to prevent multipleharmful outcomes

SIS may have multiple SIF with different individual SIL,so it is incorrect and ambiguous to define a SIL for an entiresafety instrumented system

An individual Safety Instrumented Function (SIF) is designed to identify theneed and then act to bring the system to a safe state for each hazardscenario. The effectiveness of the risk reduction is measured by thefunctions risk reduction factor (often expressed as a Safety Integrity Level).The required risk reduction is the difference between the process risk beforea SIF and the tolerable level of risk to be achieved for that process or pieceof equipment.

It is important to note that a SIF is an individual function and a SIS caninclude multiple functions, so the SIL refers to each SIF rather than to theentire safety instrumented system.

7/28/2019 Quant Sil

11/40


11



Safety Integrity Levels


SIL 4

SIL 3

SIL 2

SIL 1




>=10-5 to =10-4 to =10-3 to =10-2 to

7/28/2019 Quant Sil

12/40


12



Calculating Risk

In quantitative analysis, risk associated with a hazardcan be calculated using the following formula:

Risk = Consequence * Likelihood

Example Hazard: Consequence of harmful outcome is two fatalities

Likelihood of harmful outcome is once every ten years

Risk from the hazard is 0.2 fatalities per year

In quantitative analysis, the risk associated with a hazard can be calculatedby multiplying the consequence of a harmful outcome and the likelihood orfrequency of it taking place.

As an example, assume a hazard with an outcome consequence of twofatalities. Furthermore, assume that the likelihood of the hazard leading tothe harmful outcome is once every ten years.

The risk of the hazard, obtained by simple multiplication, is then 0.2 fatalitiesper year.

7/28/2019 Quant Sil

13/40


13



Basic Consequence Analysis Concepts

One hazard can lead to one or more outcomes withmultiple receptors

Each aspect of the harmful outcome is measured indifferent units Personnel

Fatalities

Injuries

Environment Toxic releases

Clean-up efforts, US $

Equipment/Property Damage US $

Etc.

As shown before, there can be several potential risk receptors for a specifichazard. With a separation column rupture, for example, the rupture energyitself can cause fatalities and injuries to personnel; it might cause a toxicrelease with other injuries or fatalities; environmental clean-up efforts couldbe required after the rupture; and the loss of the column could lead to plantdown time. Each of the aspects of the consequence is measured in its ownunits. Fatalities are measured in number of deaths; injuries may bemeasured in number of injuries scaled by severity; environmental impactsare quantified individually; and clean-up efforts, potential fines, damage tocorporate image, and down time are measured financially.

7/28/2019 Quant Sil

14/40


14



Tolerable Risk Level and

Consequence Receptors

Tolerable risk is a sensitive topic It is difficult to convert between personnel,

environmental, and cost receptors

Organizations often set specific levels oftolerance in each different receptor category

Combining impacts into a single variableallows more rigorous mathematical analysis

Because of the sensitivity of the concept of tolerable risk and the difficulty inconverting between the effects on different receptors, organizations often setdifferent specific risk levels that are tolerable in each different area. In somecases, to enable more rigorous mathematical analysis, all of the differentconsequence impacts can be converted into a single value, which is oftenfinancial cost.

7/28/2019 Quant Sil

15/40


15



Tolerable Risk Level and

Consequence Receptors

Example: Maximum risk tolerance 0.0005 fatal accidents

per person per year, 0.005 injuries per personper year, 0.01 significant environmental releaseper plant per year, $500,000 in business lossper plant per year, etc.

Valuing loss of life at $10,000,000, environmentaldamage at 1.5x clean-up cost, and business

losses at actual value, optimize cost-benefitimpact of all safety systems.

These multiple risk criteria can be expressed on the basis of a plant orindividual as appropriate. In most cases, individual tolerable risk criteria arefollowed for personnel safety. To combine risks into a single cost category,conversion factors must be developed and applied according to uniform,agreed guidelines.

7/28/2019 Quant Sil

16/40


16



Methods of

Consequence Analysis

Consequences can require extremelyinvolved analysis Fire

How much material

What kind of fire

Explosion Pressure energy

Chemical energy

Toxic release Concentration limits

Weather conditions

The detailed methods of consequence analysis are beyond the scope of thislesson. These analyses often involve extremely complex calculations,especially in the cases of explosions, fires, and toxic releases where themagnitude of the consequence depends on the dispersion of material.Further information is available in the exida on-line course ConsequenceAnalysis Overview, although the detailed practice of these techniques oftenrequires months or years of training and experience.

7/28/2019 Quant Sil

17/40


17



Results of Consequence

Analysis

Different potential outcomes identified Magnitude of each outcome from perspective

of each receptor Personnel

Environment

Financial

Group consequence components accordingto safety instrumented function capable of

preventing them

Once one has completed the detailed consequence analysis, there shouldbe a list of potential harmful outcomes and a corresponding list of themagnitude of the harm to each of the different receptor categories. Thesecan then be categorized by the potential safety instrumented functionsidentified in the hazards analysis that could act to prevent these outcomes.

7/28/2019 Quant Sil

18/40


18



Consequence Results:

Column Rupture Case

The consequences of a column rupture aredetermined as follows: Personnel: 3 fatalities (3*10 M$), 15 injuries (15*1.0 M$)

Environment: no exceptional toxic release (0 $ no fine),internal clean-up activities (0.5 M$)

Equipment: new column/installation (4.5 M$)

Business Interruption: 25% lost production 3 months (50 M$)

Business Liability: direct customer contract losses (25 M$)

Company Image: no additional cost not already considered

Lost Market Share: customers go to competitor(s) (15 M$)

Total column rupture hazard consequence is 140 M$

Using the single variable approach, it is possible to express eachconsequence in that variable as shown on this slide. The total hazardconsequence can now be readily determined by adding the consequences ofeach receptor in terms of the single variable. Assuming that the hazard willcause all of these traceable impacts, the total cost of the column ruptureoutcome is ~140 M$.

Note that in this case, the decrease in company image caused by the hazardwas determined to be accounted for in the other categories and no additionalcost was assessed in the analysis.

7/28/2019 Quant Sil

19/40


19



Event Likelihood / Frequency

Event likelihood according to dIEC61511,Part 3

Refers to a frequency such as the number ofevents per year or per million hours

Note this is different from the common Englishdefinition equating it to probability

The likelihood of a hazard is defined as the frequency of the harmfuloutcome event. This is most often expressed in units of events per year orevents per million hours.

7/28/2019 Quant Sil

20/40


20



LOPA for Column Rupture

No event

No event

No event

No event5/yr

Protection layersInitiating event

#1 #2 #3 #4

Outcome

Loss of

cooling water

Process

design

Operator

response

Pressure

relief valve

No

ignition

Explosion

0.01

0.15

0.05

0.76 2.85*10-4/yr

Column Rupture

Likelihood analysis is often done using Layer of Protection Analysis (LOPA)techniques. The LOPA event tree to determine the likelihood of the columnrupture with explosion is shown in the slide.

The likelihood of the initiating event loss of cooling wateris 5 per yearThere are four independent protection layers, each with a probability offailure.

Inherent safety of the process design, probability of failure is 0.01

Operator response, probability of failure is 0.15

Pressure relief valve, probability of failure is 0.05

No ignition, probability of failure is 0.76

The column rupture likelihood can be determined by multiplying the loss of

cooling water likelihood by the probability of failure of each of the protectionlayers. The resulting column rupture likelihood is then 5/yr * 0.01 * 0.15 *0.05 * 0.76 * = 2.85*10-4 /yr

7/28/2019 Quant Sil

21/40


21



Considering All the Impacts

Outcomes must be expressed in the sameterms as the tolerable risk limits

For the single variable method, this involves theconversion factors mentioned earlier

Risk integral approach

Risk integral approach can also be applied to thepersonnel and financial components of riskindependently of each other

Once the likelihood and consequence analysis results are complete, theymust be combined to determine the existing risk. In order to combine theconsequences of the potential harmful outcomes related to a single SIF andcompare them to the tolerable risk, they must be expressed in the sameterms as the tolerable risk levels. No matter whether the consequence isexpressed as a single overall cost or loss variable or if personnel impactsare kept separate from financial impacts, it is possible to use a risk integralapproach to continue the SIL selection process.

7/28/2019 Quant Sil

22/40


22



Risk Integral Definition

Risk integrals are a measure of the totalexpected loss

A summation of likelihood and consequence for allpotential loss events

Risk integrals are a measure of the total expected loss, i.e., a summation ofthe likelihood and consequence for all potential loss events that are beingconsidered.

In the case of Safety Instrumented System (SIS) design, this would be all ofthe consequences that are prevented by a single Safety InstrumentedFunction (SIF).

7/28/2019 Quant Sil

23/40


23



Risk Integral Equation

The nominal equation for the risk integral is:

RI = risk integral

N = number of hazardous events

C = consequence of the event

(in terms of fatalities for loss of life calculation)

F = frequency of the event

i

n

i

iFCRI

=

=1

In mathematical form, this summation includes a consequence timesfrequency risk contribution to the total for each event in question.

7/28/2019 Quant Sil

24/40


24



Risk Integral Application

Risk integrals require a single loss variable Can be across all receptors converted to

financial terms

Can be across financial receptors only inmonetary cost terms

Can also be across personnel receptorsonly in equivalent or probable loss of life(PLL) terms PLL can take on fractional values

The key requirement for using risk integrals is applying a single loss variableto the system in question. This can easily be done if all of the harm isexpressed or converted to financial units. Risk integrals can also be appliedto personnel safety consequences through the use of probable loss of life orPLL. The important aspect of PLL is that it can take on fractional values, i.e.,an injury event can have a PLL of 0.1 or some other value less than onerepresenting the severity of the event in these probable loss of life terms.

7/28/2019 Quant Sil

25/40


25



Risk Integral Advantages

Risk integrals are a measure of the expected loss A summation of likelihood and consequence forall potential

loss events for the SIF and category in question

Advantages of risk integral targets:

Risk is a single number, ideal fordecision-making

Considers multiple fatality events

Diverse risks expressed on uniform basis,essential for cost-benefit analysis

Risk integrals are only now gaining acceptance in the design-engineeringfield as a means of measuring risk. Risk integrals have several advantagesover other methods for measuring risk:

The single risk variable is easy to use in optimization and decision-making The risk considers the impact of multiple fatality events

Different risks can be considered on a uniform financial basis for cost-benefit analysis

As a result of these advantages, the risk integrals of Potential Loss of Lifefor personnel safety and Expected Value for overall financial impact are idealfor risk reduction design engineering.

7/28/2019 Quant Sil

26/40


26



Risk Integral Personnel Example

Consider the case where the following results areavailable from the consequence and likelihoodanalyses for a group of outcomes that can beprevented by the single SIF:

What is the risk integral for that particular SIF interms of PLL per year?

Outcome Probable Loss Frequency

of Life (PLL) Eve nts pe r ye ar

Vessel rupture with pool fire 0.5 0.1

Vessel rupture with flash fire 1 0.1

Vessel rupture with explosion 6 0.01

Vessel rupture with spill only 0.01 0.2

This heated vessel rupture example considers the different outcomes thatcould be prevented by a SIF that senses an extreme high pressure and actsto open a separate dedicated valve to relieve that pressure to a safe ventingsystem.

7/28/2019 Quant Sil

27/40


27



Risk Integral Personnel Example

Multiplying each consequence by its correspondingfrequency and summing the results at the bottomright gives the total risk integral for this pressure

relief SIF of:PLL=0.21 fatalities per year

Outcome Probable Loss Frequency Risk Component

of Life (PLL) Events per year PLL per year

Vessel rupture with pool fire 0.5 0.1 0.050

Vessel rupture with flash fire 1 0.1 0.100

Vessel rupture with explosion 6 0.01 0.060

Vessel rupture with spill only 0.01 0.2 0.002

Total Risk Integral 0.212

This column rupture example considers the different outcomes that could beprevented by a SIF that senses a high column pressure and acts to open avalve to relieve that pressure to a safe venting system. It is important to notethat the risk calculated here is for the system without the SIF present.

7/28/2019 Quant Sil

28/40


28



Single Event Risk Example

Using the consequence and likelihood valuesdetermined for the single event columnrupture and explosion hazard, calculate theinherent risk.

Consequence = 140 M$

Likelihood = 2.85 x 10-4 per year

For the column rupture example described earlier in the lesson, both theconsequence and the likelihood have been determined as 140 M$ and2.85*10-4 events per year respectively.

7/28/2019 Quant Sil

29/40


29



Single Event Risk Example

Inherent risk = 140 M$ * 2.85*10-4 /yr= 39,900 [US $ / year]

Risk = Consequence * Likelihood

The column rupture inherent risk is simply calculated by multiplying 140 M$and 2.85*10-4, which yields an inherent risk of 39,990 [US $ / year].

7/28/2019 Quant Sil

30/40


30



What Is the Required Risk Reduction?

Now the required risk reduction factor (RRF)can easily be calculated

Input parameters are:

The unmitigated risk before any safety system

The established tolerable risk level

RRF =unmitigated risk

tolerable risk

Given inherent, unmitigated risks resulting from a consequence andlikelihood analysis along with tolerable risk, the required risk reduction factorthat an SIF needs to achieve can be calculated by dividing the inherent riskby the tolerable risk.

As noted earlier, it is important to make sure that the inherent risk or riskintegral and tolerable risk are expressed in the same units.

7/28/2019 Quant Sil

31/40


31



Risk Reduction Example 1

Given the heated vessel pressure relief SIF examplewith its PLL of 0.21 fatalities per year and a tolerablerisk level of 0.001 fatalities per year, what is therequired risk reduction?

All that is needed for the heated vessel pressure relief SIF example is thetolerable risk in terms of probable loss of life per year.

7/28/2019 Quant Sil

32/40


32




Given the heated vessel pressure relief SIF examplewith its PLL of 0.21 fatalities per year and a tolerablerisk level of 0.001 fatalities per year, what is therequired risk reduction?

RRF =0.21 PLL per year

0.001 PLL per year= 210

Thus dividing the existing unmitigated risk by the tolerable risk gives therequired risk reduction factor of 210.

7/28/2019 Quant Sil

33/40


33




A SIF is being considered to prevent the columnrupture and explosion event described earlier Consequence = 140 M$

Including personnel, environment, equipment, etc.

Likelihood = 2.85*10-4 /yr After accounting for all layers of protection

A low-cost, low-performance SIL 1 SIF can provide a riskreduction factor of 10 for $5,000 per year net cost

A higher-cost, higher-performance SIL 2 SIF can provide arisk reduction factor of 100 for $20,000 per year net cost

Which system should be selected?

Considering the column rupture and explosion example developed earlieralong with the safety system cost data, which SIF option should be chosen?

7/28/2019 Quant Sil

34/40


34




This example can be solved by calculating the annualcost associated with the risk of each option.

For the case with no safety system, the cost of the hazard is $39,900per year

With the first case low-cost system, the RRF of 10 reduces the hazardcost to $39,900/10 = $3,990 per year, while the system itself adds$5,000 per year for a total $8,990 overall annual cost or a net savingsof $30,910 relative to no safety system

Putting each case on an annual cost basis clarifies the choice significantly.Since the first option provides a $31,000 per year savings relative to doingnothing, it has significant potential.

7/28/2019 Quant Sil

35/40


35




Considering the second option in the same way asthe first: For the case with no safety system, the cost of the hazard is $39,900

per year

With the second case higher-cost, higher-performance system, theRRF of 100 reduces the hazard cost to $39,900/100 = $399 per year,while the system itself adds $20,000 per year for a total $20,399 overallannual cost or a net savings of $19,501 relative to no safety system

Thus the SIL 1 SIF is the best option, with the greatest savings of~$31,000 per year relative to doing nothing.

Option Cost of Risk Cost of System Total Cost Total Savings

Do nothing $39,900 $0 $39,900 $0

SIL 1 SIF $3,990 $5,000 $8,990 $30,910

SIL 2 SIF $399 $20,000 $20,399 $19,501

Although the higher performance system reduces the risk cost to only $399per year, its $20,000 per year total cost pushes it to a lower level of savingsthan the SIL 1 SIF option. Thus the SIL 1 SIF is the best option for thissituation.

7/28/2019 Quant Sil

36/40


36



Multiple Receptors per SIF

Occasionally a set of tolerable risk levels and risk estimatesgives different risk reduction factors depending on thepersonnel, environmental, or financial receptors considered

Personnel RRF = 1000

Environmental RRF = 300

Financial RRF = 150

Choose highest RRF = 1000 for specifyingthe system

For multiple receptors per hazard, some companies calculate risk reductionfactors for each receptor. The RRF for the instrumented function in thissituation is chosen to be the highest one, since it will automatically satisfythe other lesser requirements.

7/28/2019 Quant Sil

37/40


37



SIL Assignment

SIL selection is performed based on the RRFcalculated for the SIF

For the heated vessel case, the RRF = 210

Target SIL = SIL 3 The minimum riskreduction for SIF of 1000guarantees that anySIL 3 system will achievethe required risk

reduction factor


SIL 4

SIL 3

SIL 2

SIL 1




>=10-5 to =10-4 to =10-3

to =10-2 to

7/28/2019 Quant Sil

38/40


38



Quantitative SIL Selection Summary

Topics:

Risk and the Context of SIL Selection


Consequence

Likelihood

Risk integrals approach

Required risk reduction

leading to SIL assignment

Concept

Overall ScopeDefinition

Hazard & RiskAnalysis

Overall SafetyRequirements

Safety RequirementsAllocation

5

4

3

2

1

SLC

Analysis

Phase

The lesson began with the safety lifecycle (SLC) context of SIL selection anda brief review of risk, including the idea of defining a level of tolerable risk.The lesson then presented a brief description of the safety instrumentedfunctions to which the SILs are to be assigned. Next the lesson addressedthe consequence and likelihood components of risk in more detail as theyrelate to identifying the existing level of risk in a process or piece ofequipment, including how to determine a hazards consequence and how thelikelihood of a hazard can be quantitatively determined. Then the lessonconsidered the combination of multiple outcomes based on the risk integralsapproach. Finally, based on the difference between the existing risk and thetolerable risk level identified and approved by the organization in question,the risk reduction requirement for the specific SIF was determined and theSIL assignment made.

To be sure the material is thoroughly understood, please take the time to goback and review any parts of this lesson as needed before moving on to thequiz.

7/28/2019 Quant Sil

39/40


39



Additional Resources

For more information on SIL selection and SafetyInstrumented Systems, consider reviewing thefollowing book:Systematic SIL SelectionWith Layer of Protection Analysis

(coming soon to the exida.com web store)

Also considerexida.com on-line lessons on:9 Process Hazards Analysis

9 ALARP and Tolerable Risk

9 Consequence Analysis Overview

9 Introduction to Likelihood Analysis

9 Layer of Protection Analysis (LOPA)9 Qualitative SIL Selection

More information on both qualitative and quantitative SIL selection and someaspects of SIS design is available from books and other training classes.

The forthcoming exida.com book Systematic SIL SelectionWith Layer of

Protection Analysis provides a detailed description of tolerable risk,likelihood, consequence, and general Safety Instrumented Systems with SILselection process examples.

Also consider reviewing the exida.com on-line lessons on process hazardsanalysis, ALARP and tolerable risk, consequence analysis, likelihoodanalysis, layer of protection analysis, and qualitative SIL selection foradditional information.

7/28/2019 Quant Sil

40/40

40



Questions

Questions: Please send any questions [email protected]. We will respond as soonas possible.

Additional Resources:

Free articles are available to download from theexida.com website. These can be reached athttp://www.exida.com/articles.asp.

Additional resources including books, tools, and reports

are available from the exida on-line store. A productlisting is available at http://www.exida.com/products2/.

If you have any questions, please send them via email to [email protected] refer to this particular lesson, Quantitative SIL Selection.

Additional resources are available from the exida.com website, including a

series of free articles that may be downloaded. Books, reports, andengineering tools are available at the exida on-line store.

exida.com is a knowledge company focused on system reliability and safety.We provide training, tools, coaching, and consulting. For general informationabout exida, please view our website at www.exida.com.

Thank you for your interest. Please consider other lessons in the on-linetraining series from exida.com.

Date post:	03-Apr-2018
Category:	Documents
Upload:	mubarik-ali
View:	214 times
Download:	0 times

Quant Sil

Documents