Difference between SIL2 and SIL3 instruments?

Status
Not open for further replies.
srinivasan

srinivasan

Member
Location
Bangalore,India
1) What is the difference between SIL2 and SIL3?
2) Is SIL3 instruments available? or only it possible by providing 2 nos of SIL in same service.
3) How to calculate PFD (possible failure detection ) for instruments.
 
Safety Integrity Level (SIL) is an IEC concept (Std 61508) not commonly used in the US since they aren't really that well understood even in IEC jurisdictions.

In the simplest terms, it is a measurement of safety reliability and is somewhat relative to the equipment and processes involved. There are four levels, "4" being the highest and two categories: equipment and system.

To answer your direct question(s)

  • An SIL 3 would be an order of magnitude (10 times) more reliable than SIL 2 depending on the application.
  • It is difficult to apply the concept at the component level
  • Conduct a rigorous Failure Modes and Effects Analysis (FMEA) systemically.
 
rbalex said:
Safety Integrity Level (SIL) is an IEC concept (Std 61508) not commonly used in the US since they aren't really that well understood even in IEC jurisdictions.

In the simplest terms, it is a measurement of safety reliability and is somewhat relative to the equipment and processes involved. There are four levels, "4" being the highest and two categories: equipment and system.

To answer your direct question(s)

  • An SIL 3 would be an order of magnitude (10 times) more reliable than SIL 2 depending on the application.
  • It is difficult to apply the concept at the component level
  • Conduct a rigorous Failure Modes and Effects Analysis (FMEA) systemically.
Click to expand...
Can you please name one company which will supply pressure or temperature transmitter with SIL3 rating because i heard from my supplier (most trusted US based company) that nobody will supply SIL 3 rating
 
srinivasan said:
Can you please name one company which will supply pressure or temperature transmitter with SIL3 rating because i heard from my supplier (most trusted US based company) that nobody will supply SIL 3 rating
Click to expand...
I'm afraid I can't. As I mentioned, it's not a common term in the US and, where it is used, it's typically a marketing tool used to sell solely IEC rated equipment to unsuspecting customers.
 
Sorry for being late to the party. Just noticed this post.

srinivasan said:
Can you please name one company which will supply pressure or temperature transmitter with SIL3 rating because i heard from my supplier (most trusted US based company) that nobody will supply SIL 3 rating
Click to expand...
ABB.

But just having a SIL3 pressure transmitter is only the beginning of the solution.

While the ABB 2600T pressure transducer can be used in a SIL3 system you will need two of them installed in a 1oo2 (1 out of 2) configuration. In a gross oversimplification, you are essentially installing two SIL2 devices in parallel, either of which can initiate a safety shutdown.

Back to your original questions.

srinivasan said:
1) What is the difference between SIL2 and SIL3?
Click to expand...
Safety Integrity Level is a measure of the probability of a dangerous failure when a demand is placed on the system. i.e. if the pressure exceeds the predetermined limits what is the chance that the system will fail to respond properly. SIL3 = 10^-3 or .001; SIL2 = 10^-2 or .01. This probability includes all parts of the system (input, logic, and output). In a simple case this would be the pressure transmitter, PLC, and pressure relief valve.
srinivasan said:
2) Is SIL3 instruments available? or only it possible by providing 2 nos of SIL in same service.
Click to expand...
As I noted above, there are transmitters that can be used in a SIL3 system, but you will have to use multiple in parallel.
srinivasan said:
3) How to calculate PFD (possible failure detection ) for instruments.
Click to expand...
There is various software available for doing this, if you are good with probabilities you can do it by hand on a piece of paper.

PFD of the system is the sum of the PFD of all the components.

The PFD of each device should be obtained from the manufacturer's data. ABB lists the 2600T at about 3x10^-4. A GuardLogix controller (because I'm familiar with them) is 5.5x10^-6. Input and output modules are roughly the same. And a valve might be about 1x10^-4.

Briefly, (3x10^-4 )^2 gives us the probability of both transmitters failing simultaneously (remember they are in parallel). 3 x (5.5x10^-6) gives us the total of the PLC input, PLC controller, PLC output failing (these are in series). And again (1x10^-4 )^2 gives us the probability of both valves failing.

(3x10^-4 )^2 + 3 x (5.5x10^-6) + (1x10^-4 )^2 = 1.66x10^-5 which exceeds the requirement for a SIL3 system, which is of course 10^-3.

I would recommend using software.
 
Timbert said:
Sorry for being late to the party. Just noticed this post.


ABB.

But just having a SIL3 pressure transmitter is only the beginning of the solution.

While the ABB 2600T pressure transducer can be used in a SIL3 system you will need two of them installed in a 1oo2 (1 out of 2) configuration. In a gross oversimplification, you are essentially installing two SIL2 devices in parallel, either of which can initiate a safety shutdown.

Back to your original questions.


Safety Integrity Level is a measure of the probability of a dangerous failure when a demand is placed on the system. i.e. if the pressure exceeds the predetermined limits what is the chance that the system will fail to respond properly. SIL3 = 10^-3 or .001; SIL2 = 10^-2 or .01. This probability includes all parts of the system (input, logic, and output). In a simple case this would be the pressure transmitter, PLC, and pressure relief valve.
As I noted above, there are transmitters that can be used in a SIL3 system, but you will have to use multiple in parallel.
There is various software available for doing this, if you are good with probabilities you can do it by hand on a piece of paper.

PFD of the system is the sum of the PFD of all the components.

The PFD of each device should be obtained from the manufacturer's data. ABB lists the 2600T at about 3x10^-4. A GuardLogix controller (because I'm familiar with them) is 5.5x10^-6. Input and output modules are roughly the same. And a valve might be about 1x10^-4.

Briefly, (3x10^-4 )^2 gives us the probability of both transmitters failing simultaneously (remember they are in parallel). 3 x (5.5x10^-6) gives us the total of the PLC input, PLC controller, PLC output failing (these are in series). And again (1x10^-4 )^2 gives us the probability of both valves failing.

(3x10^-4 )^2 + 3 x (5.5x10^-6) + (1x10^-4 )^2 = 1.66x10^-5 which exceeds the requirement for a SIL3 system, which is of course 10^-3.

I would recommend using software.
Click to expand...

Dear Timbert,

Thank you for your replies.

There is quit confusion. I mentioned in another thread. see the below spec points and my assumption.

1) System consist of control and ESD system- To obtain this system we are using two instruments in parallel.

2) ESD system is SIL3 and control system is SIL2 - As you mentioned above. I have to use 2 separate transmitters in parallel for ESD and other one transmitter in parallel for control system. So three transmitter i have use for measuring one process condition. Please correct me if i am wrong.

3) ESD with 1oo2 system and ESD with 3oo2 system - For more critical place we have to use three transmitter or in simple 3 switches with different type of measurement methodology (such as float, ultrasound etc). So three instrument in parallel. or in other way, tank will have one level transmitter, one magnetic level indicator with switch output and one float level switch....Please correct me if i am wrong . also explain 3oo2 voting and 2oo1 voting.. to achieve 3002 voting, how many measuring element or how many input is required for PLC.
 
srinivasan said:
1) System consist of control and ESD system- To obtain this system we are using two instruments in parallel.

2) ESD system is SIL3 and control system is SIL2 - As you mentioned above. I have to use 2 separate transmitters in parallel for ESD and other one transmitter in parallel for control system. So three transmitter i have use for measuring one process condition. Please correct me if i am wrong.

3) ESD with 1oo2 system and ESD with 3oo2 system - For more critical place we have to use three transmitter or in simple 3 switches with different type of measurement methodology (such as float, ultrasound etc). So three instrument in parallel. or in other way, tank will have one level transmitter, one magnetic level indicator with switch output and one float level switch....Please correct me if i am wrong . also explain 3oo2 voting and 2oo1 voting.. to achieve 3002 voting, how many measuring element or how many input is required for PLC.
Click to expand...
I'm not an expert when it comes to process safety. I'm just trying to help you understand the concepts. The various architectures are:

1oo1 is one-out-of-one. This is essentially a single channel. If you have a failure, the safety function will not work properly. The failure creates an immediate hazard.

1oo2 is one-out-of-two is an architecture where either one of two independent emergency shutdown devices can successfully stop the machine. This is typically used on emergency stops on a machine where power off is the safe state. This is sometimes called fail-safe, you can have one failure and the system is still safe. If a fault is detected, it is shut down and non-functional until it is repaired. The failure does not create a hazard.

2oo3 is two-out-of-three is an architecture where at least two sensors must agree. It is fail safe like 1oo2, but unlike 1oo2, it will continue to operate after the first failure, so it is fault tolerant. When a 2oo3 system detects a failure, it continues to operate as a 1oo2 system, until repaired or allowing time for a complex process to be brought to a safe state. A single failure does not create a hazard nor does it stop the machine or process.

These architectures are covered in IEC 61508-6.

So for a 2oo3 system you need three sensors, three inputs, three processors, three outputs, and three actuators (all with diagnostics to detect faults). These are very complex and very specialized systems.

If you have a requirement for a 2oo3 system you need to seek an expert in process safety.
 
Status
Not open for further replies.
Top