CENELEC - EN 61511-3
Functional safety - Safety instrumented systems for the process industry sector - Part 3: Guidance for the determination of the required safety integrity levels
|Publication Date:||1 April 2017|
|ICS Code (Industrial automation systems in general):||25.040.01|
|ICS Code (Safety of machinery):||13.110|
This part of IEC 61511 provides information on:
- the underlying concepts of risk and the relationship of risk to safety integrity (see Clause A.4);
- the determination of tolerable risk (see Annex K);
- a number of different methods that enable the safety integrity level (SIL) for the safety instrumented functions (SIF) to be determined (see Annexes B through K);
- the impact of multiple safety systems on calculations determining the ability to achieve the desired risk reduction (see Annex J).
In particular, this part of IEC 61511:
a) applies when functional safety is achieved using one or more SIF for the protection of either personnel, the general public, or the environment;
b) may be applied in non-safety applications such as asset protection;
c) illustrates typical hazard and risk assessment methods that may be carried out to define the safety functional requirements and SIL of each SIF;
d) illustrates techniques/measures available for determining the required SIL;
e) provides a framework for establishing SIL but does not specify the SIL required for specific applications;
f) does not give examples of determining the requirements for other methods of risk reduction.
NOTE Examples given in the Annexes of this Standard are intended only as case specific examples of implementing IEC 61511 requirements in a specific instance, and the user should satisfy themselves that the chosen methods and techniques are appropriate to their situation.
Annexes B through K illustrate quantitative and qualitative approaches and have been simplified in order to illustrate the underlying principles. These annexes have been included to illustrate the general principles of a number of methods but do not provide a definitive account.
NOTE 1 Those intending to apply the methods indicated in these annexes can consult the source material referenced in each annex.
NOTE 2 The methods of SIL determination included in Part 3 may not be suitable for all applications. In particular, specific techniques or additional factors that are not illustrated may be required for high demand or continuous mode of operation.
NOTE 3 The methods as illustrated herein may result in non-conservative results when they are used beyond their underlying limits and when factors such as common cause, fault tolerance, holistic considerations of the application, lack of experience with the method being used, independence of the protection layers, etc., are not properly considered. See Annex J.
Figure 2 gives an overview of typical protection layers and risk reduction means.