Should the risk assessment establish that the required SIL cannot be achieved by a SIL4 SIF, then alternative arrangements must be designed, such as non-instrumented safeguards (e.g, a pressure relief valve).
These are normally used in combination, and may include:[1] Of the methods presented above, LOPA is by far the most commonly used in large industrial facilities, such as for example chemical process plants.
The assignment may be tested using both pragmatic and controllability approaches, applying industry guidance such as the one published by the UK HSE.
The actual targets required vary depending on the likelihood of a demand, the complexity of the device(s), and types of redundancy used.
PFD (probability of dangerous failure on demand) and RRF (risk reduction factor) of low demand operation for different SILs as defined in IEC EN 61508 are as follows: For continuous operation, these change to the following, where PFH is probability of dangerous failure per hour.
The tolerable level of these risks is specified as a safety requirement in the form of a target 'probability of a dangerous failure' in a given period of time, stated as a discrete SIL.
Certification is achieved by proving the functional safety capability (FSC) of the organization, usually by assessment of its functional safety management (FSM) program, and the assessment of the design and life-cycle activities of the product to be certified, which is conducted based on specifications, design documents, test specifications and results, failure rate predictions, FMEAs, etc.