Fig. 3, Fig. 4 – Flowserve NRS 1-51 User Manual

7

Functional Safety acc. to IEC 61508

– continued –

Determination of the Safety Integrity Level (SIL) for safety-related systems

Level electrode, level switch and actuators (auxiliary contactors in control circuit) are subsystems and

together constitute a safety-related system that executes a safety function.
The specification of the safety-related characteristics

Fig. 1 refers to the level electrode and the level

switch including the output contacts. The actuator (e. g. an auxiliary contactor in the control circuit) is

installation specific and, according to IEC 6508, must be considered separately for the whole safety-

related system.

Table

Fig. 3 shows the dependence of the Safety Integrity Level (SIL) on the average probability of failure

on demand of a safety function for the

whole safety-related system (PFD

sys

). The “Low demand mode”

is here considered for a water level limiter, which means that the frequency of demands for operation of

the safety-related system is no greater than one per year.

Low demand mode PFD

sys

Safety Integrity Level

(SIL)

≥ 0

-5

... < 0

-4

4

≥ 0

-4

... < 0

-3

3

≥ 0

-3

... < 0

-

≥ 0

-

... < 0

-

Fig. 3

The table in

Fig. 4 indicates the attainable Safety Integrity Level (SIL) as a function of the Safe Failure

Fraction (SFF) and the Hardware Fault Tolerance (HFT) for safety-related systems.

Hardware Fault Tolerance (HFT) for type B

Safe Failure Fraction

(SFF)

0

SIL

SIL

< 60 %

SIL

SIL

SIL 3

60 % – < 90 %

SIL

SIL 3

SIL 4

90 % – < 99 %

SIL 3

SIL 4

SIL 4

≥ 99 %

Fig. 4