Download presentation
Presentation is loading. Please wait.
Published byKory Stephens Modified over 9 years ago
1
Telecom and Informatics 1 PSAM6, San Juan, Puerto Rico, USA - June 2002 ALLOCATING SAFETY INTEGRITY LEVELS IN PRACTICE Odd Nordland SINTEF, Trondheim, Norway odd.nordland@sintef.no www.informatics.sintef.no/~nordland
2
Telecom and Informatics 2 PSAM6, San Juan, Puerto Rico, USA - June 2002 ALLOCATING SAFETY INTEGRITY LEVELS IN PRACTICE Introduction Safety Integrity Safety Integrity Levels Risk Acceptability Allocating SILs Problems Conclusions
3
Telecom and Informatics 3 PSAM6, San Juan, Puerto Rico, USA - June 2002 ALLOCATING SAFETY INTEGRITY LEVELS IN PRACTICE Safety Integrity Things can go wrong, so we need additional functionality Safety Functions to reduce the risks Safety functions can have varied implementation measures active functionality design properties administrative measures any combination of the above Failure of part of the implementation does not mean total loss of the safety function Safety Integrity = Ability of a safety function to continue to be effective in spite of deterioration of its implementation
4
Telecom and Informatics 4 PSAM6, San Juan, Puerto Rico, USA - June 2002 ALLOCATING SAFETY INTEGRITY LEVELS IN PRACTICE Safety Integrity Levels Degree of Safety Integrity is determined by number of implementation measures how effective they are how vulnerable they are how independent they are... Many different degrees of safety integrity, grouped into 5 levels: SIL 0 = no safety integrity at all... SIL 4 = highest possible level For "important" safety functions, a high SIL will be demanded Safety Integrity Levels depend on Risk Acceptability
5
Telecom and Informatics 5 PSAM6, San Juan, Puerto Rico, USA - June 2002 ALLOCATING SAFETY INTEGRITY LEVELS IN PRACTICE Risk Acceptability ALARP Risk shall be brought As Low As Reasonably Practicable 3 risk zones: unacceptable, acceptable, negligible assumes that we know where the acceptable limit is GAMAB Any modification shall leave a system globally at least as good ("Globalement Au Moins Aussi Bon") as it was allows for redistribution of risks assumes current level is already acceptable MEM Starts with lowest technological mortality rate in the population (Minimum Endogenous Mortality) a new system should not increase that mortality rate significantly assumes that the current mortality rate is acceptable
6
Telecom and Informatics 6 PSAM6, San Juan, Puerto Rico, USA - June 2002 ALLOCATING SAFETY INTEGRITY LEVELS IN PRACTICE Allocating SILs Determine risks Determine acceptable risk levels Identify safety functions Based on risk acceptance level, determine safety integrity level for each safety function Identify implementation measures for each safety function Based on the safety integrity level for each function, determine tolerable failure rates for each implementation measure OR JUST DEMAND SIL 4 BY DEFAULT!
7
Telecom and Informatics 7 PSAM6, San Juan, Puerto Rico, USA - June 2002 ALLOCATING SAFETY INTEGRITY LEVELS IN PRACTICE Problems SIL 4 is EXPENSIVE Systems that have been working satisfactorily don't necessarily fulfil SIL 4 requirements Do we always need SIL 4? The relationship between failure rates and SILs is often misunderstood: SILs depend on failure rates of safety functions Exaggerated demands on equipment because non-technical measures are ignored Risk acceptability is controversial
8
Telecom and Informatics 8 PSAM6, San Juan, Puerto Rico, USA - June 2002 ALLOCATING SAFETY INTEGRITY LEVELS IN PRACTICE Conclusions Agreed methods for determining acceptable risk levels must be determined Demanding the highest safety integrity level by default is a political decision; a proper analysis could show that a lower safety integrity level is sufficient Non-technical measures for implementing safety functions must be included in the analyses Apply the standards correctly: perform risk acceptability analyses first identify the safety functions next then allocate SILs
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.