Common SIL Myths -------------------------------------------------------------------------------1. Using a SIL 3 logic solver means that I have a SIL 3 system. No.

When using a SIL 3 logic solver, it is critical that the entire system is de signed to conform to SIL 3 requirements. The PFD for the entire system is import ant. If a user installs a SIL 3 logic solver but does not employ appropriate red undancy or does not incorporate components into the system with correct PFD calc ulations, then the entire system may not comply with a SIL 3 level. A chain is on ly as strong as its weakest link. 2. SIL 3 suitable products are better than SIL 1 or SIL 2 suitable products. This is not necessarily true. While a higher SIL level corresponds to a lower pr obability of failure on demand, a SIL 2 suitable product may be perfectly accept able for use in a SIL 3 environment if, for example, the proof testing interval is increased or if redundancy is used. It is very important for an end-user to u nderstand the operating requirements of the products within a given SIL environm ent to ensure that once installed, the products maintain their SIL suitability l evels. Incorrect installation, proof testing, or configuration of the products c ould make the SIL suitability level inaccurate. 3. There are many agencies that are capable of issuing SIL certifications. There are very few nationally accredited bodies that can issue nationally accred ited certifications, including FM, TUV, and Sira. Many unaccredited consulting f irms issue certificates that indicate they have reviewed the product and / or pr ocess for conformance to certain parts of the IEC 61508 standard. The standard d oes not mandate that certain companies or agencies are able to certify products and systems. Rather, it is suggested that analysis is either conducted or valida ted by an independent third party. 4. A vendor can determine whether a system meets the requirements of IEC 61511. No. Only the end user can ensure that the safety system is implemented to be com pliant with the standards. It is up to the user to ensure that procedures have b een followed properly, the proof testing is conducted correctly, and suitable do cumentation of the design, process, and procedures exists. The equipment or syst em must be used in the manner in which it was intended in order to successfully obtain the desired risk reduction level. Just buying SIL 2 or SIL 3 suitable com ponents does not ensure a SIL 2 or SIL 3 system. 5. A customer must purchase a complete SIL based solution, even if some function s do not require a SIL level. For most applications there will only be a few SIF functions being handled by th e system, and the vast majority of the circuits may not need to be SIL rated at all. If the customer specifies SIL 2 or SIL 3 for the entire system he may add c onsiderable cost with little or no benefit or improvement in safety. 6. Safety and Reliability are the same thing. No. Safety and reliability are often linked but are not the same thing. Safety i s defined in the IEC 61508 standards as freedom from unacceptable risk. A safe sys tem should protect from hazards whether it is performing reliably or not. Safety engineering assures that a safety system performs as needed, even when pieces f ail. In fact, safety engineers assume that systems will fail, and design accordi ngly. Reliability is a measure of how well the system does exactly what it is intended to do when operated in a specific manner. A reliable system may not always be a safe system. The challenge in functional safety is to ensure that a system is b oth reliable and safe.