|
|
1. Using a SIL 3 logic solver means
that I have a SIL 3 system.
No. When using a SIL 3 logic solver, it is critical that the entire
system is designed to conform to SIL 3 requirements. The PFD for the
entire system is important. If a user installs a SIL 3 logic solver
but does not employ appropriate redundancy or does not incorporate
components into the system with correct PFD calculations, then the
entire system may not comply with a SIL 3 level. “A chain is
only as strong as its weakest link.”
2. SIL 3 suitable products
are better than SIL 1 or SIL 2 suitable products.
This is not necessarily true. While a higher SIL level corresponds
to a lower probability of failure on demand, a SIL 2 suitable product
may be perfectly acceptable for use in a SIL 3 environment if, for
example, the proof testing interval is increased or if redundancy
is used. It is very important for an end-user to understand the operating
requirements of the products within a given SIL environment to ensure
that once installed, the products maintain their SIL suitability levels.
Incorrect installation, proof testing, or configuration of the products
could make the SIL suitability level inaccurate.
3. There are many agencies that are capable of issuing SIL certifications.
There are very few nationally accredited bodies that can issue nationally accredited certifications. Other consulting firms issue certificates that indicate that the product and / or process has been reviewed by an independent third party. The standards do not mandate that certain agencies are able to certify products and systems. Rather, it is suggested that analysis is either conducted or validated by an independent third party. There are a variety of agencies that perform this service.
4. A vendor can determine whether
a system meets the requirements of IEC 61511.
No. Only the end user can ensure that the safety system is implemented
to be compliant with the standards. It is up to the user to ensure
that procedures have been followed properly, the proof testing is
conducted correctly, and suitable documentation of the design, process,
and procedures exists. The equipment or system must be used in the
manner in which it was intended in order to successfully obtain the
desired risk reduction level. Just buying SIL 2 or SIL 3 suitable
components does not ensure a SIL 2 or SIL 3 system.
5. A customer must purchase
a complete SIL based solution, even if some functions do not require
a SIL level.
For most applications there will only be a few SIF functions being
handled by the system, and the vast majority of the circuits may not
need to be SIL rated at all. If the customer specifies SIL 2 or SIL
3 for the entire system he may add considerable cost with little or
no benefit or improvement in safety.
6. “Safety” and
“Reliability” are the same thing.
No. Safety and reliability are often linked but are not the same thing.
Safety is defined in the IEC 61508 standards as “freedom from
unacceptable risk.” A safe system should protect from hazards
whether it is performing reliably or not. Safety engineering assures
that a safety system performs as needed, even when pieces fail. In
fact, safety engineers assume that systems will fail, and design accordingly.
Reliability is a measure of how well the system does exactly what
it is intended to do when operated in a specific manner. A reliable
system may not always be a safe system. The challenge in functional
safety is to ensure that a system is both reliable and safe.
|
|
