What is Safety Integrity Level (SIL)?
Safety Integrity Level (SIL) is a measure of the reliability and availability of safety functions in a safety critical system. It is used to quantify the level of risk reduction that a safety system provides. SIL is a key concept in functional safety, which is the application of engineering principles to ensure that systems are safe. In the railway SIL number is a key part of signalling and train control systems. N.B. the SIL number is applicable to the whole system rather than individual components within it.
The higher the SIL, the more reliable and fault-tolerant the safety system must be.
How is SIL Defined?
SIL levels are defined in IEC 61508, which is an international standard for functional safety. The standard defines four SIL levels, from SIL 1 to SIL 4, with SIL 4 being the most demanding.
SIL is defined in terms of the probability of a safety function failing on demand (PFD). PFD is the probability that a safety function will not perform its required safety function when called upon to do so. The lower the probability of failure, the higher the SIL. For continuous operations such as industrial processes a probability of dangerous failure per hour can also be used.
SIL Levels
A SIL number is the result of a thorough process of assessing how well safety functions and systems can prevent hazardous incidents and mitigate risks.
In general, the process can be:
- Risk Assessment
- Determine Target SIL level
- Calculate The Probability Of Failure On Demand (PFD)
- Compare PFD With SIL Criteria
- Calculate Safety Integrity Level (SIL)
- Iterative Improvement (if SIL level does not achieve target)
- Validation And Verification (often independent)
Standards
IEC 61508 (functional safety of electrical/electronic/programmable electronic safety related systems)
And relating to the railway specifically:
- EN 50128 (railway applications – software for railway control and protection)
- EN 50129 (railway applications – safety related electronic systems for signalling)
- EN 50657 (railway applications – software on board of rolling stock)
SIL Examples
SIL 1 – Systems such as train CCTV or a speed indicator on a train.
SIL 2 – Automatic Train Operation (ATO) systems (usually supported by protection systems at a higher SIL level).
SIL 3 – Low speed depot signalling systems.
SIL 4 – Mainline railway signalling systems.
As the consequences of failure increase, so too does the SIL number of the system needed to prevent that dangerous occurrence from happening.
Conclusion
Safety Integrity Levels (SIL) are a safety reliability promise. SIL is a measure of the risk reduction achieved by a safety critical system. SIL is not just a number; it is the result of a comprehensive process to assess and prioritise safety critical processes. SIL is a guiding principle in design and operation and can also act as a benchmark for improvement.
What SIL level are Sensonic products?
SIL levels are only appropriate for safety critical systems. Sensonic applications provide information to railways, they do not directly control safety critical operations, so a SIL rating is not appropriate. Much like a fuel gauge on a car gives information, it is the driver who makes the decision when to stop to refuel. Sensonic provides information and insight to railways, the railways decide how to best use it.
