There is an increasing trend for End-users to adopt IEC61508 (SIL) certified devices for their SIS loops. William A. Swartz and Monica L. Hochleitner of exida.com brilliantly describe in their whitepaper titled "3 Important Factors in Evaluating your SIL Certified Device" talk about the importance of ABC of SIL Certified Devices. The factors that they mention are:
1. Architectural Constraints: The authors of the white mention that architectural constraints are a function of device type (Type A - "non-complex" devices using descrete elements or Type B - "complex" devices using micro-controllers or programmable logic) and its Safe Failure Fraction. A Type A device with an SFF between 60% and 90% can be used in a SIL2 Safety Function as a single device. Whereas a Type B device with an SFF between 90% and 99% can be used in a SIL2 Safety Function as a single device and also in a SIL2 Safety Function when used in a redundant architecture such as 1 out of 2. If such a device were to be certified, its certificiate would indicate: "SIL2 capable @ HFT =0 and SIL3 capable @ HFT=1 ".
2. Beta and Probability of Failure on Demand: The Probability of Failure on Demand or PFD is a more complex concept. Each component in a Safety Instrumented Function (SIF) contributes to the overall PFD of the SIF.
• For a SIF to be classified SIL1, the PFDavg must be between 0.0100 and 0.1000. • For a SIF to be classified SIL2, the PFDavg must be between 0.0010 and 0.0100. • For a SIF to be classified SIL3, the PFDavg must be between 0.0001 and 0.0010.
The PFDavg of an individual device determines the device's contribution to the PFDavg of the Safety Function. Usually, final control elements are the highest contributors of PFD to the overall PFD of the SIF. The next highest contributors are sensors and / or logic solvers. For qualifying for a Safety Instrumented Function, the PFD contribution of a device should be low enough to allow for PFD of the other devices in the Safety Instrumented Function.
3. Certification to IEC 61508: The reliability of a device when it is just manufactured does not guarantee the future reliability of the device. Hence the most important consideration for a Safety Engineer is whether the device is IEC 61508 certified. It is necessary for the manufacturer's Design and Manufacturing processes meet specific IEC61508 requirements based on the SIL Capable Level on the certificate.
The original whitepaper can be accessed here.