PT Notes
Use of Risk Matrices and Risk Graphs for SIL Determination
PT Notes is a series of topical technical notes provided periodically by Primatech for your benefit. Please feel free to provide feedback.
The IEC 61511 / ISA 84 standard on safety instrumented systems (SISs) requires that safety integrity levels (SILs) be determined for safety instrumented functions (SIFs) that make up SISs. Risk / safety matrix, risk graph, layers of protection analysis (LOPA), and other more quantitative methods are identified as acceptable approaches in the standard, according to the circumstances. Risk matrices and risk graphs are the simplest of the methods and some companies favor them for that reason. Unfortunately, these methods pose difficulties that can only be overcome by using LOPA or other more quantitative methods.
Risk matrices and risk graphs are used to assess the tolerability of the risk of individual hazard scenarios. They suffer from similar difficulties:
- Use with hazardous events is difficult.
SIFs protect against specific hazardous events and the IEC 61511 / ISA 84 standard describes the determination of SILs with reference to hazardous events. Multiple hazard scenarios may be protected by the same SIF. Thus, scenario risks must be aggregated to determine the risk of a hazardous event which is challenging using risk matrix and risk graph approaches.
- Allocation of risk tolerance criteria is problematic.
Overall facility risk tolerance criteria must be allocated to individual scenarios and hazardous events for use with risk matrices and risk graphs in a calibration process that must be performed for each process and facility. Both individual risk and group, or societal, risk are important and they should be addressed in separate calibrations. Unfortunately, calibration can be confusing for practitioners and can lead to incorrect calibrations and erroneous results.
- Overall risk cannot be addressed.
Risk matrices and risk graphs cannot be used to evaluate the overall risk of a process or facility. Their inability to do so is a significant disadvantage as overall risk measures are the only ones that are truly significant.
Risk matrices and risk graphs are being pushed beyond their natural limits in using them for SIL determination. Moreover, their inherent simplifications are not consistent with other detailed requirements of the IEC 61511 / ISA 84 standard. Layers of protection analysis or other more quantitative methods are better suited to SIL determination.
For more information, you can contact Primatech by clicking here or consult the article:
The Use of Risk Matrices and Risk Graphs for SIL Determination, by Paul Baybutt, Process Safety Progress, Vol. 33, Issue 2, pages 179-182, June 2014.
The article is available at: http://onlinelibrary.wiley.com/doi/10.1002/prs.11627/abstract
Click here for information on a related training course.
Click here for information on a related software tool.