IEC 61508 - how to perform a greater SIL level with 2 basics products

 

Is it possible to obtain a higher level of safety Integrity with two redundant Safety functions that have each one with a lower level of SIL

IEC 61508 defines two kinds of requirements :

1) requirements in terms of architecture based mainly on Hardware fault tolerance (see below tables 2 and 3 of IEC 61508-2). Based on these tables you can do your own architecture for a SIL level with the components and in some cases blocks that do not have the required SIL level - for example 2 SIL 2 Channels in parallel to perform a SIL 3 safety function are in some cases possible (after assessment of course).

Table 2 – Maximum allowable safety integrity level for a safety function carried out by a type A safety-related element or subsystem

Safe failure fraction of an element

Hardware fault tolerance (HFT)

 

0

1

2

< 60  %

SIL 1

SIL 2

SIL 3

60 % – < 90 %

SIL 2

SIL 3

SIL 4

90 % – < 99 %

SIL 3

SIL 4

SIL 4

³ 99  %

SIL 3

SIL 4

SIL 4

 

Table 3 – Maximum allowable safety integrity level for a safety function carried out by a type B safety-related element or subsystem

Safe failure fraction of an element

Hardware fault tolerance (HFT)

 

0

1

2

<60  %

Not Allowed

SIL 1

SIL 2

60 % – <90 %

SIL 1

SIL 2

SIL 3

90 % – <99 %

SIL 2

SIL 3

SIL 4

³ 99  %

SIL 3

SIL 4

SIL 4

BUT and there is a BUT you must in addition :

2) fullfill the second requirements of IEC 61508-3 for Software.

In this case 2 simple SIL 2 products that comply with the requirements of architecture (regarding HFT) CAN NOT fullfill the SIL 3 level if their software satisfy only with SIL 2 level. Additionals measures are necessary.

3) fullfill the additionnal requirements of EN 61326-3-1 et EN 61326-3-2 in terms of EMC for SIL 3 level (see IEC 61508-2 tables E1, E2, …)

English