Instrumentation Engineering Curriculum
Module 6 - SIS-SIL
Module from the Instrumentation Engineering Curriculum curriculum.
SAFETY INSTRUMENTED SYSTEMS (SIS) & SIL · Learning Objectives · 1. Define Safety Instrumented Systems (SIS) and Safety Instrumented Functions (SIF) 2. Apply IEC 61511/ISA 84 lifecycle for SIS design and management 3. Determine SIL requirements using risk graph or LOPA methods 4. Understand PFD (probability of failure on demand) targets per SIL level 5. Specify proof test intervals and common cause failure mitigation · SIL Level Definitions and Requirements
| SIL Level | PFD Range | Risk Reduction Factor | Availability | Architecture (typical) | Proof Test Interval | Typical Refinery Application |
|---|---|---|---|---|---|---|
| SIL 1 | 0.01 to 0.1 | 10 to 100 | 90-99% | 1oo1 (single sensor, single valve) | Annual | Low-pressure alarm trip, level switch interlock |
| SIL 2 | 0.001 to 0.01 | 100 to 1,000 | 99-99.9% | 1oo2 or 2oo3 (redundant sensors) | Semi-annual to annual | Emergency shutdown (ESD), HIPPS, reactor trip |
| SIL 3 | 0.0001 to 0.001 | 1,000 to 10,000 | 99.9-99.99% | 2oo3 or 2oo4 (triple modular redundancy) | Quarterly to semi-annual | Gas detection shutdown, high-integrity pressure protection |
| SIL 4 | 0.00001 to 0.0001 | 10,000 to 100,000 | 99.99-99.999% | Special (not typical in process industry) | Very frequent | Nuclear industry — rarely applied in refining |
| SIF Design Elements | ||||||
| Element | Function | Requirement | Common Failure Mode | Mitigation | Testing | |
| Sensor (initiator) | Detect abnormal condition | SIL-rated transmitter or switch, fail-safe on loss of signal | Sensor drift, plugged impulse line, wiring fault | Redundancy (voting), diagnostics, scheduled calibration | Proof test: apply known input, verify output change | |
| Logic Solver | Process sensor inputs, execute logic, drive outputs | SIL-rated safety PLC (not DCS), watchdog timer, self-diagnostics | CPU failure, memory corruption, power supply | Redundant CPU, voted I/O, separate from BPCS | Full function test: simulate all inputs, verify all outputs | |
| Final Element | Take safe action (close/open valve, trip motor) | SIL-rated valve + actuator, spring-return fail-safe, partial stroke test capable | Valve stuck, actuator failure, solenoid coil failure | Partial stroke testing, redundant solenoids, regular exercising | Full stroke test: verify valve goes to safe position | |
| Power Supply | Provide reliable power to SIS | UPS + battery backup, separate from BPCS power | Battery depletion, UPS inverter failure | Redundant UPS, battery monitoring, diesel generator backup | Battery load test quarterly, UPS test annually | |
| Communication | Signal path from sensor to logic to final element | Hardwired preferred (4-20mA), if fieldbus: SIL-rated protocol | Cable damage, marshalling error, communication timeout | Cable segregation from power, redundant paths, surge protection | End-to-end function test per proof test schedule | |
| Source: IEC 61511-1/2/3, ISA 84.00.01, FOS Chief Files — Relief Valves folder, IPE-EP-12 series, PSSR_Checklist_Template_v1.xlsx |
Source: Instrumentation_Engineering_Curriculum_v1.xlsx · Sheet: Module 6 - SIS-SIL
© 2026 Inflection Point Engineering, LLC. All rights reserved. The content of this page — including calculation methods, reference data, written analysis, interactive tools, and source code — is the intellectual property of Inflection Point Engineering, LLC and is protected under applicable copyright, trademark, and trade secret laws. Unauthorized reproduction, redistribution, modification, or derivative use in whole or in part is prohibited without prior written consent.
Disclaimer. This material is provided for informational and educational purposes only and does not constitute professional engineering advice. Calculations, reference data, and methodologies are based on published standards and accepted engineering practice but are not a substitute for engineering judgment, site-specific analysis, or review by a licensed Professional Engineer. Inflection Point Engineering, LLC makes no warranties, express or implied, regarding the accuracy, completeness, or fitness for a particular purpose of any content presented here, and shall not be liable for any direct, indirect, incidental, or consequential damages arising from its use. Users assume all risk associated with applying this content to real-world design, operations, or decisions.
© 2026 Inflection Point Engineering, LLC. All rights reserved.