Re: [SystemSafety] SIL ratings to be scrapped?

From: Jensen, Martin Faurschou < >
Date: Thu, 22 Aug 2013 09:30:22 +0200


I agree with the arguments below when it comes to systems, but we have to keep in mind that 61508 is also used for the development of single elements. For a sensor, designed and developed for use in a SIS, the demand mode makes sense, as this only needs to detect and report a situation, and does not need to contribute in maintaining the safe state afterwards.

With best regards,
Martin Faurschou Jensen

Siemens A/S
Flow Instruments
I IA SC PI 3 R&D QP
Nordborgvej 81
6430 Nordborg, Denmark
Tel.: +45 7488 2685
mailto:martin-faurschou.jensen_at_xxxxxx

-----Original Message-----
Sent: 22. august 2013 09:20
To: Peter Bernard Ladkin; systemsafety_at_xxxxxx Subject: Re: [SystemSafety] SIL ratings to be scrapped?

I have discussed this mater several times. I think that low demand criteria should disappear because it is usually a fallacious argument.

"However, an on-demand function usually requires a continuous-mode function to monitor the conditions whose status triggers the demand, and if this is built-in to the function itself, as it often is in E/E/PE systems, then the function becomes subject to continuous-mode SIL criteria. So there is much lower call for the demand-mode SIL criteria and it is plausible that they may disappear at some point."

-----Mensaje original-----
Enviado el: miércoles, 21 de agosto de 2013 16:47 Para: systemsafety_at_xxxxxx Asunto: Re: [SystemSafety] SIL ratings to be scrapped?

Chris,

On 8/21/13 4:25 PM, Chris Hills wrote:
> I have just been taking to one of my customers who do control systems
> for industrial systems. They have been told by someone they are doing a system for that SIL ratings will "soon be scrapped".
> Apparently "It will be replaced by ALARP".

When the system development is governed by IEC 61508 or its national equivalents (it is also an EN and these are taken by EU member countries as national standards), then there is no indication that SILs will disappear. The current edition of IEC 61508 is IEC 61508:2010 and the next maintenance action is due to start in 2014 and will likely take two years. Beyond that, it takes some time (up to a year) before a newly published standard becomes the only reference standard (there is a period of time in which both old and new editions are accepted). So, 2017 at the earliest.

I also see no movement, or even rumor, amongst my committee colleagues towards eliminating SILs from the next edition of IEC 61508.

Related, though, might be a concern about whether to eliminate the distinction between on-demand and continuous modes of operation. In contrast to some of my eminent colleagues, I think it is useful to distinguish between system functions which are on-demand and those which are continuous. However, an on-demand function usually requires a continuous-mode function to monitor the conditions whose status triggers the demand, and if this is built-in to the function itself, as it often is in E/E/PE systems, then the function becomes subject to continuous-mode SIL criteria. So there is much lower call for the demand-mode SIL criteria and it is plausible that they may disappear at some point.

PBL

--
Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany
Tel+msg +49 (0)521 880 7319  www.rvs.uni-bielefeld.de




_______________________________________________
The System Safety Mailing List
systemsafety_at_xxxxxx
_______________________________________________
The System Safety Mailing List
systemsafety_at_xxxxxx
_______________________________________________
The System Safety Mailing List
systemsafety_at_xxxxxx
Received on Thu Aug 22 2013 - 09:30:35 CEST

This archive was generated by hypermail 2.3.0 : Thu Apr 18 2019 - 12:17:05 CEST