In places where the failure of systems can cause large damages or harm, these systems have to adhere to strict requirements regarding reliability. Damages do not just include material damages, but also for example economic damage. SIL is short for Safety Integrity Level and is a systematic method for the evaluation of electric, electronic and programmable electronic systems. The method is aimed at identifying the ways in which a system can fail, determining the probability of this occurring, and determining the severity of the consequences of a failure. Along with this belongs, if deemed necessary, the definition and taking of adequate measures to reduce the probability of a dangerous failure to an acceptable level.
SIL knows four levels, from SIL1 to SIL4, where for every level the maximum probability for a dangerous failure per hour is defined. This maximally allowed probability for a system that is used once a year or more for example for SIL1 lies between ≥ 10−6 and < 10−5 and for SIL4 only < 10−8 .
The most important standard with regard to SIL is the EN-IEC61508. In there, along with requirements, system architectures are also described. In terms of measures with regard to reducing the probability of a dangerous failure, one could for example make use of redundant circuits or the comparison and guarding of in-between results in a chain of diagnostics.
SIL is not required by law, but it is very important to ensure safety and therefore often used. Requirements in the field of safety in the form of a SIL-certification are therefore often set in for example lift systems, but also in the offshore-, entertainment-, chemical and process industry.
For the development of a system or a product with requirements in the field of SIL, in principal knowledge about the relevant standards needs to be present. Subsequently, based on that, and of course in combination with the desired functionality, a fitting system architecture needs to be designed, after which the electronics can be designed.
To ensure the SIL of a design, a FMEA (Failure Modes and Effects Analysis), or a FMEDA (Failure Modes, Effects and Diagnostics Analysis) needs to be performed. The best result is achieved if this is implemented as early as possible in the development and maintained throughout the entire design process. A FMEA/FMEDA is applied on the hardware to the component level and additionally applied to the entire software. For this, the hardware and software design process needs to be in good order.
Finally, extensive testing is required, think of for example statistical code analysis, unit testing and error-injection tests. Cooperation with a notified body, such as for example the Liftinstitute when a lift is concerned, is crucial to ensure that the entire process is run well and quickly.
As a result of her experience, HedoN knows which steps need to be taken to successfully undergo the entire development and certification process, also for programmable electronic systems.
HedoN has developed various products that meet SIL2, which means that the probability of a dangerous failure per hour of company time lies between ≥ 10−7 and < 10−6. A few examples can be viewed via the links underneath.