Comprehensive Guide to Functional Safety in Process Automation: SIL, Standards, and Redundancy

Implementing functional safety is critical in the process industries, which include dangerous chemical, petroleum, and petrochemical applications. The systems in these industries, down to the lowest practical level, must be designed to reduce hazards against people, property, and the environment. This is especially crucial in the event of a malfunction or failure. For automation equipment distributors and engineers supplying components like pneumatic valves, understanding these frameworks is essential for delivering secure and compliant solutions.

Core Standards: IEC 61508 and IEC 61511

The fundamental standard governing functional safety is IEC 61508. This standard encompasses electrical, electronic, and programmable electronic safety-related systems. It provides the methods for assessing safety risks using a risk graph and outlines how to design suitable safety functions for sensors, logic circuits, and actuators.

It is important to note that IEC 61508 requirements apply only to complete safety instrumented systems (SIS), not to individual components. A typical SIS consists of several key elements:

• Sensors: Devices such as pressure and temperature sensors, as well as filling level gauges.
• Evaluation Units: Safety programmable logic controllers (PLC) that evaluate inputs and control outputs.
• Automated Process Valves: These assemblies comprise the solenoid valve, actuator, and the process valve itself.

For the process industry specifically, the standard IEC 61511 describes how to implement IEC 61508, with a focus on applications that operate in a low demand mode. Low demand functions have an expected demand rate of less than once a year, unlike high demand safety functions that occur more frequently. To comply, facilities must define and assess risks based on component failure probabilities, implement measures to minimize residual risks, use only evaluated or certified devices, and conduct recurring tests to ensure safety function compliance.

Decoding Safety Integrity Levels (SIL)

Safety Integrity Level (SIL) is an essential metric that measures the safety level or risk expected for a system in terms of the probability of failure on demand (PFD).

• There are four distinct levels, ranging from SIL1 (representing the lowest risk) to SIL4 (representing the highest acceptable risk).
• Generally, as the SIL increases, the associated safety level also increases, while the probability that the system will fail to perform properly decreases.
• Consequently, a system’s complexity, along with its installation and maintenance costs, typically increases with higher SIL ratings.

Calculating SIL goes beyond PFD and depends on several other characteristic values, such as the probability of failure per hour (PFH) during continuous use. Other important metrics include:

• Safe Failure Fraction (SFF): The proportion of safe failures compared to total failures.
• Mean Time Between Failures (MTBF): The average time between two successive failures.
• Hardware Failure Tolerance (HFT): The ability of a system to continue executing its required function during faults. For HFT0, a single failure can eliminate the safety function. For HFT1, at least two failures must occur simultaneously to eliminate the safety function. For HFT2, at least three simultaneous failures are required.

Diverse Redundancy in SIS Architectures

To increase the safety integrity of programmable electronic systems, standards like IEC 61508 and IEC 61511 recommend diverse redundancy.

• 1oo1 (One out of One): This basic architecture features only one element. If the contact fails to open in an emergency, the system could suffer a dangerous failure.
• 1oo2 (One out of Two): This configuration improves system safety by adding redundancy, lowering the PFD because only one contact is required to initiate a safe shutdown. In this setup, two valves are connected in series and energized during operation. If a valve or solenoid fails, the entire system is exhausted to protect it from damage. Media conveyor lines frequently use 1oo2 for this higher safety level.
• 2oo2 (Two out of Two): This design adds redundancy for better process reliability and increases uptime. Because outputs are wired in parallel, both contacts must operate to initiate a shutdown, which reduces the spurious trip rate but increases the PFD. If a valve fails, the system remains active. Cooling circuits typically utilize 2oo2 architecture to maintain constant uptime.
• 2oo3 (Two out of Three): In this configuration, two out of three channels must agree on the output. This provides advanced redundancy, reducing both the spurious trip rate and average PFD for optimal safety and process reliability. However, it requires more components and increases I/O and power consumption. It is commonly used in gas turbines, compressors, and heaters.

Implementing Field-Level Hardware Solutions

For professionals integrating pneumatic automation components, translating these architectures into physical setups requires reliable hardware.

• Redundant NAMUR Blocks: These blocks enable the installation of two solenoid valves (like the Festo VOFC or VOFD Series), providing redundancy for automated process valves. They are available with a fail-safe function (1oo2) or with higher uptime (2oo2) and mount directly on quarter-turn actuators.
• Redundant In-Line Valves: These compact systems combine two VOFD Series valves into one housing, ensuring fail-safe functionality (1oo2) or higher uptime (2oo2). Their special coating allows them to meet strict safety standards and withstand tough ambient conditions.
• Advanced 2oo3 Systems: Combining the NAMUR block and in-line valves creates a 2oo3 system that provides maximum safety and process availability. A key benefit is that users can bypass functions, unlocked with a key, allowing maintenance personnel to replace individual valves during active operation. Furthermore, mechanical pressure indicators or electronic pressure sensors can be mounted directly on the block for reliable status monitoring.

By leveraging these standardized redundant architectures, process facilities—whether expanding locally or into emerging industrial hardware markets like Vietnam—can achieve the rigorous safety integrity required for modern automated systems.