2014 Spring Meeting & 10th Global Congress on Process Safety

(16a) Overcoming Challenges In Using Layers Of Protection Analysis (LOPA) To Determine Safety Integrity Levels (SILs)

The international standard on safety instrumented systems (SISs), IEC 61511 / ISA 84, requires the determination of safety integrity levels (SILs) for safety instrumented functions (SIFs) in SISs. Arguably, this is the most important requirement in the standard. Various methods are used for SIL determination including risk matrices and risk graphs, although layers of protection analysis (LOPA) is used increasingly.

In employing these methods, a determination must be made as to whether existing levels of process risks are tolerable by comparing estimates of risk for a process with risk tolerance criteria. If a risk gap is found, the SIL required to close the gap is specified. This determination requires setting risk tolerance criteria and making risk estimates.

LOPA is used to calculate the risk of individual hazard scenarios. Consequently, in order to simplify the determination of SILs using LOPA, overall risk tolerance criteria often are allocated to individual hazard scenarios so that risk estimates for scenarios can be compared with the allocated criteria. Sometimes hazardous events are used and the risks of scenarios that involve the same hazardous event are aggregated. Unfortunately, allocation of facility risk tolerance criteria to scenarios or events is fraught with difficulties. Both individual and group risk should be addressed for people and separate allocations are needed but often they are not employed. The numbers of scenarios and events must be estimated but these numbers are subject to uncertainty resulting in questionable criteria. Furthermore, it is difficult to define and use scenarios and events equivalently from the perspective of risk allocation. Consequently, use of LOPA with allocated risk tolerance criteria can produce inaccurate results within a facility and inconsistent results across facilities.

A procedure is provided for SIL determination using LOPA in which facility risk tolerance criteria are used meaningfully and justifiably. The procedure entails the calculation of overall facility risk and an examination of contributions to the risks to individuals and groups of people from sources of risk such as different types of hazards, different modes of process operation, and different units and processes. The procedure is illustrated with an example.