IEC 61511-3:2016

IEC 61511-3 ®
Edition 2.0 2016-07
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Functional safety – Safety instrumented systems for the process industry
sector –
Part 3: Guidance for the determination of the required safety integrity levels

Sécurité fonctionnelle – Systèmes instrumentés de sécurité pour le secteur des
industries de transformation –
Partie 3: Conseils pour la détermination des niveaux exigés d'intégrité de
sécurité
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.

Droits de reproduction réservés. Sauf indication contraire, aucune partie de cette publication ne peut être reproduite
ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie
et les microfilms, sans l'accord écrit de l'IEC ou du Comité national de l'IEC du pays du demandeur. Si vous avez des
questions sur le copyright de l'IEC ou si vous désirez obtenir des droits supplémentaires sur cette publication, utilisez
les coordonnées ci-après ou contactez le Comité national de l'IEC de votre pays de résidence.

IEC Central Office Tel.: +41 22 919 02 11
3, rue de Varembé Fax: +41 22 919 03 00
CH-1211 Geneva 20 info@iec.ch
Switzerland www.iec.ch
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.

About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigenda or an amendment might have been published.

IEC Catalogue - webstore.iec.ch/catalogue Electropedia - www.electropedia.org
The stand-alone application for consulting the entire The world's leading online dictionary of electronic and
bibliographical information on IEC International Standards, electrical terms containing 20 000 terms and definitions in
Technical Specifications, Technical Reports and other English and French, with equivalent terms in 15 additional
documents. Available for PC, Mac OS, Android Tablets and languages. Also known as the International Electrotechnical
iPad. Vocabulary (IEV) online.

IEC publications search - www.iec.ch/searchpub IEC Glossary - std.iec.ch/glossary
The advanced search enables to find IEC publications by a 65 000 electrotechnical terminology entries in English and
variety of criteria (reference number, text, technical French extracted from the Terms and Definitions clause of
committee,…). It also gives information on projects, replaced IEC publications issued since 2002. Some entries have been
and withdrawn publications. collected from earlier publications of IEC TC 37, 77, 86 and

CISPR.
IEC Just Published - webstore.iec.ch/justpublished

Stay up to date on all new IEC publications. Just Published IEC Customer Service Centre - webstore.iec.ch/csc
details all new publications released. Available online and If you wish to give us your feedback on this publication or
also once a month by email. need further assistance, please contact the Customer Service
Centre: csc@iec.ch.
A propos de l'IEC
La Commission Electrotechnique Internationale (IEC) est la première organisation mondiale qui élabore et publie des
Normes internationales pour tout ce qui a trait à l'électricité, à l'électronique et aux technologies apparentées.

A propos des publications IEC
Le contenu technique des publications IEC est constamment revu. Veuillez vous assurer que vous possédez l’édition la
plus récente, un corrigendum ou amendement peut avoir été publié.

Catalogue IEC - webstore.iec.ch/catalogue Electropedia - www.electropedia.org
Application autonome pour consulter tous les renseignements
Le premier dictionnaire en ligne de termes électroniques et
bibliographiques sur les Normes internationales,
électriques. Il contient 20 000 termes et définitions en anglais
Spécifications techniques, Rapports techniques et autres
et en français, ainsi que les termes équivalents dans 15
documents de l'IEC. Disponible pour PC, Mac OS, tablettes
langues additionnelles. Egalement appelé Vocabulaire
Android et iPad.
Electrotechnique International (IEV) en ligne.

Recherche de publications IEC - www.iec.ch/searchpub
Glossaire IEC - std.iec.ch/glossary
La recherche avancée permet de trouver des publications IEC 65 000 entrées terminologiques électrotechniques, en anglais
en utilisant différents critères (numéro de référence, texte, et en français, extraites des articles Termes et Définitions des
comité d’études,…). Elle donne aussi des informations sur les publications IEC parues depuis 2002. Plus certaines entrées
projets et les publications remplacées ou retirées. antérieures extraites des publications des CE 37, 77, 86 et

CISPR de l'IEC.
IEC Just Published - webstore.iec.ch/justpublished

Service Clients - webstore.iec.ch/csc
Restez informé sur les nouvelles publications IEC. Just
Published détaille les nouvelles publications parues. Si vous désirez nous donner des commentaires sur cette
Disponible en ligne et aussi une fois par mois par email. publication ou si vous avez des questions contactez-nous:
csc@iec.ch.
IEC 61511-3 ®
Edition 2.0 2016-07
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Functional safety – Safety instrumented systems for the process industry

sector –
Part 3: Guidance for the determination of the required safety integrity levels

Sécurité fonctionnelle – Systèmes instrumentés de sécurité pour le secteur des

industries de transformation –

Partie 3: Conseils pour la détermination des niveaux exigés d'intégrité de

sécurité
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 13.110; 25.040.01 ISBN 978-2-8322-3212-5

– 2 – IEC 61511-3:2016  IEC 2016
CONTENTS
FOREWORD. 7
INTRODUCTION . 9
1 Scope . 12
2 Normative references . 13
3 Terms, definitions and abbreviations . 13
Annex A (informative) Risk and safety integrity – general guidance . 14
A.1 General . 14
A.2 Necessary risk reduction . 14
A.3 Role of safety instrumented systems . 14
A.4 Risk and safety integrity . 16
A.5 Allocation of safety requirements . 17
A.6 Hazardous event, hazardous situation and harmful event . 17
A.7 Safety integrity levels . 18
A.8 Selection of the method for determining the required safety integrity level . 18
Annex B (informative) Semi-quantitative method – event tree analysis . 20
B.1 Overview . 20
B.2 Compliance with IEC 61511-1:2016 . 20
B.3 Example . 20
B.3.1 General . 20
B.3.2 Process safety target . 21
B.3.3 Hazard analysis . 21
B.3.4 Semi-quantitative risk analysis technique. 22
B.3.5 Risk analysis of existing process . 23
B.3.6 Events that do not meet the process safety target . 25
B.3.7 Risk reduction using other protection layers . 26
B.3.8 Risk reduction using a safety instrumented function . 26
Annex C (informative) The safety layer matrix method . 28
C.1 Overview . 28
C.2 Process safety target . 29
C.3 Hazard analysis . 29
C.4 Risk analysis technique . 30
C.5 Safety layer matrix . 31
C.6 General procedure . 32
Annex D (informative) A semi-qualitative method: calibrated risk graph . 34
D.1 Overview . 34
D.2 Risk graph synthesis . 34
D.3 Calibration . 35
D.4 Membership and organization of the team undertaking the SIL assessment . 36
D.5 Documentation of results of SIL determination . 37
D.6 Example calibration based on typical criteria . 37
D.7 Using risk graphs where the consequences are environmental damage . 40
D.8 Using risk graphs where the consequences are asset loss . 41
D.9 Determining the integrity level of instrument protection function where the
consequences of failure involve more than one type of loss . 41
Annex E (informative) A qualitative method: risk graph . 42

E.1 General . 42
E.2 Typical implementation of instrumented functions . 42
E.3 Risk graph synthesis . 43
E.4 Risk graph implementation: personnel protection . 43
E.5 Relevant issues to be considered during application of risk graphs . 45
Annex F (informative) Layer of protection analysis (LOPA) . 47
F.1 Overview . 47
F.2 Impact event . 48
F.3 Severity level . 48
F.4 Initiating cause . 49
F.5 Initiation likelihood . 50
F.6 Protection layers . 50
F.7 Additional mitigation . 51
F.8 Independent protection layers (IPL) . 51
F.9 Intermediate event likelihood . 52
F.10 SIF integrity level . 52
F.11 Mitigated event likelihood . 52
F.12 Total risk . 52
F.13 Example . 53
F.13.1 General . 53
F.13.2 Impact event and severity level . 53
F.13.3 Initiating cause . 53
F.13.4 Initiating likelihood . 53
F.13.5 General process design. 53
F.13.6 BPCS . 53
F.13.7 Alarms . 53
F.13.8 Additional mitigation . 54
F.13.9 Independent protection layer(s) (IPL) . 54
F.13.10 Intermediate event likelihood . 54
F.13.11 SIS . 54
F.13.12 Next SIF . 54
Annex G (informative) Layer of protection analysis using a risk matrix . 56
G.1 Overview . 56
G.2 Procedure . 58
G.2.1 General . 58
G.2.2 Step 1: General Information and node definition . 58
G.2.3 Step 2: Describe hazardous event . 59
G.2.4 Step 3: Evaluate initiating event frequency . 62
G.2.5 Step 4: Determine hazardous event consequence severity and risk
reduction factor . 63
G.2.6 Step 5: Identify independent protection layers and risk reduction factor . 64
G.2.7 Step 6: Identify consequence mitigation systems and risk reduction
factor . 65
G.2.8 Step 7: Determine CMS risk gap . 66
G.2.9 Step 8: Determine scenario risk gap . 69
G.2.10 Step 9: Make recommendations when needed . 69
Annex H (informative) A qualitative approach for risk estimation & safety integrity level
(SIL) assignment . 71
H.1 Overview . 71

– 4 – IEC 61511-3:2016  IEC 2016
H.2 Risk estimation and SIL assignment . 73
H.2.1 General . 73
H.2.2 Hazard identification/indication . 73
H.2.3 Risk estimation . 73
H.2.4 Consequence parameter selection (C) (Table H.2) . 74
H.2.5 Probability of occurrence of that harm . 75
H.2.6 Estimating probability of harm . 77
H.2.7 SIL assignment . 77
Annex I (informative) Designing & calibrating a risk graph . 80
I.1 Overview . 80
I.2 Steps involved in risk graph design and calibration . 80
I.3 Risk graph development . 80
I.4 The risk graph parameters . 81
I.4.1 Choosing parameters . 81
I.4.2 Number of parameters. 81
I.4.3 Parameter value. 81
I.4.4 Parameter definition . 81
I.4.5 Risk graph . 82
I.4.6 Tolerable event frequencies (Tef) for each consequence . 82
I.4.7 Calibration . 83
I.4.8 Completion of the risk graph . 84
Annex J (informative) Multiple safety systems . 85
J.1 Overview . 85
J.2 Notion of systemic dependencies . 85
J.3 Semi-quantitative approaches . 88
J.4 Boolean approaches . 89
J.5 State-transition approach . 92
Annex K (informative) As low as reasonably practicable (ALARP) and tolerable risk
concepts . 96
K.1 General . 96
K.2 ALARP model . 96
K.2.1 Overview . 96
K.2.2 Tolerable risk target . 97
Bibliography . 99

Figure 1 – Overall framework of the IEC 61511 series . 11
Figure 2 – Typical protection layers and risk reduction means . 13
Figure A.1 – Risk reduction: general concepts . 16
Figure A.2 – Risk and safety integrity concepts . 17
Figure A.3 – Harmful event progression . 18
Figure A.4 – Allocation of safety requirements to the non-SIS protection layers and
other protection layers . 19
Figure B.1 – Pressurized vessel with existing safety systems . 21
Figure B.2 – Fault tree for overpressure of the vessel . 24
Figure B.3 – Hazardous events with existing safety systems . 25
Figure B.4 – Hazardous events with SIL 2 safety instrumented function . 27
Figure C.1 – Protection layers . 28

Figure C.2 – Example of safety layer matrix. 32
Figure D.1 – Risk graph: general scheme . 38
Figure D.2 – Risk graph: environmental loss . 41
Figure E.1 – VDI/VDE 2180 Risk graph – personnel protection and relationship to SILs . 44
Figure F.1 – Layer of protection analysis (LOPA) report . 49
Figure G.1 – Layer of protection graphic highlighting proactive and reactive IPL . 56
Figure G.2 – Work process used for Annex G . 58
Figure G.3 – Example process node boundary for selected scenario . 59
Figure G.4 – Acceptable secondary consequence risk . 67
Figure G.5 – Unacceptable secondary consequence risk . 67
Figure G.6 – Managed secondary consequence risk . 69
Figure H.1 – Workflow of SIL assignment process . 72
Figure H.2 – Parameters used in risk estimation . 74
Figure I.1 – Risk graph parameters to consider . 81
Figure I.2 – Illustration of a risk graph with parameters from Figure I.1 . 82
Figure J.1 – Conventional calculations . 85
Figure J.2 – Accurate calculations . 86
Figure J.3 – Redundant SIS . 88
Figure J.4 – Corrective coefficients for hazardous event frequency calculations when
the proof tests are performed at the same time . 89
Figure J.5 – Expansion of the simple example . 89
Figure J.6 – Fault tree modelling of the multi SIS presented in Figure J.5 . 90
Figure J.7 – Modelling CCF between SIS and SIS . 91
1 2
Figure J.8 – Effect of tests staggering . 91
Figure J.9 – Effect of partial stroking . 92
Figure J.10 – Modelling of repair resource mobilisation . 93
Figure J.11 – Example of output from Monte Carlo simulation . 94
Figure J.12 – Impact of repairs due to shared repair resources . 95
Figure K.1 – Tolerable risk and ALARP . 97

Table B.1 – HAZOP study results . 22
Table C.1 – Frequency of hazardous event likelihood (without considering PLs) . 31
Table C.2 – Criteria for rating the severity of impact of hazardous events . 31
Table D.1 – Descriptions of process industry risk graph parameters . 35
Table D.2 – Example calibration of the general purpose risk graph . 39
Table D.3 – General environmental consequences . 40
Table E.1 – Data relating to risk graph (see Figure E.1) . 45
Table F.1 – HAZOP developed data for LOPA . 48
Table F.2 – Impact event severity levels . 49
Table F.3 – Initiation likelihood . 50
Table F.4 – Typical protection layers (prevention and mitigation) PFD . 51
avg
Table G.1 – Selected scenario from HAZOP worksheet . 59
Table G.2 – Selected scenario from LOPA worksheet . 61

– 6 – IEC 61511-3:2016  IEC 2016
Table G.3 – Example initiating causes and associated frequency . 63
Table G.4 – Consequence severity decision table . 64
Table G.5 – Risk reduction factor matrix . 64
Table G.6 – Examples of independent protection layers (IPL) with associated risk
reduction factors (RRF) and probability of failure on demand (PFD) . 66
Table G.7 – Examples of consequence mitigation system (CMS) with associated risk
reduction factors (RRF) and probability of failure on demand (PFD) . 66
Table G.8 – Step 7 LOPA worksheet (1 of 2) . 68
Table G.9 – Step 8 LOPA worksheet (1 of 2) . 70
Table H.1 – List of SIFs and hazardous events to be assessed . 73
Table H.2 – Consequence parameter/severity level . 74
Table H.3 – Occupancy parameter/Exposure probability (F) . 75
Table H.4 – Avoidance parameter/avoidance probability . 76
Table H.5 – Demand rate parameter (W) . 77
Table H.6 – Risk graph matrix (SIL assignment form for safety instrumented functions) . 78
Table H.7 – Example of consequence categories . 78
Table K.1 – Example of risk classification of incidents . 98
Table K.2 – Interpretation of risk classes . 98

INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
FUNCTIONAL SAFETY –
SAFETY INSTRUMENTED SYSTEMS
FOR THE PROCESS INDUSTRY SECTOR –

Part 3: Guidance for the determination
of the required safety integrity levels

FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
International Standard IEC 61511-3: has been prepared by subcommittee 65A: System
aspects, of IEC technical committee 65: Industrial-process measurement, control and
automation.
This second edition cancels and replaces the first edition published in 2003. This edition
constitutes a technical revision. This edition includes the following significant technical
changes with respect to the previous edition:
Additional H&RA example(s) and quantitative analysis consideration annexes are provided.

– 8 – IEC 61511-3:2016  IEC 2016
The text of this document is based on the following documents:
FDIS Report on voting
65A/779/FDIS 65A786/RVD
Full information on the voting for the approval of this standard can be found in the report on
voting indicated in the above table.
This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.
A list of all parts in the IEC 61511 series, published under the general title Functional safety –
Safety instrumented systems for the process industry sector, can be found on the
IEC website.
The committee has decided that the contents of this publication will remain unchanged until
the stability date indicated on the IEC website under "http://webstore.iec.ch" in the data
related to the specific publication. At this date, the publication will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
IMPORTANT – The 'colour inside' logo on the cover page of this publication indicates
that it contains colours which are considered to be useful for the correct
understanding of its contents. Users should therefore print this document using a
colour printer.
INTRODUCTION
Safety instrumented systems (SIS) have been used for many years to perform safety
instrumented functions (SIF) in the process industries. If instrumentation is to be effectively
used for SIF, it is essential that this instrumentation achieves certain minimum standards and
performance levels.
The IEC 61511 series addresses the application of SIS for the process industries. A process
hazard and risk assessment is carried out to enable the specification for SIS to be derived.
Other safety systems are only considered so that their contribution can be taken into account
when considering the performance requirements for the SIS. The SIS includes all devices and
subsystems necessary to carry out the SIF from sensor(s) to final element(s).
The IEC 61511 series has two concepts which are fundamental to its application; SIS safety
life-cycle and safety integrity levels (SIL).
The IEC 61511 series addresses SIS which are based on the use of Electrical (E)/Electronic
(E)/Programmable Electronic (PE) technology. Where other technologies are used for logic
solvers, the basic principles of the IEC 61511 series should be applied. The IEC 61511 series
also addresses the SIS sensors and final elements regardless of the technology used. The
IEC 61511 series is process industry specific within the framework of IEC 61508:2010.
The IEC 61511 series sets out an approach for SIS safety life-cycle activities to achieve these
minimum standards. This approach has been adopted in order that a rational and consistent
technical policy is used.
In most situations, safety is best achieved by an inherently safe process design. If necessary,
this may be combined with a protective system or systems to address any residual identified
risk. Protective systems can rely on different technologies (chemical, mechanical, hydraulic,
pneumatic, electrical, electronic, and programmable electronic). Any safety strategy should
consider each individual SIS in the context of the other protective systems. To facilitate this
approach, the IEC 61511 series covers:
– a hazard and risk assessment is carried out to identify the overall safety requirements;
– an allocation of the safety requirements to the SIS is carried out;
– works within a framework which is applicable to all instrumented means of achieving
functional safety;
– details the use of certain activities, such as safety management, which may be applicable
to all methods of achieving functional safety;
– addressing all SIS safety life-cycle phases from initial concept, design, implementation,
operation and maintenance through to decommissioning;
– enabling existing or new country specific process industry standards to be harmonized
with the IEC 61511 series.
The IEC 61511 series is intended to lead to a high level of consistency (for example, of
underlying principles, terminology, information) within the process industries. This should
have both safety and economic benefits.
In jurisdictions where the governing authorities (for example national, federal, state, province,
county, city) have established process safety design, process safety management, or other
regulations, these take precedence over the requirements defined in the IEC 61511-1.
The IEC 61511-3 deals with guidance in the area of determining the required SIL in hazards
and risk assessment. The information herein is intended to provide a broad overview of the
wide range of global methods used to implement hazards and risk assessment. The
information provided is not of sufficient detail to implement any of these approaches.

– 10 – IEC 61511-3:2016  IEC 2016
Before proceeding, the concept and determination of SIL provided in IEC 61511-1:2016should
be reviewed. The informative annexes in the IEC 61511-3 address the following:
Annex A provides information that is common to each of the hazard and risk assessment
methods shown herein.
Annex B provides an overview of a semi-quantitative method used to determine the
required SIL.
Annex C provides an overview of a safety matrix method to determine the required SIL.
Annex D provides an overview of a method using a semi-qualitative risk graph approach
to determine the required SIL.
Annex E provides an overview of a method using a qualitative risk graph approach to
determine the required SIL.
Annex F provides an overview of a method using a layer of protection analysis (LOPA)
approach to select the required SIL.
Annex G provides a layer of protection analysis using a risk matrix.
Annex H provides an overview of a qualitative approach for risk estimation & SIL
assignment.
Annex I   provides an overview of the basic steps involved in designing and calibrating a
risk graph.
Annex J provides an overview of the impact of multiple safety systems on determining the
required SIL
Annex K provides an overview of the concepts of tolerable risk and ALARP.
Figure 1 shows the overall framework for IEC 61511-1, IEC 61511-2 and IEC 61511-3 and
indicates the role that the IEC 61511 series plays in the achievement of functional safety for
SIS.
Support
Technical
parts
requirements
PART 1 References
Clause 2
Development of the overall safety
PART 1
requirements (concept, scope definition,
hazard and risk assessment)
Definitions and
abbreviations
Clause 8
Clause 3
PART 1
PART 1
Conformance
Allocation of the safety requirements to
Clause 4
the safety instrumented functions and
development of the safety requirements
PART 1
specification
Management of
Clauses 9 and 10
functional safety
Clause 5
PART 1
PART 1
Safety life-cycle
Design phase for Design phase for
requirements
SIS application
safety
Clause 6
instrumented programming
PART 1
Clause 12
systems
Clause 11
Verification
Clause 7
PART 1
PART 1
Information
Factory acceptance testing,
requirements
installation and commissioning and
Clause 19
safety validation of safety
instrumented systems PART 1
Clauses 13, 14, and 15
Guideline for the
application of part 1
PART 1
PART 2
Operation and maintenance,
modification and retrofit, Guidance for the
decommissioning or disposal of determination of the
required safety
safety instrumented systems
Clauses 16, 17, and 18 integrity levels
PART 3
IEC
Figure 1 – Overall framework of the IEC 61511 series

– 12 – IEC 61511-3:2016  IEC 2016
FUNCTIONAL SAFETY –
SAFETY INSTRUMENTED SYSTEMS
FOR THE PROCESS INDUSTRY SECTOR –

Part 3: Guidance for the determination
of the required safety integrity levels

1 Scope
This part of IEC 61511 provides information on:
– the underlying concepts of risk and the relationship of risk to safety integrity (see Clause
A.4);
– the determination of tolerable risk (see Annex K);
– a number of different methods that enable the safety integrity level (SIL) for the safety
instrumented functions (SIF) to be determined (see Annexes B through K);
– the impact of multiple safety systems on calculations determining the ability to achieve the
desired risk reduction (see Annex J).
In particular, this part of IEC 61511:
a) applies when functional safety is achieved using one or more SIF for the protection of
either personnel, the general public, or the environment;
b) may be applied in non-safety applications such as asset protection;
c) illustrates typical hazard and risk assessment methods that may be carried out to define
the safety functional requirements and SIL of each SIF;
d) illustrates techniques/measures available for determining the required SIL;
e) provides a framework for establishing SIL but does not specify the SIL required for specific
applications;
f) does not give examples of determining the requirements for other methods of risk
reduction.
NOTE Examples given in the Annexes of this Standard are intended only as case specific examples of
implementing IEC 61511 requirements in a specific instance, and the user should satisfy themselves that the
chosen methods and techniques are appropriate to their situation.
Annexes B through K illustrate quantitative and qualitative approaches and have been
simplified in order to illustrate the underlying principles. These annexes have been included to
illustrate the general principles of a number of methods but do not provide a definitive
account.
NOTE 1 Those intending to apply the methods indicated in these annexes can consult the source material
referenced in each annex.
NOTE 2 The methods of SIL determination included in Part 3 may not be suitable for all applications. In particular,
specific techniques or additional factors that are not illustrated may be required for high demand or continuous
mode of operation.
NOTE 3 The methods as illustrated herein may result in non-conservative results when they are used beyond
their underlying limits and when factors su
...