38 / 189
Immingham East Terminal – Gasoline Overfill Protection
Safety Instrument System
P & I Design Ltd
DOCUMENT NO: SI277001_RPT
2 Reed Street, Thornaby, UK, TS17 7AF
ISSUE:
F
DATE: 31.10.14
Tel: + 44 (0)1642 617444
PAGE 17 OF 29
Fax: + 44 (0)1642 616447
www.pidesign.co.uk7.2.2.3 Logic Solver Subsystem Hardware Fault Tolerance
BS EN 61511-1:2003 Section 11.4 requires a minimum hardware fault tolerance.
Table 6 of the standard is reproduced below:
SIL
Minimum hardware fault tolerance
(see 11.4.3 and 11.4.4)
1
0
2
1
3
2
4
Special requirements apply
BS EN 61511-1:2003 Section 11.4.3 states that the fault tolerance in the above table should
be increased by 1, unless the dominant failure mode is to the safe state or dangerous failures
are detected.
The Safe fail Fraction of the Relay is 95% thus the dominant failure mode is to the safe state.
Therefore, the fault tolerance has not been increased by 1
BS EN 61511-1:2003 Section 11.4.4 states that the fault tolerance in the above table can be
reduced by 1 if the hardware complies with the following:
The hardware of the device is selected on the basis of prior use
The device allows adjustment of process related parameters only. i.e. measuring
range, upscale and downscale failures.
The adjustment of the process related parameters are protected either by jumper or
password.
The function has a SIL requirement of less than 4.
In this application the above requirements are true and a reduction of 1 applies thus a single
device can be used.
Comparatively, BS IEC 61508-2:2010 Section 7.4.3 requires architectural constraints on
hardware safety integrity.
Table 2 of the standard is reproduced below: