Rules and Guidelines
Want to participate in the discussions? Please read our Community Rules and Guidelines. Need some help? Visit Support and Answers.

  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 14 subscribers
  • Views 873 views
  • Users 0 members are here
Options
You may also be interested in
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Anomaly between BS62061 and 61508

Rob Eagle

I am designing a control system for a very big heavy door which has the capability to crush a person and potentially to death although extremely unlikely.  In determining the SIL requirement for the system using BS61508-5 I get the following:



 



Looking at Table E.1 I can derive a qualitative assessment



 



Consequence – Serious permanent injury to one or more persons; death to one person – C2



Frequency of exposure – Rare to more often exposure in the hazard zone – F1



Probability of avoiding the hazard – Possible under certain conditions – P1



Probability of the unwanted event – A slight probability – W2



 



Looking at Figure E.2 this equates to ‘a’ = “No special safety requirements”



 



However if I use BS62061 looking at table A.1 I find “Irreversible: death, losing an eye or arm” Severity Se = 4, then I go to Table A.6 and irrespective of any other criteria it demands a minimum of SIL2.



 



The question is why is there such disparity?  And which is correct?



Thank you,



Rob


Parents
  • 0
    I have an answer to my own question that may be useful to others, I got it from a Research Report (216) published by the HSE entitled "A methodology for the assignment of safety integrity levels (SILs) to safety-related control functions implemented by safety-related electrical, electronic and programmable electronic control systems of machines".


    Other sectors are primarily concerned with the control of overall risk from the process under control, process risks often use multiple layers of independent protection.  This is not the case for machinery where safety generally relies on a single measure. 

    Many machine types are series produced and distributed across the world.  The distance and restricted cost bias against a close supplier-user relationship and tend to restrict supplier involvement to the early stages of the product lifecycle.  Conversely the machine maintenance, repair and modification activities are conducted in the context of limited understanding of the safety design.  This situation is reflected in standard practice for implementing protective measures and their functional safety performance.  Thus the SIL2.


    Rob

Reply
  • 0
    I have an answer to my own question that may be useful to others, I got it from a Research Report (216) published by the HSE entitled "A methodology for the assignment of safety integrity levels (SILs) to safety-related control functions implemented by safety-related electrical, electronic and programmable electronic control systems of machines".


    Other sectors are primarily concerned with the control of overall risk from the process under control, process risks often use multiple layers of independent protection.  This is not the case for machinery where safety generally relies on a single measure. 

    Many machine types are series produced and distributed across the world.  The distance and restricted cost bias against a close supplier-user relationship and tend to restrict supplier involvement to the early stages of the product lifecycle.  Conversely the machine maintenance, repair and modification activities are conducted in the context of limited understanding of the safety design.  This situation is reflected in standard practice for implementing protective measures and their functional safety performance.  Thus the SIL2.


    Rob

Children
No Data

Community Rules & Guidelines