About SIL Assessment Using LOPA

When you create a LOPA record, it will be linked to the corresponding Instrumented Function record.

LOPA records can be linked to records in the following families:

• Conditional Modifier: Stores details about the consequences of the risk described in the LOPA.
• Hazards Analysis Safeguard: Stores details about the safeguards and independent layers of protection that exist to mitigate the risk associated with the consequences described in the Conditional Modifiers. Independent Layers of Protection can be linked to Equipment and Functional Locations, which store details about the equipment or location with which the independent layers of protection are associated.

These families also store numeric values that represent probability and failure rates. These values are used to calculate the SIL value of the instrumented function whose risks you are assessing through the LOPA. The calculated SIL value is stored in the Calculated SIL field in the LOPA.

When you create a LOPA, you will define the following items in the record:

• The risk for which you are conducting the LOPA.
• The consequences that may occur if that risk is not prevented from proceeding into an undesirable scenario.
• The events or conditions that can initiate the undesirable event.
• How often the event may occur.
• How often it is acceptable for the event to occur.

An independent layer of protection is a device, system, or action that exists to prevent a risk, and that is independent of the event that initiates the scenario. An independent layer of protection is external to any other layer of protection or safety instrumented system. The effectiveness of an independent layer of protection is quantified in terms of its probability of failure data (PFD), which is a numeric value that represents the probability that the independent layer of protection will fail to perform its specified function.

You can use the values in the Type list to populate an Independent Layer of Protection automatically with values from an IPL Type record. IPL Type records are provided in the baseline database, and can be defined by an SIS Administrator or SIS Engineer.

You should create one Safeguard record per layer of protection that exists. Via the Safeguard datasheet, you can link the Independent Layer of Protection to the Equipment or Functional Location for which the layer of protection exists.

A conditional modifier is an action or event that can increase or decrease the probability that a risk may occur if the action is not mitigated and proceeds into an undesirable event. Details about a conditional modifier are stored in Conditional Modifier records, which are linked to LOPA records.

For example, assume that the SIL analysis team is conducting a LOPA to investigate the risk scenario illustrated in the following diagram, where each box represents a portion of the scenario, and each label indicates the family that stores the relevant information:

When Valve A-1001 fails, flammable gas is released into an explosive atmosphere. If the flame ignites, causing a vapor cloud explosion in the vicinity of the operator, it could cause a fatal injury.

In this risk scenario, the fatal injury is a consequence of the valve failure, and the following events or actions are the conditional modifiers:

• The flame igniting
• The vapor cloud exploding
• The operator being in the vicinity of the explosion

Since these actions and events appear within the risk scenario, the probability associated with the consequence occurring is increased exponentially. In other words, if the operator was not in the vicinity of the blast, the probability of fatal injury would be less. By examining the granular events that are associated with a risk, the SIL analysis team can more accurately assess the SIL value for the instrumented function.