SIL Solver® Enterprise FAQ

SIL Solver^® Enterprise must be loaded on a server (physical or virtual) running Microsoft SQL Server software, version 2016.

SIL Solver® Enterprise has been tested and successfully operated on Chrome, Edge, Firefox and Safari. There can be graphic display issues if using an obsolete browser such as Internet Explorer.

At a minimum the server processor must be 2.0 GHz or faster with 4 GB RAM and at least 500MB free hd space is recommended for the installation of SIL Solver® Enterprise.

A separate SIL Solver® Enterprise license is required for each server.

There are currently over 175 devices in the SIL Solver® Enterprise database. The database has grown through the years and users with active licenses receive the new device data with program updates. Users may also add their own devices and failure rate data.

The data is based on a variety of sources. The data accounts for typical process application impact, covering the full boundary of the device. Each data sheet contains a listing of the data sources that were reviewed during the data selection process. The database is a compilation of failure rate data from various industry published databases, end-user data, and manufacturer data.

SIL Solver® Enterprise is an advisory software package used to verify the performance of planned or existing critical controls, instrumented safeguards, and SIS. It estimates the probability to fail on demand (PFDAVG) and the MTTFspurious of the mission critical equipment and compares the calculated values to user-defined targets. SIL Solver® Enterprise complies with IEC 61511 expectations and follows industry methodologies as presented in ISO TR12489 and ISA TR84.00.02.

SIL Solver® Enterprise is capable of analyzing an array of complex devices and functions, including configurations with diverse input devices and multi-variable sensors. Its robust algorithm supports specifying different test intervals, imperfect proof test coverage and partial testing per device.

Reports are generated from SIL Solver® Enterprise as PDFs. There are currently seven reports related to the safety functions: 1) documentation, 2) project datasheets, 3) protective function details, 4) protective function data summary, 5) protective function target results, 6) protective function results summary, and 7) protective function diagram.

Four additional reports provide system wide information on the data ID list and the revision histories of the device data sheet, logic solver data sheet, and support system data sheet collections.

SIL Solver® data has been used to support submissions to regulatory authorities of various governments across the world. For example, it has been used to demonstrate to OSHA that SISs were designed sufficiently to prevent event recurrence, to EPA as part of consent decree response, and to HSE for safety case submission.

SIL Solver® Enterprise is structured to allow rapid modeling of instrumented functions in an easy to use interface. There are three levels of gates available in the input architecture. At the input device level and the input subsystem level, SIL Solver® Enterprise provides 1oo1, 1oo2, 1oo3, 2oo2, 2oo3, and 3oo3 voting architectures. Complex subsystem architectures from one to three channels exist to allow transparent modelling of multi-device installations, such as a pressure-temperature-compensated flow measurement. Up to five input subsystems can be combined at the final gate in either a 1ooN or NooN architecture.

The use of diagnostics for sensors or partial stroke testing for valves is configurable for each device in the architecture.

SIL Solver® Enterprise limits the selected voting architectures to those most realistically achievable in process sector installations to reduce potential systematic error. 2ooN architectures with large N values in the PLC application program typically indicate applications where the unacceptable process condition can occur in multiple distinct locations, e.g., a hot spot on the vessel wall. What appears to be an architecture with ample redundancy is most often a more complex voting scheme. For example, in the case of a plugged flow reactor, it may be that 2oo3 voting sensors are used in each of three reactor zones, leading to an overall 2oo9 voting scheme in the PLC. In each case, however, only three sensors at any given time are in position to see the developing hazard in time for safe action to be taken. The verification of the risk reduction should be based on the voting architecture that detects the hazardous event. Due to the limitations of installation instruments into process equipment, the voting architecture for the SIL Verification is usually 2oo2 or 2oo3 at best.

Beginning users can model more than 90% of the safety functions associated with refining and petrochemical applications. Power users can increase this percentage significantly by breaking the function down into subsystems for modeling. Other methods can also be used to independently model very complex portions of a function, with the resulting performance values entered into custom datasheets for inclusion in SIL Solver projects.

SIL Solver® Enterprise allows the user to select the test interval. The user should choose a test interval that has been proven through experience to be sufficient to maintain the equipment in the “as good as new” condition and is consistent with known constraints on the useful life of the equipment. In general, the test interval is constrained by production schedules which provide off-line access to equipment. Opportunities for inspection, preventive maintenance, and proof testing should be identified by process engineering and operations personnel in the process requirements specification.

Most IEC 61508 certificates are based on a theoretical analysis of the product design in a perfect environment. The data in SIL Solver reflects the installed performance of each technology in typical applications within the process sector. SIS-TECH uses a Delphi method to analyze multiple data sources and to select the failure rate numbers for SIL Solver’s reliability database.  The Delphi analysis is weighted towards data sources derived from field installations and from our direct personal experience working with instrumentation and controls.  For this reason, the numbers are unlikely to match up with a particular IEC 61508 certificate. The Delphi method generates values that are expected to meet the 70% upper bound confidence limit as recommended by IEC-61511 for approving devices via prior use.

Very few specific manufacturers are included in the SIL Solver database. SIS-TECH’s analysis has shown that for a given technology, configuration and operating environment, there is very little difference between the different products, as long as the manufacturer sustains the quality assurance program required by IEC 61508. Further, decoupling the calculation from the specific product ensures that engineering focuses on the functional and integrity specification of the safety instrumented function, while procurement negotiates the purchase of the best product, which meets the specification.

Data in the SIL Solver® database are the result of a Delphi process that uses expert judgement to select appropriate failure rate values for typical process operating environments. Among the many sources of information used by the team of experts, preferential weight is given to data captured from actual installations. Our sources include a variety of the more challenging automation environments in the process sector. With this approach, the resulting failure rates are expected to have at least a 70% upper bound confidence limit for our process sector clients.

Ultimately, positive confirmation of the appropriateness of the data regarding your specific application comes from the periodic operations and maintenance performance assessment that is also required by the standard. Using a SIL verification reliability database that is designed to provide a more realistic estimate of actual field performance should reduce the likelihood of design rework resulting from this assessment.

Yes, so long as the contractor is assigned a user seat and has sufficient access into the server you have loaded the application on.

Requests for SIL Solver® technical support are generally submitted by phone (713-909-2100, select SIL-Solver® support option). Software technical support is available during Houston business hours M-F. Clarification of the request and its resolution may take place through phone calls, emails, or web conferences, as needed.

SIL Solver® provides an in-tool user manual, which is updated with each new release to describe new features or to clarify existing guidance. SIS-TECH frequently updates the FAQ document on the SIL Solver® webpage to address recent questions received by technical support. SIS-TECH also updates the SIL Solver® training materials and installation instructions as questions arise with new customers.

Software updates are subjected to 1) alpha tests within the development environment using standard test cases and 2) beta tests by SIS-TECH personnel on internal projects and by demo users on our hosted server.

The dataset in SIL Solver has been largely derived from observed failure rates within the process sector. These failure rates include the full installation for the indicated device technologies. In field application, the dominant failure modes for sensors (e.g., frozen reading, incorrect reading) are dangerous whether the application is a high vote or a low vote. The remaining significant failure modes (e.g., open circuit, short circuit) are essentially evenly split. Using fundamental technology performance based failure rates in this manner results in numbers that are applicable for low or high voting functions across a broad range of process sector applications. In contrast, there are different device identifiers for fail-open vs. fail-closed valves, as there is a significant difference in the failure rates based on the direction of the safety action.