The concept of Safety Integrity Level (SIL) is a direct result of the IEC 61508 standard, which is not specific to railways. For the railway industry, CENELEC (European Committee for Electrotechnical Standardization) has developed the standards EN 50126 (The Specification and Demonstration of Reliability, Availability, Maintainability and Safety (RAMS)), EN 50128 (Communication, signalling and processing systems - Software for railway control and protection systems), and EN 50129 (Communication, signalling and processing systems - Safety related electronic systems for signalling) which have been derived from the IEC 61508 standard to meet the specific requirements of the railways.
There are four Safety Integrity Levels, labelled from SIL 1 to SIL 4: The latter has the highest level of safety integrity and SIL 1 the lowest. The costs increase significantly to reach higher levels, so the cost of not implementing the appropriate SIL far exceeds the cost of the overall implementation.
The standard associates Safety Integrity Levels with numerical probabilities of hazardous failures in two tables, one for systems that operate continuously (Table 1) and the other one for systems that operate on-demand (Table 2).
 |
| Table 1: SIL - Continous Demand |
 |
| Table 2: SIL - Low Demand |
A low demand system, as defined by the standards, is 'no greater than one demand per year', hence the difference of 10(.^4) in the values in the two tables (where one year is approximated to 10(.^4) hours).
What does 'SIL 4 Certified System' mean? That means there is the probability of a single error in 10,000 years.
For Railway Signalling, usually, ATP (Automatic Train Protection) systems are SIL 4, ATO (Automatic Train Operation) systems are SIL 2, and ATS (Automatic Train Supervision) systems are SIL 2.
0 Comments
Post a Comment