SIL Determination 2014 (header image)

Safety integrity levels… challenges and emerging best practices

10 - 11 December 2014 | 15Hatfields, London, UK



10 December 2014

09:00Registration and refreshments

Workshop 1

To be confirmed


Workshop 2

How safe is safe enough? The role of SIL determination in achieving a Tolerable Risk".

This  workshop will set out the key elements that form the foundation for determining what is deemed ‘safe’  in the context of safety-related/safety critical systems to judge ‘How safe is safe enough?


  • Holistic approach to achievement of safety assurance
  • Legal requirements including the concept of ‘so far as is reasonably practicable (SFAIRP)’ and ‘as low as is reasonably practicable’ (ALARP)
  • Risk criteria and the importance of Corporate Risk tolerability Criteria
  • ALARP Demonstration and the role of Cost Benefit Analysis
  • Applications of international standards (e.g. IEC 61508) and their relevance in safety issuance and ‘relevant good practice’
  • Evidence required: justification and traceability in  specifying and managing the SIL
  • Application of Layer Of Protection Analysis (LOPA) in SIL determination
  • Example of applying LOPA
  • Example use of a software tool in SIL determination

Workshop led by:

Ron Bell OBE, Director, ESC Ltd
Simon Burwood, Technical Director, ESC Ltd



11 December 2014

09:00Registration and refreshments
09:30Seminar Chair’s welcome and introduction
Ron Bell, member of one of the two teams responsible for the development & revision of IEC 61508 and Director, ESC Ltd

The importance of SILs in meeting risk targets

  • The concept of a Safety Integrity Level (SIL) of a specified safety function
  • The importance of a SIL in achieving a specified risk target
  • Low Demand Mode and High Demand Mode/Continuous Mode of a safety function
  • The need to establish corporate risk criteria as a prerequisite to SIL Determination
  • The role of the SIL in the design process

Ron Bell, Director, ESC Ltd


A review of different methods of SIL determination

Confirmed: Simon Burwood, Technical Director, ESC Ltd

10:45Refreshments, networking opportunity and exhibition

Considerations in the application of IEC 61508 for MOD safety critical systems

Confirmed: Paul Caseley, DSTL


Categorisation & classification: a regulator’s perspective

Speaker to be confirmed: Office for Nuclear Regulation – Civil Nuclear Reactors Programme

12:25Lunch and exhibition

SIL determination in the automotive sector

  • Unacceptable residual risk - an automotive context
  • Automotive safety cases - making the implicit explicit
  • Defining the ‘right’ requirements - an example

Confirmed: Helen Monkhouse, Functional Safety Manager, Protean Electric Ltd


Tolerability of environmental risk - establishment targets and SILs

This presentation will summarise and illustrate the work of the Chemical and Downstream Oil Industry Forum (CDOIF) to:

  • Develop the guideline “Environmental risk tolerability for COMAH establishments”
  • Categorise environmental consequence and tolerability of risk, based on establishment risk to a receptor
  • Produce guidance for determination of required risk reduction, including the development of scenario based risk criteria

Confirmed: Mike Nicholas, COMAH Technical Advisor, Environment Agency


SILs - useful tool or just "smoke and mirrors”

  • A short history of SILs (they are older than we think)
  • Why we need SILs and how they should be applied
  • Common errors when applying SILS (how easy it is to delude yourself into thinking that things are safer than they really are…)

Confirmed: Peter Sheppard, Senior Safety Engineer and Validator, Bombardier Transportation

15:10Refreshments, networking opportunity and exhibition

SIL Determination for Air Traffic Control equipment

  • Principles of Air Traffic Management safety - ATM hazards and separation standards
  • ATM system design - equipment functions and central role of air traffic controllers
  • Most accidents to civil air transport aircraft can have catastrophic consequences
  • Safety integrity requirements for equipment based on controllability classes not accident risk
  • Examples of SIL and other assurance level determination

Confirmed: Ron Pierce, Principal Consultant, Hitachi Europe Ltd

16:15Panel discussion and opportunity to address your questions to the experts
16:45Seminar Chair’s closing remarks and close of event


Please note this programme is a work-in-progress. Unless stated as confirmed speakers are in the process of being invited. Topics, subjects and speakers are subject to change.

Registration fees

Topic Partners