SIL Determination 2014 (header image)

Safety integrity levels… challenges and emerging best practices

10 - 11 December 2014 | 15Hatfields, London, UK




10 December 2014 - Workshop day

09:00Registration and refreshments

Workshop 1

SIL and human involvement

This interactive workshop will look at some of the characteristics of humans and nature of human failure, relating aspects of these to the assessment of safety integrity levels (SIL).

Workshop led by:

Dr Alan G. King, Hazard and Reliability Specialist , ABB Consulting
Tony Atkinson, Operational Human Factors Specialist, ABB Consulting


Workshop 2

How safe is safe enough? The role of SIL determination in achieving a tolerable risk'.

This  workshop will set out the key elements that form the foundation for determining what is deemed ‘safe’  in the context of safety-related / safety critical systems to judge ‘how safe is safe enough?


  • Holistic approach to achievement of safety assurance
  • Legal requirements including the concept of ‘so far as is reasonably practicable (SFAIRP)’ and ‘as low as is reasonably practicable’ (ALARP)
  • Risk criteria and the importance of Corporate Risk tolerability Criteria
  • ALARP Demonstration and the role of Cost Benefit Analysis
  • Applications of international standards (e.g. IEC 61508) and their relevance in safety issuance and ‘relevant good practice’
  • Evidence required: justification and traceability in  specifying and managing the SIL
  • Application of Layer Of Protection Analysis (LOPA) in SIL determination
  • Example of applying LOPA
  • Example use of a software tool in SIL determination

Workshop led by:

Ron Bell OBE, Director, ESC Ltd
Simon Burwood, Technical Director, ESC Ltd



11 December 2014 - Seminar day

09:00Registration and refreshments
09:30Seminar Chair’s welcome and introduction
Ron Bell, member of one of the two teams responsible for the development and revision of IEC 61508 and Director, ESC Ltd

The importance of SILs in meeting risk targets

  • The concept of a Safety Integrity Level (SIL) of a specified safety function
  • The importance of a SIL in achieving a specified risk target
  • Low demand mode and high demand mode / continuous mode of a safety function
  • The need to establish corporate risk criteria as a prerequisite to SIL Determination
  • The role of the SIL in the design process

Ron Bell, Director, ESC Ltd


A review of different methods of SIL determination

Simon Burwood, Technical Director, ESC Ltd

10:45Refreshments, networking opportunity and exhibition

SIL determination in the MOD? Software, certification, 00-55 and military-delta

The presentation will cover emerging MOD standards in the response to the policy of using open standards, such as IEC 61508. It is intended to give an appreciation of software-related issues in the safety assessment, design integrity and certification processes. For example:

  • Insight on how open standards are used in the air domain
  • Insight on how IEC 61508 may be applied in the context of Draft 00-55 Issue 3
  • Concepts such as the military delta (the difference between the military requirement what civil process can achieve), e.g. SILs and “design integrity

Paul Caseley, Dstl Fellow, Defence Science and Technologies Laboratory (DSTL)


Categorisation and classification: a regulator’s perspective

Steve Frost, Principal Inspector: Nuclear Safety, Office for Nuclear Regulation - Civil Nuclear Reactors Programme

12:25Lunch and exhibition

SIL determination in the automotive sector

  • Unacceptable residual risk - an automotive context
  • Automotive safety cases - making the implicit explicit
  • Defining the ‘right’ requirements - an example

Helen Monkhouse, Functional Safety Manager, Protean Electric Ltd


Tolerability of environmental risk - establishment targets and SILs

This presentation will summarise and illustrate the work of the Chemical and Downstream Oil Industry Forum (CDOIF) to:

  • Develop the guideline “Environmental risk tolerability for COMAH establishments”
  • Categorise environmental consequence and tolerability of risk, based on establishment risk to a receptor
  • Produce guidance for determination of required risk reduction, including the development of scenario based risk criteria

Mike Nicholas, COMAH Technical Advisor, Environment Agency


SILs - useful tool or just "smoke and mirrors”

  • A short history of SILs (they are older than we think)
  • Why we need SILs and how they should be applied
  • Common errors when applying SILS (how easy it is to delude yourself into thinking that things are safer than they really are…)

Peter Sheppard, Senior Safety Engineer and Validator, Bombardier Transportation

15:10Refreshments, networking opportunity and exhibition

SIL Determination for Air Traffic Control equipment

  • Principles of Air Traffic Management safety - ATM hazards and separation standards
  • ATM system design - equipment functions and central role of air traffic controllers
  • Most accidents to civil air transport aircraft can have catastrophic consequences
  • Safety integrity requirements for equipment based on controllability classes not accident risk
  • Examples of SIL and other assurance level determination

Ron Pierce, Principal Consultant, Hitachi Europe Ltd

16:15Panel discussion and opportunity to address your questions to the experts
16:45Seminar Chair’s closing remarks and close of event


Please note topics, subjects and speakers are subject to change.

Registration fees

Topic Partners