SIL Determination 2014 (header image)

Safety integrity levels… challenges and emerging best practices

10 - 11 December 2014 | 15Hatfields, London, UK




10 December 2014 - Workshop day

09:00Registration and refreshments

Workshop 1

To be confirmed


Workshop 2

How safe is safe enough? The role of SIL determination in achieving a Tolerable Risk".

This  workshop will set out the key elements that form the foundation for determining what is deemed ‘safe’  in the context of safety-related/safety critical systems to judge ‘How safe is safe enough?


  • Holistic approach to achievement of safety assurance
  • Legal requirements including the concept of ‘so far as is reasonably practicable (SFAIRP)’ and ‘as low as is reasonably practicable’ (ALARP)
  • Risk criteria and the importance of Corporate Risk tolerability Criteria
  • ALARP Demonstration and the role of Cost Benefit Analysis
  • Applications of international standards (e.g. IEC 61508) and their relevance in safety issuance and ‘relevant good practice’
  • Evidence required: justification and traceability in  specifying and managing the SIL
  • Application of Layer Of Protection Analysis (LOPA) in SIL determination
  • Example of applying LOPA
  • Example use of a software tool in SIL determination

Workshop led by:

Ron Bell OBE, Director, ESC Ltd
Simon Burwood, Technical Director, ESC Ltd



11 December 2014 - Seminar day

09:00Registration and refreshments
09:30Seminar Chair’s welcome and introduction
Ron Bell, member of one of the two teams responsible for the development & revision of IEC 61508 and Director, ESC Ltd

The importance of SILs in meeting risk targets

  • The concept of a Safety Integrity Level (SIL) of a specified safety function
  • The importance of a SIL in achieving a specified risk target
  • Low demand mode and high demand mode / continuous mode of a safety function
  • The need to establish corporate risk criteria as a prerequisite to SIL Determination
  • The role of the SIL in the design process

Ron Bell, Director, ESC Ltd


A review of different methods of SIL determination

Simon Burwood, Technical Director, ESC Ltd

10:45Refreshments, networking opportunity and exhibition

SIL determination in the MOD? Software, certification, 00-55 and military-delta

Paul Caseley, Dstl Fellow, Defence Science and Technologies Laboratory (DSTL)


Categorisation and classification: a regulator’s perspective

Steve Frost, Principal Inspector: Nuclear Safety, Office for Nuclear Regulation - Civil Nuclear Reactors Programme

12:25Lunch and exhibition

SIL determination in the automotive sector

  • Unacceptable residual risk - an automotive context
  • Automotive safety cases - making the implicit explicit
  • Defining the ‘right’ requirements - an example

Helen Monkhouse, Functional Safety Manager, Protean Electric Ltd


Tolerability of environmental risk - establishment targets and SILs

This presentation will summarise and illustrate the work of the Chemical and Downstream Oil Industry Forum (CDOIF) to:

  • Develop the guideline “Environmental risk tolerability for COMAH establishments”
  • Categorise environmental consequence and tolerability of risk, based on establishment risk to a receptor
  • Produce guidance for determination of required risk reduction, including the development of scenario based risk criteria

Mike Nicholas, COMAH Technical Advisor, Environment Agency


SILs - useful tool or just "smoke and mirrors”

  • A short history of SILs (they are older than we think)
  • Why we need SILs and how they should be applied
  • Common errors when applying SILS (how easy it is to delude yourself into thinking that things are safer than they really are…)

Peter Sheppard, Senior Safety Engineer and Validator, Bombardier Transportation

15:10Refreshments, networking opportunity and exhibition

SIL Determination for Air Traffic Control equipment

  • Principles of Air Traffic Management safety - ATM hazards and separation standards
  • ATM system design - equipment functions and central role of air traffic controllers
  • Most accidents to civil air transport aircraft can have catastrophic consequences
  • Safety integrity requirements for equipment based on controllability classes not accident risk
  • Examples of SIL and other assurance level determination

Ron Pierce, Principal Consultant, Hitachi Europe Ltd

16:15Panel discussion and opportunity to address your questions to the experts
16:45Seminar Chair’s closing remarks and close of event


Please note this programme is a work-in-progress. Topics, subjects and speakers are subject to change.

Registration fees

Topic Partners