SIL Classification: Performance of a Risk Analysis

According to the IEC standards, for each LOC scenario identified as potentially hazardous in HAZOP study (Annex 4), a risk analysis needs to be performed. The risk analysis method is not prescribed in the Standards. Some companies use a risk matrix, others a risk graph and still others use the LOPA method (Layers Of Protection Analysis). Each method has its advantages and disadvantages. The pitfalls should be avoided.
The risk graph method and the LOPA method are given below. Complete worked out examples are given in this recent SSC Book.

Method 1: SIL Classification with the Risk graph


Each parameter of the risk graph needs to be assessed by a qualified team. After completion, this will result in a risk of (SIL) to 1 (SIL) 4. SIL: Safety Integrity Level. The risk graph must be calibrated to reflect the acceptable risk levels as defined by the company.
Short description of the parameters (for symbols see the risk graph):


  • - C1 Light injuries
  • - C2 Serious injuries and / or one dead
  • - C3 Multiple deaths
  • - C4 (disaster) Large number of deaths

Presence of people:

  • - F1 in the hazard area, less than 10% of the time someone is present
  • - F2 in the hazard area, more than 10% of the time someone is present


  • - P1 in more than 10% of the cases escaping is possible.
  • - P2 In less than 10% of the cases escaping is possible

 Frequency of the LOC scenario:

  • W1 A relatively low frequency
  • W2 The default frequency for the failure of the control system and operators
  • W3 A relatively high frequency (through better design try to go to W2)

Method 2: SIL  Classification with LOPA

The Layer Of Protection Analysis of LOPA method is a relatively recent risk analysis method that has its origin in the USA. Companies like BP and Dow use LOPA. The CCPS (Center for Chemical Process Safety) issued a LOPA "standard" book.
SSC has experience with the use of LOPA for SIL Classification.

LOPA is often used for SIL Classification. The SIL is determined by comparing the risk level with the tolerable risk level as established by the company. For example, a scenario that can cause fatal injury to a person and / or serious injuries to several persons is defined as being tolerable only once every 10,000 years (10-4/jr.).

One of the major pitfalls of LOPA is that unjustified ‘credit’ is given to those measures which are not independent. In LOPA, a measure is called an Independent Protection Layer (IPL). The figure below shows how the IPL’s will reduce the frequency of the scenario to an acceptable level.

Read more about LOPA in this SSC article

SIL Classificatie: Uitvoeren van de risicoanalyse
Only 44% of Major Hazards companies apply SIL !

Column November 2010
Only 44% of Major Hazards companies apply SIL !

The Dutch Labor Inspectorate performed an inspection of 58 Major Hazards companies . This was a follow up of the BP Texas City disaster. Recently, a report with the inspection results have been p...

Read more