Hazard Studies & Risk Assessment

SIL Allocation Study (LOPA / Risk Graph)

IEC 61511 Cl.9 SIL band allocation per SIF — LOPA, calibrated risk graph, and audit-defensible RRF basis

Start your projectBack to Hazard Studies
What this study delivers

SIL Allocation Study (LOPA
/ Risk Graph)

SIL allocation is the hazard-study step that converts each identified Safety Instrumented Function into a target Safety Integrity Level — the input the functional-safety engineering team needs to design the SIS. The work sits firmly in the risk-assessment workflow: HAZOP identifies the SIF candidate, LOPA or calibrated risk graph quantifies the residual risk gap, and the allocation step assigns SIL 1, 2, or 3 per IEC 61511 Clause 9. The discipline is about defensible calibration, not the calculation arithmetic — IPL eligibility honesty per CCPS, conditional-modifier discretion that survives audit, conservative IEF assumptions where data is thin, and SIL 3+ scenarios flagged for inherent-safety review rather than engineered to ever-higher integrity. The output is a SIL Allocation Register that hands cleanly to the FSE team for SRS development, FMEDA processing, and PFD/PFH verification (the verification workflow lives in the functional-safety service line).

SIL Allocation Study (LOPA / Risk Graph) — Overview
Study execution

How the study is executed

A structured, facilitated process — from scope definition through close-out — producing defensible, actionable outputs.

SIF Scoping & Hazard Scenario Set

Identify Safety Instrumented Functions from HAZOP action register, Bow-Tie barrier register, and P&ID review; document hazard scenario (initiating event, consequence, existing safeguards) for each SIF candidate; classify demand mode per IEC 61511 Cl.3.5.

Allocation Method Selection

Select SIL allocation method per scenario complexity and regulatory expectation — LOPA (most defensible), calibrated risk graph (ISA TR84.00.04 Annex), risk matrix, or LOPA-matrix; document method choice and calibration.

IPL Credit & RRF Calculation

Apply CCPS four-part IPL test to existing safeguards; calculate Required Risk Reduction Factor against site tolerable frequency per consequence tier; allocate residual risk reduction to the SIF being assessed.

SIL Band Allocation

Assign SIL band per IEC 61511 Cl.9 / Table 4 — SIL 1 (RRF 10–100), SIL 2 (100–1000), SIL 3 (1000–10000); flag SIL 3+ scenarios for inherent-safety review per CCPS guidance; document allocation rationale per SIF.

Conditional Modifier & Sensitivity Review

Apply conditional modifiers honestly — ignition probability, occupancy, mitigation — per CCPS LOPA Cookbook; conduct sensitivity analysis on TF, IEF, and IPL PFD assumptions; defend any non-conservative choices.

SIL Allocation Register & FSE Hand-off

Issue SIL Allocation Register per SIF with method, RRF, allocated SIL, and assumption log; transmit to functional-safety engineering team for SRS development and lifecycle verification; integrate with PHA action close-out.

SIL Allocation Study (LOPA / Risk Graph) — Scope
Study scope

What the study covers in full

SIF identification from HAZOP / Bow-Tie outputs with cause-consequence traceability
Method selection — LOPA (most defensible) vs calibrated risk graph vs LOPA-matrix
CCPS four-part IPL eligibility test (independent, dependable, auditable, validated)
Required Risk Reduction Factor calculation against site tolerable frequency per consequence tier
Demand-mode classification — low-demand vs continuous / high-demand per IEC 61511 Cl.3.5
Conditional-modifier discretion (ignition, occupancy, mitigation) per CCPS LOPA Cookbook
SIL band allocation per IEC 61511 Cl.9 / Table 4 with documented rationale
SIL 3+ scenario review with inherent-safety, design-change, or barrier-upgrade options
Sensitivity analysis on Tolerable Frequency, IEF, and IPL PFD assumptions
SIL Allocation Register hand-off to FSE for SRS development and lifecycle verification
Why it matters

Outcomes of SIL Allocation Study (LOPA / Risk Graph)

SIF Integrity & Demand Calibration
  • Calibrates SIF risk-reduction to the specific demand scenario rather than rules-of-thumb
  • Identifies the small subset of SIFs that disproportionately drive site risk
  • Prevents the silent SIF degradation pattern seen in legacy DCS-SIS installations
  • Anchors layer-of-protection logic with quantitative integrity
IEC 61511 Lifecycle Defence
  • Full IEC 61511 Ed.2 lifecycle defence including new cyber-security cross-references
  • Audit-defensible under FSA Stage 1/2/3/4/5 examination
  • Meets OSHA PSM mechanical-integrity expectation for safety-critical instrumentation
  • Satisfies COMAH Safety Case demonstrate-ALARP for instrumented protection layers
Proof-Test & Trip-Rate Optimisation
  • Rational proof-test intervals balanced against PFD and operating cost
  • Spurious-trip rate engineered into MTTFS targets — avoiding 1oo1 trip exposure
  • Bypass governance and impairment management built into the safety manual
  • Defensible MOC pathway for instrumented modifications
SIL Inflation Prevention
  • Avoids the 'SIL inflation' cost trap of conservative allocation
  • Right-sizes architecture — 1oo1, 1oo2D, 2oo3 — to the actual integrity need
  • Reduces MTTFS-driven production losses on continuous units
  • Defends underwriter dialogue with manufacturer-FMEDA-grade evidence
Get Started

Ready to start your project?

Speak with our team to scope an engagement tailored to your facility, regulatory context, and lifecycle stage.

Start your projectView all services