This paper describes the Layer of Protection Analysis (LOPA) method for determining the needed SIL (Safety Integrity Level) of a SIS (Safety Instrumented System). The paper also shows the relationship of LOPA to other analysis methods for safety system requirements. Building on the CCPS (Center for Chemical Process Safety) Guidelines for Safe Automation of Chemical Processes, this paper shows how to determine if additional safeguards are needed and how to determine the needed SIL of a SIS. LOPA is a tool that can be used after the HAZOP (HAZard and OPerability Analysis), but before using fault tree analysis or quantitative risk analysis. Using a multi-disciplined team, the consequences identified in the HAZOP are listed as impact events and are classified for severity level. The initiating causes are listed for each impact event and a likelihood is estimated for each initiating cause. Independent Protection Layers (IPLs) are listed, including process design, basic process control system, alarms and procedures, safety instrumented systems, and additional mitigation. Each IPL is assigned a Probability of Failure on Demand (PFD). A mitigated event likelihood is calculated by multiplying the initiating cause likelihood by the PFDs for the applicable IPLs. The mitigated event likelihood is then compared to a criterion linked to the corporation's criteria for unacceptable risk levels. Additional IPLs can be added to reduce the risk. The mitigated event likelihoods are summed to give an estimate of the risk for the whole process. (C) 1998 Elsevier Science Ltd. All rights reserved.
