Propagation of Uncertainty in Risk Analysis and Safety Integrity Level Composition

TL;DR

This paper examines how uncertainty propagates in risk analysis and SIL composition, highlighting flaws in common methods and proposing the need for additional requirements for accurate SIL allocation.

Contribution

It analyzes the impact of input data accuracy on risk analysis results and demonstrates the infeasibility of SIL calculus without extra component requirements.

Findings

Common risk analysis methods are faulty.

SIL allocation via SIL calculus is infeasible without additional component constraints.

A justification for parameter scaling in semi-quantitative risk analysis is provided.

Abstract

In many risk analyses the results are only given as mean values and often the input data are also mean values. However the required accuracy of the result is often an interval of values e. g. for the derivation of a Safety Integrity Level (SIL). In this paper we reason what should be the accuracy of the input data of risk analyses if a particular certainty of the result is demanded. Also the backside of the coin, the SIL composition is discussed. The results show that common methods for risk analysis are faulty and that SIL allocation by a kind of SIL calculus seems infeasible without additional requirements on the composed components. A justification of a common practice for parameter scaling in well-constructed semi-quantitative risk analysis is also provided.