Abstract :
For a number of years, industry has been trying to apply the principles outlined in IEC 61508. In the process industry, this has resulted in a focus on the requirements of IEC 61511. In the field of SIL determination, IEC 61511 provides suggestions of a number of different techniques - these are shown in IEC 61511-3. These include event trees, risk graphs, safety matrices, fault trees and layer of protection analysis (LOPA). In the first few years, industry embraced the use of risk graphs as the method of choice. Over time, many companies have used this method and found that it was (a) giving higher safety integrity level targets than really needed and (b) was less flexible than other methods and so more difficult to use in many cases. This has resulted in a general move to other methods and in particular to the use of LOPA. However, there are a number of pitfalls in the use of the LOPA method that have become evident through its use. This presentation will review the application of LOPA and highlight a number of the pitfalls and misuse of LOPA that we have found to be in current practice.
